Privacy Policy
Last updated: April 30, 2026
1. Information We Collect
We collect information you provide when you create an account, configure the platform, or contact us. This includes:
- Account data — name, work email, organization name, and account settings.
- API usage logs — retrieval events, policy decisions, and audit records generated by your use of the platform.
- Billing information — payment method details processed by Stripe on our behalf (we do not store raw card numbers).
- Cookies — session identifiers and preference data described in Section 9 below.
2. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Gateco platform.
- Process transactions and send service-related communications.
- Improve platform features and reliability using aggregate usage patterns.
- Comply with applicable legal obligations.
We do not sell your personal information to third parties and do not use it for advertising.
3. Data Sharing
Gateco shares your information only with subprocessors required to operate the platform (see Section 4), when required by applicable law or court order, or with your explicit written consent. Your data is never sold or shared for advertising purposes. All subprocessors are bound by Data Processing Agreements that require equivalent data protection standards.
4. Subprocessors
We use the following subprocessors to deliver the Gateco service:
| Subprocessor | Purpose |
|---|---|
| Stripe | Payment processing |
| Cloud infrastructure provider | Hosting and data storage (contact us for details) |
A Data Processing Agreement (DPA) covering subprocessor obligations is available on request. Contact privacy@gateco.ai.
5. Data Security
We apply industry-standard security controls to protect your data:
- AES-256 encryption at rest.
- TLS 1.3 in transit.
- Role-based access controls limiting internal access to production data.
- Continuous monitoring and anomaly detection.
6. Data Retention
- Standard (Free / Pro): Audit logs retained for 90 days. Account data retained for the duration of your subscription plus 30 days following termination, after which it is deleted.
- Enterprise: Configurable retention periods available via signed agreement.
7. Your Rights (GDPR Articles 15–22)
If you are located in the EEA, UK, or another jurisdiction with equivalent privacy rights, you have the following rights regarding your personal data:
- Art. 15 — Access: Request a copy of the personal data we hold about you.
- Art. 16 — Rectification: Request correction of inaccurate or incomplete data.
- Art. 17 — Erasure: Request deletion of your personal data (“right to be forgotten”).
- Art. 18 — Restriction: Request that we restrict processing of your data in certain circumstances.
- Art. 20 — Portability: Receive your data in a structured, machine-readable format.
- Art. 21 — Object: Object to processing of your data based on legitimate interests.
To exercise any of these rights, contact privacy@gateco.ai. We will respond within 30 days. EEA residents also have the right to lodge a complaint with their national supervisory authority.
8. International Transfers
Gateco operates from the United States. If you access the platform from the EEA or UK, your personal data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the lawful transfer mechanism for EEA-to-US and UK-to-US data transfers.
9. Cookies
We use two categories of cookies:
- Essential cookies: Session identifiers and preference data required for the platform to function.
- Analytics cookies: Aggregate usage data to understand how our website and platform are used. No individual profiling.
We do not use third-party advertising trackers. You can manage or disable cookies through your browser settings. Disabling essential cookies will affect platform functionality.
10. Data Processing Agreement
A Data Processing Agreement is available for Enterprise customers. Contact privacy@gateco.ai to request a copy.
11. Changes to This Policy
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will notify you by email or by a prominent notice in the platform before the change takes effect.
12. Contact
For privacy-related questions or to exercise your rights:
- Privacy inquiries: privacy@gateco.ai
- Legal notices: legal@gateco.ai