Privacy Policy

Effective Date: May 7, 2026  ·  Last Updated: May 7, 2026

This Privacy Policy explains how the GemCore OS platform ("GemCore OS," "Platform," "we," "us") collects, uses, stores, discloses, and protects information in connection with your use of the web application available at https://gemcoreos.com and the companion GemCore iOS and watchOS applications.

GemCore OS is a private, internal-use enterprise platform operated for the exclusive benefit of George T. Springer, Co. doing business as Springer's Jewelers ("Springer's"), its corporate affiliates, and authorized employees, contractors, and service providers. GemCore OS is not a consumer-facing service and is not intended for use by the general public.

If you are not an authorized user of Springer's, please do not attempt to use, register for, or access GemCore OS.

1. Who Is Responsible for Your Information

The Platform is owned and licensed to Springer's by an independent technology provider (the "Owner") under a separate Ownership and Partnership Agreement. For the purposes of applicable U.S. privacy law, Springer's is the controller of all business records and personal information processed within the Platform, and the Owner acts solely as a technology provider and data custodian on Springer's behalf.

All questions about how your information is handled inside GemCore OS should be directed first to Springer's. Technical inquiries regarding the Platform itself may be directed to:

2. Who This Policy Applies To

This Policy applies to:

• Springer's employees (corporate, retail, and back-office) who log into the Platform to perform their job duties;
• Springer's contractors, vendors, and authorized third-party service providers granted access to the Platform;
• Visitors to public-facing pages of https://gemcoreos.com (such as marketing or login pages); and
• Customers of Springer's whose information may be stored in the Platform as part of Springer's normal business operations (note: customers do not log into GemCore OS directly; their information is entered and managed by Springer's staff).

3. Information We Collect

Because GemCore OS is a full enterprise operating system for a multi-store jewelry retail business, the Platform processes a broad range of business and personal information, including:

3.1 Account and Authentication Data (Employees, Contractors)

• Full name, work email address, work phone number
• Username, hashed password, multi-factor authentication tokens
• Role assignments (admin, executive, manager, salesperson) and permission grants
• Store/location assignment (store IDs 87, 88, 89, 92, 93, and Online)
• Login timestamps, IP address, device identifier, browser/user-agent string
• Session activity logs

3.2 Customer Records (Entered by Springer's Staff)

• Customer name, mailing address, email address, telephone number
• Purchase history, repair history, special-order history, layaway and credit account status
• Anniversary, birthday, wishlist, and preference notes maintained by sales staff
• Notes and communications associated with the customer record (the "Customer 360" view)
• Loyalty, referral, and marketing-opt-in flags

3.3 Inventory and Product Data

• SKU, serial number, vendor, cost, retail price, location, photographs
• Estate, Rolex, Service (repair), and special categories
• Movement history (transfers between locations, sales, returns)

3.4 Sales, Commission, and Financial Data

• Transaction records, line items, discounts, payment method indicators
• Salesperson assignment, commission tier, gross-profit calculations
• Department-level revenue, KPIs, and analytics

3.5 Operational Data

• Tasks, projects, OKRs, Kanban boards, notifications
• Department dashboards (Operations, Marketing, Revenue, Sales, Product, Inventory, Rolex, Service, Estate, Finance)
• User-saved dashboard layouts and preferences

3.6 Technical and Diagnostic Data

• Application logs, error reports, performance metrics
• Cookies and similar technologies strictly necessary to maintain authenticated sessions

We do not intentionally collect Social Security numbers, government IDs, full payment card numbers, or health information through GemCore OS. Payment processing for customers occurs in Springer's separate point-of-sale and merchant-processor systems; GemCore OS receives only transaction summary data.

