Privacy Policy

Geswork

This Privacy Policy describes how GESWORK SAS (“Geswork”, “we”, “our”, or “us”), French simplified joint-stock company (RCS Pontoise 825 339 872), processes personal data when you use www.geswork.fr (the “Site”) and the Geswork SaaS application and related services (the “Services”).

For privacy requests: protection-donnees@gsme.fr.

1. Data we collect

Depending on how you use the Services, we may process:

  • Account and profile: name, email, professional information, authentication data, activity timestamps (e.g. last login).
  • Billing: billing address and payment-related data processed by our payment provider (we do not store full card numbers).
  • Technical: IP address, logs, and similar data needed for security and operations.
  • Content you enter in Geswork: data you create in the application (e.g. missions, documents, CRM context), including communications metadata stored in the product.
  • Connected mailbox (optional): if you connect Google Gmail or Microsoft Outlook, we use provider APIs as described in section 7.

2. Purposes and legal bases (GDPR)

We process personal data to:

  • Perform the contract — provide, secure, and improve the Services; customer support.
  • Legitimate interests — where applicable, securing the platform, limited analytics, and understanding product usage, balanced against your rights.
  • Legal obligation — accounting, tax, and similar retention where required.
  • Consent — where required (e.g. non-essential cookies or marketing communications), which you may withdraw.

3. Cookies and similar technologies

We use cookies and similar technologies for essential functionality (e.g. session, security), and where applicable for analytics and advertising. You can control non-essential cookies through your browser settings and any consent tools we provide on the Site or application.

4. Recipients and hosting

We use carefully selected processors. Non-exhaustive list:

  • Hosting / infrastructure: Amazon Web Services — customer data is hosted in France (as stated in our terms).
  • Payments: Stripe.
  • Analytics: Google Analytics (where enabled).
  • Email delivery and connectivity: Google (Gmail API, OAuth) and Microsoft (Outlook / Microsoft identity platform) when you connect those accounts.
  • Other providers supporting email delivery, support tools, or marketing, as needed for the Services.

We do not sell your personal data.

5. International transfers

Some providers (e.g. Google, Microsoft, Stripe) may process data outside the European Economic Area. Where required, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses and provider compliance programmes.

6. Retention

We retain personal data only as long as necessary for the purposes above. Active subscription and legitimate business data are kept while your organisation uses the Services. We apply an inactivity and contract-based lifecycle (including warnings before deletion) for accounts that are no longer active, consistent with our RGPD processes. Some records (e.g. invoicing) may be retained longer where the law requires. OAuth tokens for connected mailboxes are removed when you disconnect the account or delete relevant account data.

7. Google Gmail and Microsoft Outlook (mailbox connection)

If you connect a mailbox, access is voluntary and limited to what the Services need.

Google Gmail: we request the Gmail API scopes send and read-only (gmail.send and gmail.readonly) so you can send email from Geswork, use the integrated mail reader, and—when you enable it—synchronize inbound replies for threaded conversations with your contacts in Geswork. We do not use Gmail data for advertising. We do not sell Gmail data. We do not use Gmail content to train generalized artificial intelligence models for unrelated products. Human access to mailbox content is limited to providing and securing the Services (e.g. support at your request, abuse prevention, legal compliance).

Microsoft Outlook: we request Mail.Send and Mail.Read (with refresh tokens for ongoing access) for the same categories of features as above, subject to your consent in Microsoft’s authorization flow.

You can revoke access anytime in your Google or Microsoft account settings and/or by disconnecting the mailbox in Geswork; some features will stop working.

8. Your rights

Under the GDPR, you may request access, rectification, erasure, restriction, portability (where applicable), and objection, subject to legal limits. Contact protection-donnees@gsme.fr. You may also lodge a complaint with a supervisory authority (in France, the CNIL).

9. Contact

Questions about this policy: protection-donnees@gsme.fr.

Last updated: May 19, 2026