Politique de confidentialité - Utilisateur final
Dernière mise à jour : Décembre 2025
This privacy policy is intended to complement the rules of your organization (the "Company Subscriber"), which is our Customer, regarding the use of personal data when using GOODWEEK. Depending on the configuration of the GOODWEEK solution by your organization, specific settings and restrictions may apply to how personal data is processed and shared.
Important Notice for Users:
As a user of the GOODWEEK platform, it is your responsibility to ensure that you comply with your organization's policies and applicable laws when using the platform to process personal data. Please pay close attention to the way you handle personal data, including data you upload, share, or collaborate on. Misuse of personal data may result in disciplinary action by your organization or legal consequences. If you have any questions about your organization's policies or how to use the platform responsibly, please contact your organization's administrator or privacy officer.
About Us
Getpulse Inc., headquartered at 2447 Pacific Coast Highway, Hermosa Beach, CA 90245 USA, (“GOODWEEK”) develops and provides a secure AI platform as a service (AIaaS) that empowers businesses to build custom artificial intelligence solutions tailored to their specific needs and seamlessly integrate them with their existing data infrastructure. The platform enables organizations to deploy and distribute these AI-powered tools across their teams, ensuring secure access while maintaining data privacy and control. It's designed to help enterprises harness the power of artificial intelligence to automate processes, enhance decision-making, and drive operational efficiency at scale.
1. Scope of This Policy
This policy applies when you use our platform. It covers personal data we process your data within the scope of the Agreement we entered with the Company Subscriber.
GOODWEEK as a Data Controller
We act as the data controller for the personal data we collect for our own purposes, such as managing user accounts, providing customer support, and conducting marketing activities.
GOODWEEK as a Data Processor
When you use our platform to process personal data (e.g., uploading files, sharing content, or collaborating with others), GOODWEEK acts as a data processor on behalf of our Customers. In this capacity, we process personal data in accordance with the instructions of our Customers and the terms of our Data Processing Agreement (DPA) which is part of the Agreement that GOODWEEK and Company Subscriber entered into (the “Agreement”). This DPA ensures that we act strictly within the authorized framework defined by the data controller, which is the Company Subscriber as regards your data.
As a user of a Company Subscriber, we process your personal data in the capacity of a data processor or service provider when providing our services to our Customer that is a company subscriber (i.e., the entity that invited you to use the service, for example, your employer or your organization). In relation to such processing, the Company Subscriber is the data controller or business and is responsible for providing information to you about its processing of personal data and addressing your rights as a data subject. We will endeavor to provide assistance to our customers to address any concerns you may have in accordance with the terms of our agreement with such Customer. Additionally, for any deidentified data that we collect from you on behalf of our Customer or receive directly from a Customer in our role as a data processor or service provider, we commit to processing that deidentified data only in a deidentified fashion and will not attempt to re-identify personal data.
2. What Personal Data Do We Collect
We collect and process the following categories of personal data:
Identification Data
Source: When you create an account or use the platform.
Purpose of Processing: Providing the services, communication.Professional Data
Source: When you create an account or use the platform.
Purpose of Processing: Marketing, lead qualification, event organization.Behavioral Data
Source: Via cookies when using the platform.
Purpose of Processing: Improving the services, internal analytics.Technical Data
Source: Via cookies when using the platform.
Purpose of Processing: Improving the services, internal analytics.Payment Data
Source: When purchasing our services.
Purpose of Processing: Managing payments, contracts, and transactions.Content Data
Source: When interacting with the platform (e.g., files, messages).
Purpose of Processing: Providing the services, improving services.Usage Data
Source: Automatically collected during your use of the platform.
Purpose of Processing: Monitoring platform performance and services, troubleshooting, and personalizing your experience.
3. How Do We Use Your Personal Data?
As a Data Controller
We process your personal data for the following purposes:
To create and manage your account.
To ensure the security and performance of the platform.
To send you updates, newsletters, and promotional materials (with your consent, where required).
To invite you to events, webinars, or other activities.
To analyze how you use the platform and improve its functionality.
To ensure the security and performance of the platform.
To comply with laws and regulations.
As a Data Processor
When acting as a processor, we process personal data on behalf of our Customers for the following purposes:
To enable users to use GOODWEEK services and platform.
To provide access to the platform and its features.
To upload, share, and collaborate on content.
To provide advanced analytics and reporting features.
To assist you with technical issues or questions about the platform.
4. Legal Bases for Processing Your Personal Data
We process your personal data based on the following legal bases:
4.1. Consent
When you provide explicit consent for specific purposes, such as receiving marketing communications, participating in surveys, or allowing us to use cookies for analytics and personalization.
Example: Sending you newsletters or promotional emails after you opt-in.
4.2. Performance of a Contract
When processing is necessary to perform a contract to which the Company Subscriber (e.g., your employer or organization) is a party, i.e. the Agreement. This includes providing access to the GOODWEEK platform, managing your account, or processing payments as part of our agreement with your organization.
Example: Creating and managing your user account to provide you with access to the platform as part of your organization's subscription.
4.3. Legitimate Interests
When processing is necessary for our legitimate interests or those of a third party, provided that these interests are not overridden by your rights and freedoms.
Examples:
Improving the security and performance of the platform.
Conducting internal analytics to enhance our services.
Preventing fraud or misuse of the platform.
Marketing our services to you, if you are a customer or have shown interest in our products.
4.4. Compliance with Legal Obligations
When processing is necessary to comply with a legal obligation to which we are subject, such as responding to lawful requests from authorities or complying with data retention laws.
Example: Providing data to law enforcement agencies in response to a valid legal request.
4.5. Sharing Your Personal Data
We share your personal data with:
The Company Subscriber: If you are a user of a Company Subscriber, we share your personal data with the respective Company Subscriber under the terms of the Agreement. This includes data related to your usage of the platform, such as activity logs, content you upload or share, and any other information necessary for the Company Subscriber to manage its users and comply with its own policies.
- Our authorized service providers (under data processing agreements).
- Our affiliates and subsidiaries
- Potential third parties involved in business transactions (e.g., mergers, acquisitions).
- Legal authorities, if required and if mandatory.
5. We do not sell your personal data.
6. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA), including to the United States. We ensure an adequate level of protection through standard contractual clauses or other approved mechanisms.
7. Security of Data
We use physical, procedural, and electronic security measures to protect your personal data. This includes the following measures:
Measures of Pseudonymization and Encryption of Personal Data
- All APIs and web interfaces use HTTPS (TLS).
- External HTTP communications use TLS 1.2+.
- All databases encrypted at rest (aes-xts-plain64, 256-bit, SHA-256).
- Each DB instance has its own cryptographic key stored securely.
Measures for Ensuring Ongoing Confidentiality, Integrity, Availability, and Resilience
- 2FA enforced where possible.
- Multi-layer network security and encrypted SSH tunnels.
- Stateful firewall with restricted inbound/outbound traffic.
- Network segmentation between wireless, dev, staging, production.
Measures for Ensuring Restore Ability After Incident
- Security and continuity policies (IS, IR, BCDR).
- Annual tabletop exercises.- Annual backup integrity tests.
- Encrypted backups.
Processes for Testing and Evaluating Measures
- Annual penetration tests.
- Annual employee security training.
- Acknowledgement of policies by all employees.
- Annual internal policy review.
- Annual risk assessment.
- Annual tests of IR and BCDR plans.
Measures for User Identification and Authorization
- 2FA enabled where possible.
- Super admin identification and access review twice a year.
- Biannual user access reviews.
- Role-based and least-privilege access.
Measures for Protection During Transmission
- External HTTP communications protected by TLS 1.2+.
Measures for Protection During Storage
- Firewalls in place.
- Antivirus installed by default on devices.
Measures for Physical Security
- Controlled entrance (keys/badges).
- Only authorized staff manage badges/keys.
- Access reviews twice a year.
- Visitor log for secure areas.
Measures for Events Logging
- API calls and user actions logged and retained for 1 year.
Measures for System Configuration
- Documentation of standard configurations.
- Procedures ensuring consistent system configurations.
Internal IT & Security Governance
- CEO oversees security posture.- Head of Engineering leads technical policies.
