Back to Legal

Privacy Policy

Last Updated: January 2026 | Version: 1.0

Overview

GEIST ("we", "us", or "our") operates the GEIST Platform, which includes TalentGeist, PayGeist, EORGeist, LearnGeist, and other enterprise AI applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Key Privacy Principles

  • User data privacy is paramount
  • Strong encryption for data at rest and in transit
  • We never sell your data
  • Minimal data collection (only what's needed)
  • GDPR, CCPA, and HIPAA compliant (where applicable)

Data We Collect

Account Data

  • Email address (required for authentication)
  • Password (hashed with Argon2, never stored in plain text)
  • Display name and avatar (optional)
  • Account creation and last login timestamps

Application Data

Depending on which GEIST applications you use:

  • TalentGeist: Employee profiles, performance reviews, goals, feedback
  • PayGeist: Compensation data, pay equity analysis, compliance reports
  • EORGeist: Employee records, contracts, payroll data
  • LearnGeist: Learning progress, certifications, course completions

Usage Data

  • Feature usage statistics (anonymized)
  • Error logs and crash reports (no personally identifiable information)
  • Performance metrics (anonymized)

How We Use Your Data

We DO

  • ✓ Provide application features
  • ✓ Generate AI-powered insights
  • ✓ Enable semantic search
  • ✓ Send notifications (if enabled)
  • ✓ Improve products (anonymized analytics)

We DON'T

  • ✗ Sell your data to third parties
  • ✗ Share data without consent
  • ✗ Use data for advertising
  • ✗ Train public AI on your data
  • ✗ Share data across apps without permission

AI and Third-Party Services

AI Processing

We use AI services for embeddings and language model inference. Important privacy notes:

  • Paid Tier: Your data is NOT used to train AI models
  • Zero human review of your content
  • Data not stored after processing
  • All data encrypted in transit (TLS 1.3)

Infrastructure Providers

  • Hetzner: EU-based hosting with GDPR compliance and DPA in place
  • Backblaze B2: Encrypted backup storage
  • Sentry: Error monitoring (no personal data)

Data Storage and Security

Encryption

  • At Rest: AES-256 encryption for all databases and file storage
  • In Transit: TLS 1.3 for all API communication
  • Backups: Encrypted daily backups with 90-day retention

Data Location

Your data is stored in EU data centers (Hetzner Germany) unless otherwise specified. Data processing occurs within the EU except for AI inference where EU regions are used.

Your Rights

Under GDPR, CCPA, and other privacy regulations, you have the right to:

Access

View and export all your data in JSON format

Deletion

Delete your account and all associated data

Rectification

Update or correct your personal information

Portability

Receive your data in a machine-readable format

To exercise your rights, contact us at privacy@geisthq.com or use the self-service options in your account settings.

Contact Us

Privacy Questions

privacy@geisthq.com

Data Protection Officer

dpo@geisthq.com

Security Concerns

security@geisthq.com

Legal Address

5 Clarinda Park North
Dun Laoghaire, Dublin
Ireland, A96 W6N1