Privacy Policy

Gesyt.ai ("Gesyt", "we", "us", or "our") provides an AI-verified operational excellence platform delivered primarily over WhatsApp. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data when you use our website, WhatsApp bot, dashboards, and related services (collectively, the "Services").

a. Information you provide

• Account and contact details (name, email, phone number, company, store location).
• Checklist submissions, photos, videos, and notes captured by frontline staff.
• Communications you send us via email, WhatsApp, or our website.

b. Information collected automatically

• Device and browser information, IP address, and usage logs.
• WhatsApp Live Location coordinates used for geofence verification.
• Timestamps of submissions and AI verification results.

• Operate and improve the Services, including AI verification of SOPs.
• Generate compliance reports, heatmaps, and gamified incentive scores.
• Authenticate users and prevent fraud or unauthorized access.
• Communicate with you about updates, support, and product news.
• Comply with legal obligations and enforce our terms.

Where applicable, we process personal data based on (i) your consent, (ii) the performance of a contract with your employer or organization, (iii) our legitimate interests in operating and securing the Services, or (iv) compliance with legal obligations under Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP) and other applicable laws.

We share information only as follows:

• With your employer or organization that subscribes to Gesyt on your behalf.
• With service providers who help us run the platform (cloud hosting, AI inference, WhatsApp Business API, analytics).
• When required by law, regulation, court order, or to protect rights and safety.
• In connection with a merger, acquisition, or sale of assets, with appropriate safeguards.

We do not sell your personal data.

We retain operational data (submissions, photos, verification logs) for as long as your organization remains an active customer and as required to provide the Services. You may request deletion of your personal data at any time, subject to legal and contractual retention requirements.

We implement industry-standard administrative, technical, and physical safeguards — including encryption in transit, access controls, and audit logging — to protect your information. No system is 100% secure; if we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or export your personal data, and to object to certain processing. To exercise any of these rights, contact us at hi@gesyt.com.

Your information may be processed in countries other than your own. Where required, we put in place appropriate safeguards for such transfers in accordance with applicable data protection laws.

The Services are not directed to individuals under 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or via email. The "Last updated" date above indicates when this policy was last revised.

For any questions about this Privacy Policy or our data practices, contact us at hi@gesyt.com.