Privacy Policy
Last updated: January 16, 2026
GeckoAuthority (a company registered in Estonia) takes the protection of your personal data seriously. This Privacy Policy has been prepared in compliance with the European Union General Data Protection Regulation (GDPR) and applicable data protection laws.
This Privacy Policy supplements the data processing provisions in the Terms of Service. View Terms of Service
1. Data Controller
The data controller responsible for processing your personal data:
Company: GeckoAuthority
Registered Country: Republic of Estonia
Email: privacy@geckoauthority.com
Data Protection Officer: dpo@geckoauthority.com
2. Personal Data Collected
The following categories of personal data are collected through the Platform:
Identity Data
- First and last name
- Email address
- Phone number (optional)
Billing Data
- Billing address
- Tax identification number (corporate)
- National ID number (individual, where applicable)
- Company information (corporate)
Technical Data
- IP address
- Browser type and version
- Device information
- Cookie data
- Session information
Usage Data
- Platform interaction logs
- Generated content metadata
- Credit usage history
- Preference settings
Payment Data
- Payment transaction records (card details are processed by Stripe, not stored by us)
- Invoice history
3. Legal Basis for Processing
Your personal data is processed based on the following legal grounds:
Performance of Contract (GDPR Article 6(1)(b))
Account creation, service delivery, credit system management
Legal Obligation (GDPR Article 6(1)(c))
Invoicing, tax compliance, legal retention periods
Legitimate Interest (GDPR Article 6(1)(f))
Platform security, fraud prevention, service improvement
Consent (GDPR Article 6(1)(a))
Marketing communications, analytics cookies (only when consent is given)
4. Purposes of Data Processing
- Creating and managing user accounts
- Providing AI-powered content generation services
- Processing payments and issuing invoices
- Providing customer support
- Ensuring platform security and preventing abuse
- Fulfilling legal obligations
- Analyzing and improving service quality
5. Data Sharing and Transfers
Your personal data is not shared with third parties except in the following circumstances:
Data Recipients:
International Data Transfers:
When your data is transferred outside the EU/EEA, appropriate safeguards (Standard Contractual Clauses) are applied under GDPR Article 46.
Legal Requirements:
Data may be shared in accordance with legal obligations in case of court orders or requests from competent authorities.
6. Data Retention Periods
Your personal data is retained for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account activity + 2 years |
| Invoice and payment records | 10 years (legal requirement) |
| Content metadata | Until account deletion |
| Log records | 6 months |
| Cookie data | Maximum 12 months |
Data that has exceeded its retention period is securely deleted or anonymized.
7. Data Security
The following technical and administrative measures are implemented to ensure your data security:
- Encrypted data transmission with TLS 1.3
- Database encryption with AES-256
- Regular security audits and penetration testing
- Access control and authorization system
- Two-factor authentication support
- Secure data centers (SOC 2 Type II certified)
Data Breach Procedure:
In the event of a potential data breach, competent authorities and affected users will be notified within 72 hours in accordance with GDPR Articles 33-34.
8. Cookies and Tracking Technologies
The Platform uses the following types of cookies:
| Type | Purpose | Consent |
|---|---|---|
| Essential Cookies | Session management, security | No consent required |
| Functional Cookies | Language preference, theme settings | No consent required |
| Analytics Cookies | Usage statistics | Consent required |
You can manage your cookie preferences through browser settings or the cookie banner.
9. Data Subject Rights
You have the following rights under GDPR:
Right to Information
Learn whether your data is being processed
Right of Access
Request a copy of processed data
Right to Rectification
Request correction of incorrect or incomplete data
Right to Erasure (Right to be Forgotten)
Request deletion of data under certain conditions
Right to Restriction of Processing
Request limitation of data processing
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to processing based on legitimate interest
Right to Refuse Automated Decision-Making
Not be subject to fully automated decisions
Exercising Your Rights:
To exercise your rights, you can contact privacy@geckoauthority.com. Requests are responded to within 30 days.
Right to Complain:
You can file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local data protection authority.
10. AI and Data Processing
Important information about our AI services:
- Content you create is NOT used to train third-party AI models
- Data you enter during AI generation is processed only for that session
- Content generation history is stored in your account but not shared with AI companies
- Anonymized usage statistics may be analyzed for service improvement purposes
For detailed information, see the 'AI Content Generation and Liability' section in the Terms of Service.
11. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from users under 18. If we become aware of such a situation, we will immediately delete the relevant data.
12. Policy Changes
This Privacy Policy may be updated periodically. Significant changes are announced via email and on the platform. Changes take effect on the date of publication.
The last update date is always indicated at the top of this page.
13. Contact
For privacy-related questions:
Our contact page is also available for reaching us.