This Privacy Policy explains how Jezerox Pte. Ltd., trading as Gail ("Gail", "we", "us" or "our"), collects, uses, discloses, stores and protects personal data in connection with our websites, software, AI assistants, workflow tools, integrations, support services and related offerings (collectively, the "Services").
Gail provides business software and AI-enabled workflow services to small and medium-sized enterprises, real estate professionals, clinics and other organisations. This Policy is intended to comply with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection requirements.
This Policy should be read together with the Gail Terms of Service, any applicable order form, data processing terms and notices presented at the time personal data is collected.
Who We Are
Gail is operated by Jezerox Pte. Ltd., a company incorporated in Singapore with UEN 202606909W.
Website: www.hiregail.com and www.realestate.hiregail.com
General and data protection contact: krish@hiregail.comScope
This Policy applies to personal data relating to:
• visitors to our websites and online pages;
• customers, prospective customers and their personnel;
• authorised users of the Services;
• business contacts, suppliers, contractors and partners;
• people who communicate with us, request support, attend demonstrations or participate in product research; and
• individuals whose data is submitted to the Services by a customer, such as patients, leads, clients, property owners, tenants, buyers, sellers, employees, vendors or other contacts.
Where a customer submits personal data about another individual to the Services, the customer is generally responsible for providing the required notices, obtaining any necessary consent or other authority, and ensuring that its instructions to Gail are lawful.Our Roles When Handling Personal Data
3.1 Data used for Gail's own purposes
Gail acts as an organisation responsible for personal data that we collect and use for our own business purposes, including account administration, billing, security, service analytics, support, sales, marketing and legal compliance.
3.2 Customer Data processed on behalf of customers
When we process personal data contained in customer records, workflows, communications or connected systems solely to provide the Services in accordance with a customer's instructions, Gail generally acts as a data intermediary and the customer remains responsible for the personal data and the purposes for which it is processed.
3.3 Different roles may apply
Our role depends on the circumstances. For example, we may act as a data intermediary for patient or lead data in a customer workspace, while acting as an organisation for account, billing, security and support data relating to the customer's authorised users.Personal Data We Collect
Depending on how you interact with us and how a customer configures the Services, we may collect the following categories of personal data:
4.1 Identity and contact data
Name, business name, job title, role, email address, telephone number, mailing address and other contact details.
4.2 Account and authentication data
Username, account identifiers, password hashes, authentication records, access permissions, login history and security events.
4.3 Commercial and billing data
Subscription details, order forms, invoices, payment status, billing contacts and transaction records. Payment card details may be processed directly by a payment service provider and may not be stored by Gail.
4.4 Technical and usage data
IP address, device and browser information, operating system, timestamps, pages or features used, event logs, diagnostics, crash data, performance data and approximate location inferred from network information.
4.5 Communications and support data
Emails, messages, support requests, call notes, meeting recordings or transcripts where notified, feedback, survey responses and other communications with us.
4.6 Integration and connected-system data
Information needed to connect to customer-authorised systems, such as CRM, EMR, calendar, email, messaging, telephony, property portal, inventory, accounting or other systems. This may include access tokens, identifiers, configuration data and data retrieved or updated through the integration.
4.7 Customer Data
Data submitted, imported, generated or processed in a customer workspace. Depending on the customer and use case, this may include:
• lead and client contact details, preferences, enquiries, notes and communication history;
• property, transaction, viewing, listing and follow-up information;
• clinic appointment, administrative, billing, inventory, insurance and patient-related information;
• employee, supplier, customer, project and operational records;
• prompts, attachments, voice recordings, transcripts, AI outputs, tasks and workflow records; and
• other information selected by the customer or its authorised users.
Health information and other sensitive records should be submitted only where necessary, authorised and appropriate for the configured service.How We Collect Personal Data
We may collect personal data:
• directly from you when you contact us, register, purchase, configure or use the Services;
• from the organisation that invites or authorises you to use the Services;
• from customers that submit or connect data to the Services;
• automatically through cookies, logs, analytics and security technologies;
• from third-party services that you or a customer authorises us to connect to;
• from public sources, business directories, referrals and professional networks; and
• from service providers and business partners where permitted by law.How We Use Personal Data
We may collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances, including to:
• provide, operate, configure, maintain and support the Services;
• create and administer accounts, permissions, subscriptions and billing;
• process customer instructions, workflows, communications and integrations;
• generate AI-assisted drafts, summaries, classifications, recommendations, reminders and workflow actions;
• authenticate users, prevent fraud, manage security and investigate misuse;
• monitor performance, diagnose faults, maintain reliability and improve usability;
• respond to enquiries, demonstrations, support requests and feedback;
• communicate service notices, security notices, invoices and administrative information;
• develop and improve features using aggregated, anonymised or de-identified information;
• conduct internal reporting, planning, research and product analytics;
• market our Services where permitted and manage marketing preferences;
• enforce our agreements, protect rights and resolve disputes;
• comply with law, regulation, court orders and lawful requests; and
• support a merger, financing, restructuring, sale or transfer of all or part of our business.
We rely on consent where consent is required. We may also collect, use or disclose personal data without consent where permitted by the PDPA or other applicable law, including where an applicable business improvement, legitimate interests, contractual necessity, legal obligation or other exception applies and the relevant requirements have been satisfied.AI Features and Personal Data
The Services may use artificial intelligence and automated processing to generate drafts, summaries, classifications, reminders, recommendations, workflow actions and other outputs. Inputs and outputs may contain personal data when a customer or user submits such data.
