Legal

Privacy Policy

Last updated: 10 July 2026 · UK/EU GDPR aligned
On this page 1. Who this applies to 2. What we collect 3. How we use it 4. Lawful basis 5. Who we share with 6. International transfers 7. How long we keep it 8. Your rights 9. Security 10. Children 11. Cookies 12. Contact us

This Privacy Policy explains how GTMHack Ltd (“we”, “us”) collects, uses and protects personal data when you visit our website or use our platform. It applies to individuals whose data we handle as a controller — primarily visitors and users of GTMHack itself. Where we handle personal data on behalf of our customers (as a processor), the terms of the Data Processing Addendum apply.

1. Who this applies to

Website visitors, prospective customers, current customers and their authorised users, and anyone who contacts us. If you interact with our platform because a GTMHack customer is contacting you, the customer is the controller; you can contact them, or us as a routing point.

2. What we collect

Account data: name, work email, company, role, password (hashed), authentication tokens, workspace and seat metadata.

Billing data: billing name and address, VAT number, invoice history. Card details are held by our payment processor (Stripe), never by us.

Usage data: logs of how you use the Service — features used, pages visited, actions taken, IP address, browser, device, timestamps, and error diagnostics.

Communications: emails, tickets and messages you send us.

Cookies and similar technologies: see our Cookie Notice.

3. How we use it

4. Lawful basis (UK/EU GDPR)

5. Who we share with

We share personal data only with sub-processors necessary to deliver the Service — hosting, database, email delivery, payment, analytics, model inference, and support. A current list of sub-processors is maintained in the DPA, updated as it changes. We do not sell personal data. We do not disclose personal data to authorities except where legally compelled to.

6. International transfers

GTMHack is UK-based. Where personal data is transferred outside the UK/EEA (e.g. to a US sub-processor), we use appropriate safeguards, including UK IDTA / EU Standard Contractual Clauses and additional technical measures where needed.

7. How long we keep it

We keep account and Customer Data while your subscription is active and for a limited period afterwards to satisfy legal and audit needs (typically 30 days for active Customer Data after termination, up to 7 years for billing records). Backups age out on rolling schedules.

8. Your rights

Under UK/EU GDPR you have the right to access, correct, delete, restrict, port, and object to processing of your personal data, and to withdraw consent where processing is based on it. You can exercise these rights by emailing privacy@gtmhack.ai. You also have the right to complain to a supervisory authority — the UK ICO (ico.org.uk) or your local EU DPA.

9. Security

We use encryption in transit (TLS 1.3) and at rest (AES-256-GCM), row-level tenant isolation, principle-of-least-privilege access controls, MFA on privileged systems, and comprehensive audit logging. Details on our security page.

10. Children

GTMHack is not intended for anyone under 16 and we do not knowingly collect data from children. If you believe we have, please contact us and we will delete it.

11. Cookies

See our Cookie Notice for what we set, why, and how to turn off non-essential cookies.

12. Contact us

Data Protection Officer: privacy@gtmhack.ai
Post: GTMHack Ltd, United Kingdom.