- IT team implements and monitors controls.
Measures for Certification / Assurance
- Annual risk assessment.
- Annual internal policy review.
- SOC 2 Type 1 in progress.
Measures for Data Minimization
- GDPR-aligned processing.
- Privacy-by-default approach.
Measures for Data Quality
- Automated tests to ensure data consistency.
- Encrypted backups.
Measures for Limited Data Retention
- GDPR-compliant retention policy.
- Regular reviews by Legal & Compliance.
Measures for Accountability
- Data protection by design/default.
- Designated DPO.
- Risk assessments every 6 months.
Measures for Data Portability & Erasure
- Individual rights policy reviewed yearly.
- Workflows to answer personal data requests with Legal & Compliance.
8. Your Privacy Rights
At GOODWEEK, we are committed to protecting your privacy rights and providing you with transparency and control over your personal data. Depending on your location and the applicable data protection laws, you may have the following rights:
8.1. Right to Access
You have the right to request access to the personal data we hold about you. This includes the right to:
- Know what personal data we process about you.
- Receive a copy of your personal data in a commonly used electronic format.
- Obtain information about how your data is processed, including the purposes, categories of data, recipients, and retention periods.
How to Exercise: Contact us at privacy@goodweek.com with your request. We will respond within one month.
8.2. Right to Rectification
You have the right to request the correction of inaccurate or incomplete personal data that we hold about you. This includes the right to:
- Update your personal information (e.g., name, email address, or other details).
- Correct any errors in your data.
How to Exercise: Contact us at privacy@goodweek.com with the details you would like to update or correct. We will make the necessary changes promptly.
8.3. Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of your personal data in certain circumstances, such as:
- When your data is no longer needed for the purposes for which it was collected.
- When you withdraw your consent (if consent was the legal basis for processing).
- When you object to the processing of your data, and there are no overriding legitimate grounds for continuing the processing.
How to Exercise: Contact us at privacy@goodweek.com with your request. We will delete your data unless we have a legal obligation or legitimate reason to retain it.
8.4. Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as:
- When you contest the accuracy of your data (until we can verify its accuracy).
- When the processing is unlawful, but you oppose the erasure of your data.
- When we no longer need your data, but you require it for the establishment, exercise, or defense of legal claims.
- When you object to the processing of your data, pending verification of whether our legitimate grounds override your rights.
How to Exercise: Contact us at privacy@goodweek.com with your request. We will restrict the processing of your data as required.
8.5. Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including:
- When we process your data for direct marketing purposes.
- When we process your data on the basis of legitimate interests, and you believe your rights and freedoms override those interests.
How to Exercise: Contact us at privacy@goodweek.com with your objection. We will stop processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing.
8.6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where:
- The processing is based on your consent or a contract.
- The processing is carried out by automated means.
How to Exercise: Contact us at privacy@goodweek.com with your request. We will provide your data in a portable format.
8.7. Right to Withdraw Consent
If we process your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise: Contact us at privacy@goodweek.com to withdraw your consent. We will stop processing your data based on your consent unless we have another legal basis for continuing the processing.
8.8. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection authority, such as the CNIL in France, if you believe that your privacy rights have been violated.
How to Exercise: Contact the relevant data protection authority in your country to file a complaint.
8.9. Automated Decision-Making and Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this right does not apply if:
- The decision is necessary for entering into or performing a contract between you and us.
- The decision is authorized by law.
- You have given your explicit consent.
How to Exercise: If you believe you have been subject to automated decision-making, contact us at privacy@goodweek.com to request a review of the decision.
9. Protection of Minors
Our services are not intended for children under the age of 16. If we learn that a child is using our platform, we will take steps to delete their data.
10. Updates to This Policy
We may update this policy at any time. Changes will be posted on this page, and if they are significant, we will notify you via email or the platform.
11. Contact Us
For any questions or requests regarding this policy or the processing of your personal data, contact us at:
- Email: privacy@goodweek.com
- Addresses: Getpulse Inc. 2447 Pacific Coast Highway, Hermosa Beach, CA 90245 - USA
Representative in EU:
Getpulse SAS, 19 rue de Wissembourg, 67000 Strasbourg - France
