Privacy Policy

1. Who We Are

Data controller:

For the purposes described in this Privacy Policy, Gatera OÜ is the controller of personal data relating to website visitors, account holders, billing contacts, and authorized users of the Service, except where we process data on behalf of a customer as described below.

2. Scope of This Policy

This Privacy Policy applies to:

• visitors to our website
• prospective customers contacting us
• account owners, administrators, and authorized users of the Service
• individuals who communicate with us for support, legal, security, or business reasons

This Privacy Policy does not apply to third-party websites, products, or services that may be linked from our website or integrated with the Service. Those third parties are governed by their own terms and privacy policies.

3. Personal Data We Collect

We may collect the following categories of personal data:

Account and Organization Information

• name
• email address
• account identifiers
• organization name
• organization membership and role
• billing or subscription contact information, where applicable

Authentication and Security Data

• login timestamps
• IP addresses
• device, browser, and operating system information
• authentication events
• security logs
• fraud, abuse, and risk indicators

Usage Data

• pages viewed
• features used
• actions performed within the Service
• configuration activity
• diagnostic data
• error reports
• performance and reliability logs

Communications and Support Data

• messages sent to us
• support requests
• attachments or information voluntarily provided during support interactions

Analytics Data

• website usage data collected through analytics tools, including Google Analytics, if you have given consent for non-essential analytics cookies

4. How We Collect Data

We collect personal data:

• directly from you when you create an account, use the Service, contact us, or submit information
• automatically when you use the website or Service, including through logs, security systems, and cookies
• from your organization or account administrator when they invite or provision you as a user
• from service providers or partners involved in hosting, analytics, payments, communications, or security operations

5. Purposes of Processing

We process personal data in order to:

• provide, maintain, and improve the Service
• create and manage user accounts
• authenticate users and manage access control
• secure the Service and detect, prevent, and investigate abuse, fraud, misuse, or unauthorized access
• operate, troubleshoot, monitor, and improve reliability, performance, and functionality
• communicate with users about the Service, including support, technical notices, and service-related updates
• manage subscriptions, invoices, and business administration
• comply with legal obligations
• establish, exercise, or defend legal claims
• understand website traffic and product usage trends where analytics consent has been given

6. Legal Bases for Processing

We process personal data on one or more of the following legal bases:

Performance of a contract

• where processing is necessary to provide the Service, manage accounts, deliver support, or perform our contractual obligations

Legitimate interests

• where processing is necessary for security, fraud prevention, service administration, internal reporting, product improvement, troubleshooting, business continuity, and protecting our legal rights, provided those interests are not overridden by your rights and freedoms

Consent

• where required by law, including for non-essential analytics cookies and similar technologies

Legal obligation

• where processing is necessary to comply with applicable laws, regulations, lawful requests, tax obligations, accounting obligations, or enforcement requirements

7. Cookies and Similar Technologies

We use cookies and similar technologies for different purposes.

Strictly Necessary Cookies

These cookies are required for the website or Service to function properly. They may be used for secure sessions, authentication, load balancing, fraud prevention, and technical operation. These cookies do not require consent where permitted by law.

Analytics Cookies

If you consent, we may use analytics cookies and similar technologies, including Google Analytics, to understand how visitors use the website, measure traffic, and improve the Service. Analytics cookies are optional and are not enabled unless you give consent.

If you reject non-essential cookies, analytics cookies will not be set or used for standard analytics measurement.

You can manage your cookie preferences through our cookie banner or cookie settings link. You can also withdraw your consent at any time.

8. Google Analytics

Where you give consent, we use Google Analytics to understand website traffic and usage trends. Google Analytics may process information such as page views, approximate location derived from IP, browser and device information, and interaction events.

We configure analytics in line with our privacy and compliance requirements. Analytics is only activated based on your consent choice for non-essential cookies.

9. Data Sharing

We do not sell personal data.

We may share personal data with trusted third-party service providers that support the operation of the Service, including providers of:

• cloud hosting and infrastructure
• website and application delivery
• analytics
• customer support tools
• communications and email delivery
• billing and payment administration
• logging, monitoring, and security services

These service providers are authorized to process personal data only on our behalf and under appropriate contractual and confidentiality obligations.

We may also disclose personal data:

• where required by law, court order, or lawful request by a public authority
• to protect our rights, property, systems, users, or the public
• in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate safeguards

10. International Data Transfers

Your personal data may be processed in the European Economic Area (EEA) and, where necessary, in other jurisdictions.

Where personal data is transferred outside the EEA, we take steps designed to ensure an adequate level of protection, including where appropriate:

• adequacy decisions
• standard contractual clauses
• supplementary contractual, technical, or organizational safeguards

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to:

• provide the Service
• maintain security and business continuity
• comply with legal, tax, accounting, and regulatory obligations
• resolve disputes
• enforce agreements
• establish, exercise, or defend legal claims

Retention periods may vary depending on the type of data, the sensitivity of the data, the nature of the relationship, and legal requirements.

We may delete or anonymize data when it is no longer needed for these purposes. Inactive accounts may be removed after extended inactivity, subject to legal, contractual, and operational requirements.

12. Security

We implement appropriate technical and organizational measures designed to protect personal data, including as appropriate:

• encryption in transit
• secure infrastructure
• access controls
• role-based permissions
• logging and monitoring
• backup and recovery processes
• security review and incident response procedures

No method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

13. Customer Data and Our Role

Where an organization uses Gatera for business purposes, that organization may act as the controller of certain data submitted to or managed within the Service by its users or administrators. In such cases, Gatera may process that data as a processor or service provider on behalf of the customer, subject to the applicable agreement between Gatera and the customer.

If your personal data has been submitted to the Service by or on behalf of a Gatera customer and you wish to exercise your rights relating to that data, you should normally contact the relevant customer first. We may assist our customers in responding to such requests where required.

14. Your Rights

Subject to applicable law, you may have the right to:

• be informed about how your personal data is processed
• access your personal data
• request correction of inaccurate or incomplete personal data
• request deletion of personal data
• request restriction of processing
• object to certain processing
• request data portability
• withdraw consent at any time where processing is based on consent

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise your rights, contact: privacy@gatera.io

We may need to verify your identity before responding to a request.

You also have the right to lodge a complaint with the data protection supervisory authority in your place of residence, place of work, or the place of the alleged infringement.

15. Children

The Service is not directed to children, and we do not knowingly collect personal data from children.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the website, within the Service, or by other appropriate means. The updated version will be indicated by the "Last updated" date above.

17. Contact