Privacy Policy

Tyles GmbH (Gems)

TLDR

  1. Gems is not selling your data or using it for ads.
  2. We prioritise storing minimal private data while still ensuring a useful service.
  3. The data we store is subject to a high standard of data privacy. For example, your information is stored in a separate AWS container, it is stored SOC2 Type II compliant, and it’s encrypted via the database service we use.
  4. Using OpenAI's API, we share relevant text snippets from your data connectors with OpenAI in order to generate relevant responses to your queries. By using the API, OpenAI doesn't use any data to train their Large Language Models, and all interactions are encrypted.

Scope

Gems (“Gems,” “we,” “us,” and “our”) provides an online tool for discovering work apps. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use and share your personal information and to assist you in exercising the privacy rights available to you.

This Privacy Policy covers the personal information we collect about you when you use our products or services, or otherwise interact with us, including on our website www.gems.so web, Windows or Mac application (“Apps”), and our related online and offline offerings (collectively, the “Services”). This policy also explains your choices surrounding how we use your personal information, which include how you can object to certain uses of the information and how you can access and update certain information.

Personal Information We Collect

We collect personal information when you provide it to us, when you use our Services, as further described below.

A) Information You Provide To Us

Account Creation

When you create an account or otherwise use the Services, we collect information such as your name, email address, and an optional profile photo.

Your Communications with Us

We collect personal information from you such as email address, or mailing address when you request information about our Services, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.

Surveys

We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.

Interactive Features

We may offer interactive features such as chat and messaging services, and social media pages. We and others who use our Services may collect the information you submit or make available through these interactive features. Any content you provide via the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the personal information provided by you may be viewed and used by third parties for their own purposes.

Careers

‍If you decide that you wish to apply for a job with us, you may submit your contact information and resume online. We will collect the information you choose to provide on your resume, such as your education and employment experience. You may also apply through LinkedIn. If you do so, we will collect the information you make available to us on LinkedIn or any external job posting in which you found us.

Payment Information

If you make a purchase through our Services, your payment-related information, such as credit card or other financial information, is collected by our third-party payment processor on our behalf.

Information Generated by OpenAI

As part of Gems’ integration with OpenAI, we may also collect the outputs generated by OpenAI, such as the summaries we generate from the data you provide to us through integrations with work tools, such as Notion, and any other data generated by the OpenAI integration.

B) Information Collected Automatically

Usage Data

We collect and log Internet or other electronic network information on how you and others access and use Gems. Usage data may be collected through cookies, and similar technologies. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilise the features of the Service to their fullest potential.

Location Information

When you use our Website, we infer your general location information, for example, by using your internet protocol (IP) address.

‍Device Information

We receive information about the device and software you use to access our Website, including IP address, web browser type, operating system version, manufacturer, application installations, and device identifiers.

Analytics

We may also use third-party service providers to collect and process analytics and other information on our Services. These providers are bound by their Privacy Policies to safeguard that information. These services and integrations may include Google Analytics, Segment and Mixpanel.

C) Information Collected When You Use Our App

Information From Integrations

In order to be able to deliver generative answers in response to your queries using the content you provide us, we need to store that content somewhere so that it can be considered whenever you perform a search in Gems. Gems provides the functionality to connect a range of data sources, such as the data in a Notion account. This data is stored in a third-party vector database. At any point in time, it is our highest priority to make sure that this data is stored in the most secure manner possible. 

The database provider we are using at the moment runs on fully managed and secure AWS (Amazon Web Services) infrastructure as a multi-tenant Kubernetes cluster and offers the following data safeguards:

  • Customer data is stored in isolated containers.
  • Customer data is encrypted at rest and in transit.
  • Customer data is never used for any reason other than servicing API calls.
  • The third-party provider only monitors operational metrics to support the operational health and performance of the system.
  • Strict role based access control (RBAC) for service engineers.
  • SOC2 Type II certification:. The certification is based on the COSO framework and has been audited by an external Big4 CPA firm (EY). The scope of the program includes Information Security, Availability, and Confidentiality.

Log And Usage Data

Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, and settings and information about your activity in the App (such as the date/time stamps associated with your usage and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).

Device Data

We collect device data such as information about your computer you use to access the App. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Information Provided by Users Using Gems

When you use type in a search query, we may collect information you input into the application, such as questions, comments, keywords, and other text-based messages.

