Your Privacy is Our Priority

1. Information We Collect

1.1 Account Information

When you create a G8KEPR account, we collect:

• Email address
• Full name
• Organization name
• Password (encrypted with bcrypt)

1.2 Usage Data

To provide and improve our service, we collect:

• API request logs (endpoints, methods, response times, status codes)
• Security event logs (blocked threats, rate limit violations)
• Usage metrics (requests per day, quota usage)
• Browser and device information
• IP addresses (for security and fraud prevention)

1.3 Payment Information

Payment processing is handled by Stripe. We store:

• Billing email
• Last 4 digits of credit card
• Billing address

We never store full credit card numbers. All payment data is securely processed by Stripe.

2. How We Use Your Information

We use your information to:

• Provide our service: Process API requests, enforce rate limits, detect threats
• Billing: Process payments and send invoices
• Security: Detect fraud, prevent abuse, and respond to security incidents
• Communication: Send service updates, security alerts, and billing notifications
• Improvement: Analyze usage patterns to improve performance and features
• Compliance: Meet legal and regulatory requirements

3. Data Security

We implement industry-standard security measures to protect your data:

Our audit logs use tamper-evident SHA-256 hash chains to ensure compliance and integrity.

4. Data Retention

• Account data: Retained while your account is active
• API logs: Retained for 90 days (configurable for Enterprise plans)
• Security logs: Retained for 1 year for compliance purposes
• Billing records: Retained for 7 years per tax regulations

When you delete your account, we delete all personal data within 30 days, except where required by law.

5. Data Sharing

We do not sell your data. We only share data with:

• Service providers: Stripe (payments), AWS/DigitalOcean (hosting)
• Law enforcement: Only when legally required by valid court order
• Business transfers: In the event of a merger or acquisition (you'll be notified)

6. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update incorrect or incomplete data
• Deletion: Request deletion of your data (right to be forgotten)
• Portability: Export your data in machine-readable format
• Objection: Opt out of marketing communications

To exercise these rights, contact us at privacy@gatekeeper.io

7. Cookies and Tracking

We use essential cookies to:

• Maintain your login session
• Remember your preferences
• Prevent fraud and abuse

We do not use third-party advertising or tracking cookies.

8. International Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

G8KEPR is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or dashboard notification. Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or concerns, contact us at: