Privacy Policy
Effective date: May 12, 2026
1. Controller and scope
This Privacy Policy explains how Gestmi processes personal data for visitors, agency account owners, collaborators, client users and payment contacts who use Gestmi websites, panels, workspaces, invoices, notifications and support channels. Depending on the feature, Gestmi may act as an independent controller for account, billing, security and platform administration data, and as a processor or service provider for workspace data submitted by an agency.
2. Data categories
Gestmi may process identity data, contact data, login credentials, profile photos, agency and company records, tax identification data, billing addresses, payment method references, invoice and transaction metadata, workspace content, contracts, requests, files, comments, communication preferences, support tickets, device data, IP address, logs, cookie choices and security events. Gestmi does not store raw card numbers.
3. Purposes of processing
Data is processed to create and manage accounts, authenticate access, provide subscribed features, operate tenant workspaces, process subscriptions and invoices, send transactional email/SMS/WhatsApp/push notifications, deliver support, prevent fraud and abuse, maintain logs, improve reliability, enforce plan limits, comply with legal obligations and protect Gestmi, customers and third parties.
4. Legal bases
Gestmi relies on performance of contract, legitimate interests, legal obligations, consent where required, and protection of rights and security. Optional analytics or marketing cookies are used only after consent. Transactional communications needed for account, security, billing, payment, subscription and service operation are sent as part of the service relationship.
5. Agency workspace data
Agencies control the content and personal data they upload about their own clients, collaborators and companies. Agencies are responsible for having a lawful basis and proper notices for that data. Gestmi uses workspace data only to provide, secure, support and improve the contracted platform, unless otherwise required by law or authorized by the agency.
6. Payments and financial data
Payment details may be processed by certified payment and banking providers. Gestmi stores payment tokens, customer identifiers, invoice records, subscription status, charge status, payment method labels and payout configuration metadata where necessary. Tax, accounting, anti-fraud and audit records may be retained even after account deletion where the law requires it.
7. Service providers and integrations
Gestmi may use infrastructure, storage, email, SMS, WhatsApp, push notification, analytics, hosting, payment, tax, security and customer support providers. Providers are expected to process data only under instructions, contractual duties and security controls appropriate to the service.
8. International transfers
Data may be processed in countries different from the user's country when cloud providers, payment processors or communication services operate internationally. Gestmi uses contractual, technical and organizational safeguards intended to protect personal data during such transfers.
9. Retention
Gestmi keeps personal data only for as long as needed for the purposes described here, including active service use, account recovery, billing, tax records, legal claims, fraud prevention, backups, security logs and audit duties. Backup copies are deleted or overwritten according to operational retention cycles.
10. User rights
Depending on applicable law, users may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, withdrawal of consent, objection to unlawful processing and review of decisions where applicable. Requests can be subject to identity verification and legal exceptions.
11. Security
Gestmi uses access controls, authentication, encryption in transit, provider security controls, monitoring, backups and operational procedures designed to reduce unauthorized access, loss, misuse or disclosure. No online service can guarantee absolute security, but Gestmi works to maintain protections proportional to the risk.
12. Children
Gestmi is intended for business use and is not directed to children. Agencies must not submit children's personal data unless they have the legal authority and required consent to do so.
13. Changes to this policy
Gestmi may update this Privacy Policy to reflect product, legal or operational changes. Material changes may be communicated through the platform, email or another appropriate channel.
14. Contact
Privacy requests can be opened in the Gestmi support area or sent to support@gestmi.com. Requests should include enough information to identify the account and the nature of the request.