Privacy Policy
This Privacy Policy explains how GTMHack Ltd (“we”, “us”) collects, uses and protects personal data when you visit our website or use our platform. It applies to individuals whose data we handle as a controller — primarily visitors and users of GTMHack itself. Where we handle personal data on behalf of our customers (as a processor), the terms of the Data Processing Addendum apply.
1. Who this applies to
Website visitors, prospective customers, current customers and their authorised users, and anyone who contacts us. If you interact with our platform because a GTMHack customer is contacting you, the customer is the controller; you can contact them, or us as a routing point.
2. What we collect
Account data: name, work email, company, role, password (hashed), authentication tokens, workspace and seat metadata.
Billing data: billing name and address, VAT number, invoice history. Card details are held by our payment processor (Stripe), never by us.
Usage data: logs of how you use the Service — features used, pages visited, actions taken, IP address, browser, device, timestamps, and error diagnostics.
Communications: emails, tickets and messages you send us.
Cookies and similar technologies: see our Cookie Notice.
3. How we use it
- To operate the Service — sign-in, workspace access, running MIDAS, sending outbound on your instruction.
- To bill you and process payments.
- To provide support, communicate with you, and send transactional emails.
- To improve the Service — aggregated analytics, debugging, performance, model quality (we do not train our foundation models on your Customer Data).
- To keep the Service safe — fraud, abuse, and integrity monitoring.
- To meet legal obligations.
4. Lawful basis (UK/EU GDPR)
- Contract: to provide the Service you signed up for.
- Legitimate interests: to run, secure, and improve GTMHack, and to communicate with prospective customers.
- Legal obligation: tax, accounting, and other laws.
- Consent: where we ask for it (e.g. non-essential cookies, marketing emails).
5. Who we share with
We share personal data only with sub-processors necessary to deliver the Service — hosting, database, email delivery, payment, analytics, model inference, and support. A current list of sub-processors is maintained in the DPA, updated as it changes. We do not sell personal data. We do not disclose personal data to authorities except where legally compelled to.
6. International transfers
GTMHack is UK-based. Where personal data is transferred outside the UK/EEA (e.g. to a US sub-processor), we use appropriate safeguards, including UK IDTA / EU Standard Contractual Clauses and additional technical measures where needed.
7. How long we keep it
We keep account and Customer Data while your subscription is active and for a limited period afterwards to satisfy legal and audit needs (typically 30 days for active Customer Data after termination, up to 7 years for billing records). Backups age out on rolling schedules.
8. Your rights
Under UK/EU GDPR you have the right to access, correct, delete, restrict, port, and object to processing of your personal data, and to withdraw consent where processing is based on it. You can exercise these rights by emailing privacy@gtmhack.ai. You also have the right to complain to a supervisory authority — the UK ICO (ico.org.uk) or your local EU DPA.
9. Security
We use encryption in transit (TLS 1.3) and at rest (AES-256-GCM), row-level tenant isolation, principle-of-least-privilege access controls, MFA on privileged systems, and comprehensive audit logging. Details on our security page.
10. Children
GTMHack is not intended for anyone under 16 and we do not knowingly collect data from children. If you believe we have, please contact us and we will delete it.
11. Cookies
See our Cookie Notice for what we set, why, and how to turn off non-essential cookies.
12. Contact us
Data Protection Officer: privacy@gtmhack.ai
Post: GTMHack Ltd, United Kingdom.