Privacy Policy

At Gecko Security, Inc. (“we,” “our,” or “us”), safeguarding the privacy of our users and visitors (“you”) is one of our core priorities. This Privacy Policy outlines the types of information we collect, how we use and share it, and how we protect it when you interact with our website and services.

If you have questions about this Privacy Policy or our privacy practices, please contact us at gecko@gecko.security.

1. Consent

By using our website, applications, platforms and any of our associated online services (collectively, “Services”), you consent to this Privacy Policy and agree to its terms. If you do not agree with any part of this Privacy Policy, you should discontinue your use of our Services immediately.

2. Information We Collect

As part of providing and improving our Services and for other purposes as noted in this Privacy Policy, we collect both data that identifies you, directly or indirectly (“Personal Data”) and data that does not identify you and which cannot reasonably be used to identify you (“Non-Personal Data”). Specifically, we collect Personal Data and Non-Personal Data as follows:

Personal Data: The Personal Data we collect may include, without limitation, your name, email address, phone number, company name, online identifiers (such as IP address) and any other information you provide directly when contacting us or engaging with our Services.

Non-Personal Data: We automatically collect certain Non-Personal Data when you interact with our website, such as browser type, referring/exit pages, and the date and time of your visit. This information is gathered through cookies and similar tracking technologies.

If you contact us directly, we may collect additional information, including any attachments or details you provide.

3. How We Use Your Information

We use the information we collect in the following ways:

• To operate and maintain our Services, such as maintaining your account with us and providing you technical assistance with respect to your use of the Services.
• To improve our Services.
• To personalize your experience and tailor content to your preferences.
• To respond to you when you contact us directly with an inquiry or other communication.
• To understand and analyze website usage and user behavior.
• To develop new products, services, and features.
• To send you newsletters and updates about us and our Services where you have chosen to receive such materials.
• To prevent fraud and maintain the security of our Services.
• To monitor compliance with this Privacy Policy and our Terms of Service and enforce them.
• To exercise or defend our legal rights and to comply with subpoenas, court orders or other legal process.
• To comply with laws and regulations that apply to us.

4. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy. We retain the categories of data described below as follows:

• Account and profile data: retained for the duration of our customer relationship plus up to 2 years thereafter;
• Transactional and billing records: retained for at least 7 years to satisfy tax or audit requirements;
• Support correspondence and logs: retained for up to 3 years to ensure quality and traceability;
• Analytical/usage data: Non-Personal Data regarding usage of our Services may be retained indefinitely.

Upon expiration of the relevant retention period for Personal Data or upon your valid request for erasure of your Personal Data, we will securely delete or anonymise your Personal Data unless we are obligated under applicable law to retain it.

5. Third-Party Sharing & Subprocessors

We may share your information with:

• Service providers (e.g. hosting, analytics, payment processors) acting on our behalf;
• Professional advisers (e.g. legal, accounting firms) under confidentiality obligations;
• Persons or entities with whom you request that we share your information.
• Courts, law enforcement, regulators, government agencies or other parties where it is reasonably necessary for the establishment, exercise or defense of a claim, protecting our rights or the rights of our users, or is required by laws or regulations to which we are subject.

In some instances, we process Personal Data on behalf of our customers and delegate certain functions to service providers that process Personal Data on our behalf (“subprocessors”). A current list of our subprocessors and their roles is available on our website. We conduct due diligence and impose contractual data protection requirements on all of our subprocessors.

6. EU/UK Data Protection

This section of our Privacy Policy applies if you use our Services in the European Union (EU) or United Kingdom (UK) and we act as a “controller” (as explained below).

With respect to certain operational functions which are part of our Services, we act as a controller (i.e., we determine the purposes and means of processing your Personal Data). Such functions include but are not limited to administering and maintaining your account with us and responding to inquiries that you send to us.

You are not obligated to provide us with your Personal Data, however, if you choose not to provide your Personal Data to us, you may not be able to use some or all of our Services.

Your Personal Data is processed for the purposes described in the section of this Privacy Policy titled “How We Use Your Information” and is shared with recipients listed under the section titled “Third-Party Recipients & Subprocessors.”

Where we process your Personal Data or your Personal Data is processed on our behalf, we rely on one or more of the following lawful bases:

• Contractual necessity: to perform our obligations under any agreement with you;
• Legal obligation: to comply with applicable laws and regulations;
• Legitimate interests: for our business operations (e.g. security, fraud prevention, service improvements), provided your rights do not override those interests;
• Consent: where you have explicitly agreed to certain processing (e.g. processing to communicate with you).
• Legal claims: where processing is necessary for the establishment, exercise or defense of legal claims.

