GeyedGeyed
FeaturesDemoPricingDocsChangelog
Sign inGet Started

Legal

Privacy Policy

Effective 2026-04-16

Privacy Policy

Who we are

Geyed is operated by Helitz Digital Ltd. This policy covers the Geyed marketing site (geyed.io), the Geyed application (app.geyed.io), and the Geyed SDK.

For account and billing data, Helitz Digital Ltd is the data controller. For end-user data collected via the Geyed SDK, Helitz Digital Ltd acts as a data processor on behalf of our customers (who are the data controllers).

Information we collect

From customers (account holders)

  • Account data: name, email address, and company name provided at registration
  • Billing data: payment method and billing address, processed by Stripe. We do not store full card numbers.
  • Usage data: how you interact with the Geyed dashboard, including pages visited and features used
  • Support data: communications when you contact us via email or in-app support

From the marketing site (geyed.io)

  • Analytics data: collected via Google Analytics. See the Cookies section below.

From end-users (via the Geyed SDK, on behalf of customers)

The Geyed SDK collects the following data when end-users interact with product tours:

  • SessionId: a session identifier passed by the SDK (not an IP address)
  • UserId: an optional identifier set by the customer's application
  • TourId, VersionId, StepIndex: which tour and step the event relates to
  • EventType: the type of interaction (e.g. tour_started, step_viewed, completed, dismissed)
  • Metadata: free-form JSON, with contents determined by the customer
  • OccurredAtUtc: a timestamp of when the event occurred

The Geyed SDK does not collect IP addresses, browser or user-agent strings, cookies, or personally identifiable information unless the customer explicitly passes such data via the UserId or Metadata fields. Customers are responsible for ensuring they have an appropriate legal basis for any personal data they pass through the SDK.

How we use information

We use the information we collect to:

  • Provide, maintain, and improve the Geyed service
  • Process payments and billing
  • Provide customer support
  • Analyse usage patterns and product performance
  • Detect and prevent security threats, fraud, and abuse
  • Comply with legal obligations

Legal basis for processing (GDPR)

  • Contract: processing necessary to provide the service you signed up for
  • Legitimate interest: analytics, security monitoring, and product improvement
  • Legal obligation: tax records and legal compliance
  • Consent: marketing cookies on the Geyed website (Google Analytics)

Data sharing

We do not sell personal data. We may share data with the following categories of third parties:

  • Stripe: to process payments and manage subscriptions
  • Google Analytics: to analyse traffic on the marketing site
  • Infrastructure and hosting providers: to operate and maintain the service
  • Legal and regulatory authorities: where required by law, regulation, or legal process, or to protect the rights, property, or safety of Helitz Digital Ltd, our customers, or others

All third-party service providers are bound by appropriate data processing agreements.

Cookies

  • Marketing site (geyed.io): uses Google Analytics cookies. Consent is obtained via a cookie banner.
  • Application (app.geyed.io): uses functional and session cookies only. No third-party tracking cookies.
  • Geyed SDK: does not use cookies.

Data retention

  • Account data: retained while your account is active. Deleted on request after account closure.
  • Billing data: retained as required for tax and legal obligations, typically 6 to 7 years under UK law.
  • SDK and end-user data: retained while the customer's account is active. Deleted within 30 days of account closure, or on request.
  • Google Analytics data: retained according to Google Analytics retention settings.

Your rights

Under UK GDPR and EU GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Receive your data in a portable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time, where consent is the legal basis for processing

For end-users of the Geyed SDK

If you are an end-user who has interacted with a product tour powered by Geyed, please contact the company that embedded the tour (the data controller). We will assist our customers in fulfilling data subject requests.

Under CCPA (California residents)

  • We do not sell personal information
  • You have the right to know what personal data is collected and how it is used
  • You have the right to request deletion of your personal data

Exercising your rights

To exercise any of these rights, contact us at privacy@geyed.io. We will respond within 30 days.

International data transfers

Your data may be transferred to and processed in countries outside your country of residence. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your data.

Security

We protect your data with encryption in transit (TLS) and at rest, along with access controls, monitoring, and logging. While we take reasonable measures to secure your data, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

Children

Geyed is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated at least 30 days in advance via email or a notice on our website. The effective date at the top of this page indicates the latest revision.

Contact