Legal
Privacy Policy
Last updated: 3 May 2026
This Privacy Policy explains how Gatheronix LTD ("GatheroniX", "we", "us", "our") collects, uses, shares, and protects personal data when you visit gatheronix.com, join our waitlist, book a demo, or use the GatheroniX platform.
We are committed to handling personal data lawfully under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Republic of Cyprus Law on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data of 2018 (Law 125(I)/2018).
1. Who we are
Data Controller: Gatheronix LTD, a company registered in the Republic of Cyprus, with registered office at Gladstonos 16, 8046 Paphos, Cyprus.
Contact for data protection matters: hello@gatheronix.com
We have not appointed a formal Data Protection Officer because we are not currently required to under Article 37 GDPR. If that changes, this policy will be updated.
2. The personal data we collect
2.1 Information you give us directly
- Waitlist and demo requests: full name, work email address, phone number (optional), agency size, your biggest current workflow pain, free-text notes you choose to send.
- Demo / call bookings: name, email address, calendar availability, and any additional information you provide via our scheduling tool.
- Account data (once the platform is live): name, work email, role, password (stored only as a salted hash), agency name and details.
- Communications: the content of emails and messages you send to us.
2.2 Information we collect automatically
- Technical data: IP address, browser type, device type, operating system, referrer URL, pages visited, timestamps. Used for security, fraud prevention, and basic operational telemetry.
- Cookies and similar technologies: see Section 8 below. Non-essential cookies are only set after you consent via our cookie banner.
2.3 Information we process on behalf of agency customers
When an agency uses GatheroniX, the agency is the Data Controller of the booking, attendee, and hotel data they upload or generate within the platform, and we are the Data Processor. The terms governing that relationship are set out in our Data Processing Agreement (available on request at hello@gatheronix.com).
3. Why we process your data, and the legal basis
| Purpose | Legal basis under Art. 6 GDPR |
|---|---|
| Adding you to our waitlist and contacting you about early access. | Performance of pre-contractual steps at your request — Art. 6(1)(b). |
| Booking and conducting demo or workflow audit calls. | Performance of pre-contractual steps at your request — Art. 6(1)(b). |
| Operating the GatheroniX platform once you are a customer. | Performance of a contract — Art. 6(1)(b). |
| Sending product updates, launch news, and other low-volume marketing to existing or waitlisted contacts. | Legitimate interest — Art. 6(1)(f), with an opt-out in every message. |
| Setting non-essential cookies (analytics, marketing). | Consent — Art. 6(1)(a). |
| Securing the service and preventing abuse. | Legitimate interest — Art. 6(1)(f). |
| Complying with tax, accounting, and statutory obligations. | Legal obligation — Art. 6(1)(c). |
4. Who we share your data with
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes. We do use a small number of sub-processors to run the service. Each one is bound by a written data processing agreement and is engaged only to the extent necessary.
| Sub-processor | Purpose | Location |
|---|---|---|
| Microsoft Ireland Operations Limited (Microsoft Azure) | Application hosting, primary database, file storage | EU (Azure West Europe / North Europe regions) |
| Vercel Inc. | Frontend deployment and edge delivery | United States (with EU edge locations) |
| Google LLC / Google Ireland Limited | Email (Google Workspace), waitlist form processing (Apps Script) until migration | EU and United States |
| Cal.eu (operated by Cal.com, Inc.) | Demo and call scheduling — EU instance | EU (data residency in Germany). The operating entity is US-incorporated; transfers are governed by SCCs. |
| PostHog Inc. (EU Cloud) | Product and website analytics, gated on cookie consent | EU (Frankfurt). The operating entity is US-incorporated; transfers are governed by SCCs. |
| Mailgun (Sinch UK Ltd) | Transactional email delivery for waitlist submissions | EU (Frankfurt). The operating entity is UK-incorporated; transfers governed by UK adequacy decision. |
We may also disclose personal data where required by law, regulation, court order, or in response to a lawful request by a public authority.
5. International data transfers
Some of our sub-processors are based in the United States or transfer data to the United States. Where personal data is transferred outside the European Economic Area, the transfer is protected by the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914) and, where appropriate, by additional safeguards such as encryption in transit and at rest.
Our primary application data (booking data, attendee information, hotel communications) is stored on Microsoft Azure in the European Union and does not leave the EU as part of normal operations.
6. How long we keep your data
- Waitlist contacts: retained until 24 months after the platform is generally available, or until you ask us to delete the record — whichever is sooner.
- Demo / call bookings: retained for up to 24 months after the call.
- Customer account data: retained for the duration of the contract and for up to 7 years afterwards to meet Cyprus tax and accounting obligations, then deleted.
- Booking and attendee data we process for agency customers: retained as set out in the agency's Data Processing Agreement with us. Default is 24 months after contract termination unless the agency instructs otherwise.
- Server and security logs: retained for up to 12 months.
7. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you (Art. 15);
- Correct inaccurate or incomplete data (Art. 16);
- Have your data erased in certain circumstances (Art. 17);
- Restrict processing in certain circumstances (Art. 18);
- Receive your data in a portable format (Art. 20);
- Object to processing based on legitimate interest, including direct marketing (Art. 21);
- Withdraw consent at any time, where processing is based on consent (Art. 7(3));
- Lodge a complaint with a supervisory authority. The competent authority for Cyprus is the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy). You may also complain to the supervisory authority in your member state of residence.
To exercise any of these rights, email hello@gatheronix.com. We will respond within one month, and where additional time is required under Art. 12(3) we will tell you.
8. Cookies and similar technologies
We use a small number of cookies. Strictly necessary cookies are set without consent because the site cannot function without them. Analytics and marketing cookies are only set after you give consent via our cookie banner. You can change or withdraw your choice at any time by clearing the gx-consent entry from your browser's local storage and reloading the site.
9. Security
We protect personal data with measures appropriate to the sensitivity of the information and the state of the art. These include TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access control, audit logging, and regular review of our security practices. No system is perfectly secure, but we take this seriously and we notify affected users and regulators within statutory timeframes if a breach occurs.
10. Children
GatheroniX is a B2B service. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have, contact us and we will delete the data.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated by email to active users and waitlist contacts before they take effect.
12. Contact
For any privacy or data protection question, email hello@gatheronix.com or write to: Gatheronix LTD, Gladstonos 16, 8046 Paphos, Cyprus.