Geysera Privacy Policy

This Privacy Policy explains how Geysera LLC ("Geysera," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when individuals interact with our software-as-a-service platform Geysera, our websites, and related services (collectively, the "Services"). It applies to end users of our customers, our direct customers and their personnel, partners, service providers, prospects, and visitors to our online properties, to the extent their personal information is processed by Geysera.

Geysera is committed to complying with applicable privacy and data protection laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the U.S. Federal Trade Commission Act, CAN-SPAM, the EU and UK General Data Protection Regulation (GDPR/UK GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Brazil's Lei Geral de Proteção de Dados (LGPD), where these laws apply to our activities.

By using the Services or otherwise providing personal information to us, you acknowledge that you have read this Privacy Policy. Where required by law, we will ask for your explicit consent before collecting or using personal information for certain purposes.

The types of information we collect depend on your relationship with us (for example, whether you are an end user of a customer, a customer administrator, a partner, or a website visitor) and how you interact with the Services.

Information Related to Customer End Users

When you use a website or application that integrates with Geysera, or otherwise interact with the Services as an end user of one of our customers, we may collect:

• Identification and contact details (such as name, email address, phone number, and postal or billing address).
• Account and transactional information related to your use of our customer's services (such as products or services ordered, order history, and interaction logs).
• Device and usage data (such as IP address, browser type, operating system, time zone, referring URLs, pages viewed, interactions with embedded Geysera components, and other diagnostics data).
• Payment-related information as provided by our customers, to the extent needed to enable them to route payment details to their chosen payment gateway or processor.

Information Related to Customers, Partners, and Vendors

For our direct customers and their personnel, as well as partners and service providers, we may collect:

• Business contact information (such as name, job title, company name, business email address, phone number, postal address).
• Account registration, authentication, and profile information (such as usernames, role assignments, and access permissions).
• Billing and financial information necessary for invoicing, payment, tax, and accounting.
• Communications and support records (such as emails, in-product messages, support tickets, feedback, and meeting notes).

Information Collected Automatically

When you visit our websites or use Geysera, we automatically collect certain technical data using cookies, pixels, SDKs, and similar technologies, including:

• Log and usage data (for example, date and time of access, pages and features used, crash logs, and performance data).
• Device identifiers and network information (such as IP address, device identifiers, network provider, and approximate location based on IP).

Information from Other Sources

We may obtain information from third-party sources, such as our customers or partners, service providers, and publicly available sources. We may combine information from these sources with other information we hold.

Geysera does not knowingly collect sensitive personal information as defined under CPRA, including but not limited to:

• Social Security numbers or government identifiers
• Financial account numbers with access credentials
• Precise geolocation data (within 1,850 feet)
• Racial or ethnic origin
• Religious or philosophical beliefs
• Union membership
• Contents of private communications
• Genetic or biometric data for identification purposes
• Health information
• Sex life or sexual orientation information

If we ever need to collect sensitive personal information for a specific purpose, we will provide explicit notice and obtain your consent where required by law. You have the right to limit the use and disclosure of any sensitive personal information we collect.

We use personal information for the purposes described below, to the extent permitted by applicable law:

• Providing and operating the Services: To operate, maintain, and deliver the Geysera platform and related features.
• Customer support and communications: To respond to inquiries, provide technical support, and send service-related notices.
• Account management and billing: To set up and manage accounts, administer subscriptions, and process payments.
• Analytics and service improvement: To monitor performance, understand how users interact with the Services, and develop new features.
• Security, fraud prevention, and compliance: To protect the security and integrity of the Services and comply with legal obligations.
• Marketing and business development: To send permitted marketing communications and measure campaign effectiveness.
• De-identification and aggregation: Where allowed by law, we may de-identify or aggregate personal information for analytics and research.

Geysera does not currently engage in automated decision-making that produces legal or similarly significant effects on individuals without human involvement.

If we introduce automated decision-making with legal or significant effects in the future, we will inform you of such processing, explain the logic involved, and provide the right to request human intervention.

Where GDPR or PIPEDA applies, Geysera relies on one or more of the following legal bases:

• Performance of a contract: Processing necessary to perform our contract with you or our customer.
• Legitimate interests: Processing for legitimate business interests not overridden by your rights.
• Consent: Where processing relies on your consent for specific purposes.
• Legal obligations: Processing necessary to comply with applicable laws.

Geysera retains personal information only for as long as necessary to fulfil the purposes for which it was collected.

Geysera does not sell personal information in the traditional sense of exchanging it for monetary consideration.

We may disclose personal information to:

• Service providers and processors: Third parties that provide services to us (hosting, payment processing, analytics, etc.).
• Customers and their authorized users: When we process data on behalf of a customer.
• Partners and integrations: Where you choose to connect Geysera with other products or services.
• Corporate transactions: In connection with mergers, acquisitions, or similar corporate events.
• Legal, regulatory, and safety purposes: When required by law or to protect rights and safety.

Geysera uses cookies, web beacons, pixels, SDKs, and similar technologies to operate and improve the Services.

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals. If your browser transmits a GPC signal, we will treat this as a valid opt-out request for the sale or sharing of personal information under CCPA/CPRA.

Geysera is based in the United States, and personal information may be stored and processed in the United States and other countries. Where required by law for transfers from the EEA, UK, Switzerland, or Canada, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA).

Your rights regarding personal information depend on your location and applicable laws.

Rights Under GDPR (EEA, UK, Switzerland)

• Access: Request confirmation and a copy of your personal information.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion in certain circumstances.
• Restriction: Request restriction of processing in specific situations.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent at any time where processing relies on consent.

Rights Under CCPA/CPRA (California Residents)

• Right to Know: Request disclosure of personal information collected.
• Right to Delete: Request deletion of personal information.
• Right to Correct: Request correction of inaccurate information.
• Right to Opt Out: Direct us not to sell or share personal information.
• Right to Limit Sensitive PI: Limit use of sensitive personal information.
• Right to Non-Discrimination: Be free from discrimination for exercising rights.

Exercising Your Rights

You may exercise your rights by contacting us at:

• Email: support@geysera.com
• Mail: Geysera LLC, 701 5th Avenue, Suite 4200, Seattle, WA 98104, United States

Geysera uses technical, organizational, and physical safeguards to protect personal information:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Secure authentication including multi-factor authentication
• Network security including firewalls and intrusion detection
• Regular security testing and vulnerability assessments
• Access controls limiting data access to authorized personnel
• Employee background checks and confidentiality agreements
• Incident response procedures

The Services are not directed to children under the age where parental consent is required under applicable law (such as 13 in the United States, 16 in certain EU member states). Geysera does not knowingly collect personal information from such children without appropriate consent.

If you believe we have collected personal information from a child, please contact us at support@geysera.com.

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Effective Date" and "Last Updated" date and provide additional notice where required by law.

Your continued use of the Services after an updated Privacy Policy has been posted will constitute acceptance of the changes, to the extent permitted by applicable law.

If you have questions about this Privacy Policy or would like to exercise your rights, contact us at:

Depending on your location, you may also have the right to lodge a complaint with your local data protection authority.