We may send relevant data to AI model providers and other sub-processors solely to provide the configured feature, subject to contractual and security controls. The specific providers and processing locations may change over time.
Unless expressly agreed in writing, Gail will not use identifiable Customer Data to train a general-purpose or shared AI model. We may use aggregated, anonymised or de-identified information that does not reasonably identify a customer or individual to improve the Services, monitor quality and develop features.
Customers and authorised users must review AI outputs before relying on them. The Services are not intended to make final clinical, legal, financial, employment, credit, housing or other decisions that materially affect an individual without appropriate human review and lawful safeguards.How We Disclose Personal Data
We do not sell personal data. We may disclose personal data to:
• the customer organisation responsible for the relevant account or workspace;
• cloud hosting, database, security, analytics, communications, payment, support and AI service providers;
• integration providers and connected third-party services authorised by the customer;
• professional advisers, auditors, insurers, financiers and contractors who need the information for legitimate business purposes;
• law enforcement, regulators, courts, government agencies or other parties where required or permitted by law;
• a prospective or actual buyer, investor, financier or successor in connection with a corporate transaction, subject to appropriate confidentiality; and
• other parties with consent or at the direction of the customer or individual.
Service providers are permitted to process personal data only for agreed purposes and are expected to protect it appropriately. A current list of material sub-processors is available to customers on request.Overseas Transfers
Some service providers, systems and infrastructure used by Gail may be located outside Singapore. Where personal data is transferred overseas, we will take steps required under applicable law to ensure that the recipient provides a standard of protection comparable to the PDPA. These steps may include contractual safeguards, assessments, certifications or reliance on other legally permitted transfer mechanisms.Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, to provide the Services, to comply with legal and regulatory obligations, to resolve disputes, to maintain security and audit records, and to enforce agreements.
Retention periods vary depending on the type of data, customer instructions, legal requirements, risk and technical constraints. When personal data is no longer required, we will delete, anonymise or securely dispose of it, subject to lawful retention, backup and disaster-recovery processes.
Following termination, Customer Data will be handled in accordance with the applicable Terms of Service, order form and data processing terms. Residual copies may remain in secure backups until overwritten in the ordinary course.Security
We use reasonable administrative, technical and organisational measures designed to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, loss, disposal or similar risks. Measures may include access controls, authentication, encryption in transit, logging, backups, vulnerability management, staff confidentiality obligations and incident response procedures, as appropriate to the Services and risks involved.
No method of transmission or storage is completely secure. Customers and users must protect credentials, configure permissions appropriately, use secure devices and notify us promptly of suspected compromise.Cookies and Similar Technologies
Our websites and Services may use cookies, pixels, local storage and similar technologies for essential functionality, authentication, security, preferences, performance and analytics. Some technologies may be provided by third parties.
You may control non-essential cookies through available cookie settings or your browser. Disabling cookies may affect functionality. Where required, we will request consent before using non-essential cookies.Marketing and Do Not Call Requirements
We may send information about Gail products, events and services where permitted by law. You may unsubscribe using the method provided in the message or by contacting us.
We will manage telephone marketing in accordance with applicable Do Not Call requirements. Customers using Gail to communicate with their own leads, patients or contacts remain responsible for obtaining consent, checking applicable registers, honouring opt-outs and complying with marketing, professional and platform rules.Your Rights and Choices
Subject to applicable law and verification of identity, you may contact us to:
• request access to personal data under our possession or control and information about how it has been used or disclosed;
• request correction of inaccurate or incomplete personal data;
• withdraw consent to future collection, use or disclosure, where processing is based on consent;
• opt out of marketing communications; or
• raise a question or complaint about our handling of personal data.
Withdrawal of consent does not affect processing already carried out lawfully. Depending on the request, withdrawal may prevent us from providing some or all of the Services. We may charge a reasonable fee for an access request where permitted and will inform you in advance.Customer Data and Requests from Individuals
Where personal data is held in a customer workspace and Gail processes it on behalf of the customer, the customer is ordinarily the appropriate first point of contact for access, correction, deletion, consent or complaint requests. For example, a patient should normally contact the clinic, and a property client or lead should normally contact the relevant agent or estate agency.
If you submit such a request to Gail, we may refer it to the relevant customer and assist the customer as required by our agreement and applicable law.Children
The Services are intended for business users aged 18 or older. We do not knowingly offer accounts directly to children. Customers, including clinics, may submit information relating to minors where this is lawful, necessary and within the scope of the Services. The customer is responsible for obtaining any required parental or guardian authorisation and applying appropriate safeguards.Data Breaches
We maintain processes to assess and respond to suspected personal data breaches. Where required by law, we will notify the relevant customer, the Personal Data Protection Commission and/or affected individuals within the applicable timeframes. Customers must notify us promptly of any suspected compromise affecting the Services or Customer Data.Changes to this Policy
We may update this Policy from time to time to reflect changes in the Services, law or our practices. The updated version will be posted with a revised "Last updated" date. Where changes are material, we may provide additional notice through the Services, by email or by another reasonable method.Contact Us
Questions, requests and complaints concerning personal data may be directed to: Data Protection Officer Jezerox Pte. Ltd. UEN 202606909W Email: krish@hiregail.com Website: www.hiregail.com
Please provide enough information for us to identify the relevant data and understand your request. We may ask for information to verify your identity and authority before acting on a request.