4. How We Use Information

Information processed by GemCore OS is used solely to:

• (a) operate, secure, and maintain the Platform on Springer's behalf;
• (b) authenticate users and enforce role-based access controls;
• (c) enable Springer's to manage inventory, customers, sales, employees, and operations;
• (d) generate reports, analytics, and dashboards for Springer's leadership and staff;
• (e) maintain audit trails of who accessed and modified records;
• (f) detect and respond to security incidents, fraud, and policy violations; and
• (g) comply with applicable law and Springer's internal policies.

We do not use information collected through GemCore OS for advertising, do not sell personal information, and do not share information with third parties except as described in Section 6.

5. Legal Basis (for Reference)

To the extent applicable, the lawful bases for processing under U.S. state privacy laws and similar regimes are:

• Performance of an employment or contractor relationship with Springer's;
• Legitimate business interest of Springer's in operating its retail business;
• Compliance with legal obligations (tax, employment, recordkeeping); and
• Consent, where consent is sought separately (e.g., customer marketing opt-ins managed by Springer's).

6. How Information Is Shared

GemCore OS shares information only with:

1. Springer's — as the controller of all business records and personal data within the Platform;
2. Subprocessors and infrastructure providers that host or operate the Platform, including Microsoft (cloud infrastructure and identity) and Apple (iOS distribution and push notifications). These providers process data only as instructed by us and Springer's, under written terms. A current subprocessor list is available on request to our privacy contact;
3. Auditors, legal counsel, or government authorities when required by valid legal process or to protect the rights, property, or safety of Springer's, the Owner, employees, customers, or the public; and
4. Successors in the event the Platform or Springer's business is transferred, with continued protections consistent with this Policy.

We do not sell or rent personal information to anyone.

7. Data Retention

Information is retained for as long as Springer's business needs require, and as required by law (for example, tax, employment, and warranty record retention). When records are no longer required, they are deleted or de-identified in accordance with Springer's retention schedule. Audit logs may be retained for an extended period for security and compliance purposes.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information processed by GemCore OS, including:

• Role-based access control with least-privilege defaults
• Encryption in transit (TLS) and encryption at rest at the database layer
• Authentication, including multi-factor authentication where configured
• Audit logging of access to sensitive records
• Regular review of access permissions when staff roles change

No method of transmission or storage is 100% secure. Users are required to safeguard their credentials and report suspected security incidents promptly to Springer's IT contact and to contact@gemcoreos.com.

9. Your Rights

Because GemCore OS is operated for an internal employer/contractor population in Maine and the broader United States, the rights available to you depend on your relationship with Springer's and on applicable state law. In general, you may:

• Access information about you maintained in your user profile;
• Correct inaccurate information in your user profile;
• Request deletion of your information when it is no longer required for business or legal purposes (subject to retention obligations); and
• Withdraw consent to optional processing where your consent was the lawful basis.

To exercise these rights, contact your Springer's manager or HR representative, or email contact@gemcoreos.com. Customer-record requests submitted by Springer's customers are handled by Springer's directly under Springer's customer-facing privacy disclosures.

10. Cookies and Tracking

The Platform uses only strictly necessary cookies and local-storage tokens required for authenticated sessions, security, and core functionality. We do not use advertising or third-party analytics cookies in the authenticated portions of the Platform.

11. Children's Privacy

GemCore OS is not directed to and is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided information through the Platform, contact us at contact@gemcoreos.com and we will take reasonable steps to delete it.

12. International Users

GemCore OS is designed for use within the United States. If you access the Platform from outside the United States, you understand that information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted at https://gemcoreos.com with a revised "Last Updated" date. Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

14. Governing Law

This Policy is governed by the laws of the State of Maine, without regard to conflict-of-laws principles. Any dispute arising from this Policy shall be resolved in the state or federal courts located in Cumberland County, Maine.

15. Contact

This Privacy Policy has been drafted as a baseline working document. Springer's Jewelers should review and adapt it with Maine counsel before publication, particularly to reflect Springer's customer-data practices, retention schedules, and any vendor agreements that change subprocessor lists.