Privacy Policy
Welcome to the Geos Privacy Policy!
This Privacy Policy explains how we collect, use, and safeguard personal data, and outlines the rights of our visitors, customers, and merchants regarding their data.
By using our website or any of our apps and services, you agree to the terms described in this Privacy Policy and any other terms and policies on our website. If you disagree with this Privacy Policy, please exit the site and stop using our services.
We may periodically update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. Significant changes will be communicated by posting the updated policy on our website and, if applicable, through other means. Continuing to use our website or services following any updates indicates your acceptance of the revised terms.
Data collected from Merchants
Upon installing our apps, we may access certain information from your Shopify account. This data helps us provide our services, such as verifying your identity, contacting you, offering support, and delivering marketing content.
Data collected from Merchant’s Customers
To deliver our services and support effectively, enhance your ability to serve your customers, and improve our services, Geos collects certain customer data stored in your Shopify Admin, such as first name, last name, and email.
Data collected when visiting our Website
When you visit our website, we gather information about your device, including your web browser, IP address, time zone, and cookies. We use the following technologies to collect this information:
- Cookies: Data files placed on your device that often contain an anonymous unique identifier. For more information on cookies and how to disable them, visit allaboutcookies.org.
- Log Files: Record actions on the site, including your IP address, browser type, ISP, referring/exit pages, and timestamps.
- Web Beacons, Tags, and Pixels: Electronic files that track your browsing activity.
Information Sharing
We share your Personal Information with the following third parties to support our business and customer services:
- Google Analytics: Helps us understand website and app usage. Learn more about Google’s privacy policy. Opt out at tools.google.com/dlpage/gaoptout.
- CustomerIO: Used for email marketing and maintaining customer lists. Learn more about CustomerIO privacy policy.
- Freshdesk: Used for communication and customer support. Read more about Freshdesk privacy policy.
We may also share your data to comply with legal requirements, respond to lawful requests, or protect our rights. We may use your data for targeted advertising, with options to opt out at facebook.com/settings/?tab=ads and google.com/settings/ads/anonymous. If our business is acquired, your data may be shared with the new owners, and we will notify you on our home page.
International Data Transfers
Geos processes and stores personal data on servers located in the United States. If you are outside the U.S., your data may be transferred to the U.S. By using our services, you consent to this transfer.
Children’s Use of Geos
Geos is not intended for children under 18. If you are under 18, you may only use our services with parental or guardian supervision.
Your Data Rights
Geos acknowledges your rights regarding your personal data and makes reasonable efforts to allow you to access, correct, amend, delete, or limit its use. Merchants can exercise these rights by contacting us at [email protected]. We may require identity verification before granting access to your data.
If you are a merchant’s customer, please contact the merchants directly to exercise these rights, as we process data on their behalf.
Data Retention
For questions about your data or this Privacy Policy, or to file a complaint, reach out to us at [email protected]. Data will be deleted within 48 hours of app uninstallation. For immediate data removal requests, contact us at [email protected]. Verification of identity may be require
Security Incident Response Policy
This policy outlines our approach to detecting, reporting, assessing, and responding to security incidents to minimize their impact on the businesses’ operations, reputation, and assets.
Incident Severity Levels
- Level 1 (Low): Incidents with minor impact that can be resolved quickly without causing significant harm.
- Level 2 (Moderate): Incidents with a noticeable impact that require immediate attention to prevent further damage.
- Level 3 (High): Incidents with severe impact on operations that demand urgent action to contain and resolve.
Roles and Responsibilities
- Incident Response Team (IRT): A team responsible for handling security incidents, made up of IT staff, security experts, and other key stakeholders.
- Incident Coordinator: The individual managing the incident response, coordinating with the IRT and stakeholders, evaluating the incident’s impact, and ensuring a proper response.
- IT/Security Staff: Tasked with detecting, investigating, and addressing security incidents.
Escalation paths
- Incident Reporting: All incidents must be promptly reported to the Incident Response Team (IRT) as soon as they are discovered. Reporting can be done via a dedicated system, email, or phone. The report should include a description of the incident, its impact on the organization, and any supporting evidence.
- Initial Assessment: The IRT will perform an initial evaluation to assess the severity and impact of the incident. Depending on the findings, the IRT may escalate the situation to a higher level for further action.
- Level 1 Escalation: For minor incidents, the IRT may address the issue without further escalation. This may involve temporary fixes, applying security updates, or adjusting security policies.
- Level 2 Escalation: For moderate incidents, the IRT will escalate the matter to the Incident Coordinator. The Coordinator will determine the appropriate response, which may include bringing in additional resources or experts. Communication with management and other relevant parties will be maintained to ensure they are informed of the incident and any actions taken.
- Level 3 Escalation: For severe incidents, the IRT will escalate to senior management or executive leadership. This may trigger the organization’s emergency response plan or involve external experts for assistance. The Incident Coordinator will continue to manage the response, but with added oversight from senior leadership.
Evidence Collection
Once an incident is detected or reported, all relevant systems, devices, and logs will be preserved to prevent further data alteration or deletion. This process involves gathering and safeguarding electronic data, such as system logs, network traffic, and application data.
Required Actions:
- Incident Detection: All employees are trained to promptly recognize and report any security-related incidents. This includes suspicious behavior, unauthorized access, data breaches, malware, and other potential threats.
- Incident Classification: The IRT will perform an initial assessment to gauge the severity and impact of the incident. Based on a predefined severity scale, the incident will be classified to determine the proper level of response.
- Incident Containment: The IRT will swiftly take measures to contain the incident and prevent further damage or data loss. This may involve isolating impacted systems, cutting off network access, or disabling affected services.
- Incident Investigation: The IRT will analyze the incident to understand its root cause and identify any signs of compromise. This investigation will include reviewing system logs, network traffic, and other related data.
- Incident Response Plan: The IRT will develop an action plan tailored to the severity and effects of the incident. This plan will detail communication strategies, coordination efforts, and collaborative actions required by the IRT and relevant stakeholders.
- Incident Recovery: Efforts will focus on restoring operations to normal while ensuring the safety and integrity of systems and data. Recovery tasks may include restoring backups, applying security patches, or rebuilding systems if necessary.
- Post-Incident Review: After the resolution, the IRT will conduct a review to identify lessons learned and areas for improvement. This feedback will help update the organization’s incident response strategies, strengthening future preparedness.
Contact Information
If you have any further questions regarding your data or this Privacy Policy, please email us at [email protected].
Last updated: 01 Sep 2024