Information Generated by OpenAI and Gems

Our service integrates OpenAI’s ChatGPT, allowing for the extraction of key information from the content you provide through the integrations you choose to set up to produce relevant and personalised outputs in response to your inputs and questions. 

As part of Gems’ integration with OpenAI/ ChatGPT, we may also collect the outputs generated by ChatGPT in response to information and queries you input into the application.  This information includes the answers you get from Gems.

How We Use The Information We Collect

We use your personal information for a variety of business purposes, including to:

Provide the Services or Requested Information, such as:

  • Fulfilling our contract with you;
  • Identifying and communicating with you, including providing newsletters;
  • Managing your information;
  • Processing your payments and otherwise servicing your purchase orders;
  • Responding to questions, comments, and other requests;
  • Providing access to certain areas, functionalities, and features of our Services; and
  • Answering requests for customer or technical support.

Serve Administrative Purposes, such as:

  • Pursuing legitimate interests, such as research and development, network and information security, and fraud prevention;
  • Measuring interest and engagement in our Services, including analysing your usage of the Services;
  • Developing new services and improving the Services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Carrying out audits;
  • Communicating with you about your account and activities on our Services;
  • Preventing and prosecuting potentially prohibited or illegal activities;
  • Enforcing our agreements; and
  • Complying with our legal obligations.

De-identified and Aggregated Information Use: 

We may use personal information and other data about you to create de-identified and/or aggregated information. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including internal analysis, and analytics.

How We Use Automatic Collection Technologies: 

Our uses of Technologies fall into the following general categories:

  • Operationally Necessary;
  • Performance Related; and
  • Functionality Related.

Disclosing Your Information to Third Parties

We may share your personal information with the following categories of third parties:

Service Providers

We may share any personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested.

We may share your personal information with other third parties, including other users, in the following circumstances:

Share Content with Friends Or Colleagues

Our Services may allow you to provide information about your friends, and may allow you to forward or share certain content with a friend or colleague, such as an invitation email.

Complying With Law

Gems also use information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.

Other

Gems’ use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

International Data Transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, Germany, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavour to safeguard your information consistent with the requirements of applicable laws.

Your Choices

Email Communications

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested.

Cookies

You may turn off cookies.

Which Integrations To Connect

Any User of the App can decide which applications or data sources they want to connect. Gems can only access the data Users provide via these integrations. If you choose not to provide us with the information we collect, such as to integrate with no data source, some features of our Services may not work as intended.

Your Privacy Rights

You have the right to:

  • Request Correction of your personal information where it is inaccurate or incomplete.
  • Request Deletion of your personal information.

If you would like to exercise any of these rights, please contact us at bjorn@gems.so. We will process such requests.

‍Your European Privacy Rights

If you are located in the EEA or the UK, you have additional rights described below. 

You may request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company.  In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.

You may withdraw any consent you previously provided to us regarding the processing of your personal information at any time and free of charge.  We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.

You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy.  Before fulfilling your request, we may ask you to provide reasonable information to verify your identity.  Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain personal information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

California Residents Have Specific Privacy Rights

If you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with a Service, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

Data Retention

We take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.  When we process personal information for our own purposes, we determine the retention period taking into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on our Services we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.

Security of your Information

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorised disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.‍

Third-Party Websites/Applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

Children's Information

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us at bjorn@gems.so. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.

Changes to Our Privacy Policy

Although significant changes are rare, this policy may be amended as new features, technology, or legal requirements arise, so please check back from time to time. By using the Service, you acknowledge, accept and agree with all provisions of the Privacy Policy.

Contact Information

If you have any questions about our privacy practices or this Privacy Policy, please contact us at bjorn@gems.so.‍

Imprint

Information according to § 5 TMG

Tyles GmbH
Bessemerstraße 82, 10. OG Süd
12103, Berlin-Tempelhof
Germany

Represented by: Felix Schaper and Cain Rothe

Contact

E-Mail: bjorn@gems.so

Register entry

Entry in the register court: Charlottenburg
Registration number: HRB 228757

Copyright

All texts and photos used on this website - as far as they do not come from license-free third parties - are protected by copyright. Downloading, copying, editing, distribution and any kind of exploitation requires our written consent. If you are interested in using one or the other image, please do not hesitate to contact us.