Gomgasht
GomgashtWorkforce Health OS

Privacy Policy

Last updated: March 15, 2026

Gomgasht Inc. ("Gomgasht," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Workforce Health OS platform and related services.

Information We Collect

We collect only the minimum information necessary to deliver our services:

  • Account information: name, email address, job title, organization name
  • Screening data: daily wellness check responses submitted by employees
  • Operational data: site assignments, shift schedules, return-to-work status
  • Technical data: device type, browser version, IP address, access timestamps
  • Communications: support tickets and correspondence with our team

How We Use Information

  • Deliver and maintain the Gomgasht platform and services
  • Process daily screening submissions and generate triage recommendations
  • Provide aggregated, anonymized workforce readiness insights to administrators
  • Communicate service updates, security alerts, and support
  • Comply with legal obligations and respond to lawful requests
  • Improve platform performance and reliability

Data Storage and Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use tenant-isolated infrastructure with dedicated database instances per organization. Access controls enforce the principle of least privilege at every layer. Regular penetration testing and security audits are performed by independent third parties.

Data Residency

Gomgasht offers configurable data residency to meet local regulatory requirements. Organizations can choose to store their data in:

  • United Arab Emirates (Dubai)
  • United States (US-East, US-West)
  • European Union (Frankfurt, Dublin)
  • Canada (Toronto, Montreal)

Data never leaves the selected region without explicit authorization from the data controller.

Employee Data Handling

Employee health screening data is handled with additional safeguards:

  • Health data is logically separated from general management data
  • Managers see only aggregated readiness signals, never individual health details
  • Triage personnel access individual records only when action is required
  • Retention periods are configurable per organization and comply with local law
  • Employees can access, export, and request deletion of their own records

Third-Party Sharing

We do not sell personal data. We share data only in the following circumstances:

  • With sub-processors necessary to deliver the service (listed in our DPA)
  • With the employing organization as data controller, in accordance with their policies
  • When required by law, regulation, or valid legal process
  • To protect the rights, safety, or property of Gomgasht, our customers, or the public

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data (where legally permitted)
  • Object to or restrict certain processing activities
  • Data portability in a machine-readable format
  • Withdraw consent where consent is the legal basis

UAE PDPL Compliance

Gomgasht complies with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021). We maintain lawful bases for processing, implement appropriate technical and organizational measures, and respect data subject rights as defined under the PDPL. Our data processing activities are registered with the UAE Data Office where required.

GDPR Compliance

For individuals in the European Economic Area, we process personal data in accordance with the General Data Protection Regulation (GDPR). We maintain records of processing activities, conduct data protection impact assessments for high-risk processing, and have appointed a Data Protection Officer. Cross-border transfers are governed by Standard Contractual Clauses or adequacy decisions.

Contact for Privacy Inquiries

For privacy-related questions, data access requests, or to exercise your rights, contact us at:

[email protected]

Gomgasht Inc., Dubai, United Arab Emirates

We will respond to all privacy inquiries within 30 days.