To the extent the processing of your Personal Data is based on your consent, you may withdraw your consent at any time. To withdraw your consent for the processing of your Personal Data, you may email us at gecko@gecko.security.

As a data subject, you have the following rights:

• Right to Access: You can request access to or copies of your Personal Data.
• Right to Rectification: You can request corrections of inaccurate or incomplete Personal Data we maintain about you.
• Right to Erasure: You can request that we delete your Personal Data under certain conditions.
• Right to Restrict Processing: You can request that we limit the processing of your Personal Data.
• Right to Object: You can object to the processing of your Personal Data under certain conditions.
• Right to Data Portability: You can request that we transfer your Personal Data to another organisation or directly to you under certain conditions.

Please note that the rights set forth above may be subject to certain limitations under applicable laws. We will notify you if we are not able to honor your request, in whole or in part, and we will otherwise respond to your request as required by applicable laws. If you wish to exercise any of the rights listed above, please contact us at gecko@gecko.security.

Your Personal Data may be transferred or received by us outside the European Economic Area (EEA) or the UK. In such cases, we ensure the transfer of your Personal Data occurs pursuant to a lawful transfer mechanism under applicable law, which may include without limitation:

• Standard Contractual Clauses;
• Adequacy decisions for the recipient country; or
• Other lawful transfer mechanisms under applicable data-protection laws.

In cases where we transfer or receive your Personal Data in accordance with Standard Contractual Clauses, you may request a copy of such clauses or be informed of where they are accessible. To make such a request, please contact us at gecko@gecko.security.

For details on how long we store your Personal Data, please refer to the “Data Retention” section above.

If you have a concern regarding the processing of your Personal Data, you may contact us at gecko@gecko.security or you may lodge a complaint with the applicable data protection authority in the country in which you are located. For a listing of EU data protection authorities and their contact details, please visit https://www.edpb.europa.eu/about-edpb/about-edpb/members_en. If you are located in the UK, you may contact the Information Commissioner’s Office (ICO) via the following link: https://ico.org.uk/make-a-complaint/data-protection-complaints/.

7. Cookies and Web Beacons

Like most website operators, we use cookies, web beacons and similar technologies to store information about visitors’ preferences and track the pages they visit on our website. Cookies help us optimise user experience by customising web content based on browser type or other information.

You can choose to disable cookies through your browser settings. However, please note that disabling cookies may affect your ability to fully interact with our website and use our Services.

8. Security Certifications & Audits

We maintain independent attestation of our control environment, including SOC 2 compliance. In addition to encryption, penetration testing and regular vulnerability assessments, we undergo annual third-party audits to verify the effectiveness of our technical and organizational measures.

9. User Controls & Preferences Regarding Personal Data

In addition to other requests described in this Privacy Policy which you may make regarding your Personal Data (as applicable), you may be entitled to exercise control over or make certain choices relating to your Personal Data depending on applicable laws and regulations and the functionalities we offer. For example, you may access, correct or delete your Personal Data via your account dashboard or by contacting us at gecko@gecko.security. You may also opt out of marketing emails we send to you by using the unsubscribe link in such emails. If you contact us to make any requests in relation to your Personal Data, we will respond to you as required by applicable law.

10. Log Files

We follow standard industry procedures in using log files. These files record visitors’ interactions with our website, capturing details such as your browser type, ISP, date and time of access, referring/exit pages, and click counts. This information is Non-Personal Data. We use this data to analyze trends, administer the website, track user movements, and gather general demographic data.

11. Links to Third Party Websites

Our Services may include links to third party websites. Please note that such links are provided for convenience only and we do not endorse or recommend such third party websites and are not responsible for the privacy practices of third party website operators. When you access a third party’s website, you may be bound by the privacy policies and practices of that third party and we encourage you to read the privacy policies on any third party websites you visit.

12. Children’s Information

We do not knowingly collect Personal Data from children under the age of 13. If you believe that a child under 13 has provided us with Personal Data, please contact us immediately, and we will promptly take steps to remove such Personal Data from our records.

13. Security Practices

We take the protection of your Personal Data seriously and employ industry-standard security measures, including encryption, regular penetration tests, and vulnerability assessments to protect Personal Data. While we strive to safeguard all Personal Data, no system can be 100% secure and we cannot guarantee that unauthorized access to Personal Data will never occur.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and significant changes will be communicated to you through email or by a prominent notice on our website. Your continued use of our Services after such updates signifies your acceptance of the updated Privacy Policy.

Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us at:

Email: gecko@gecko.security

Mailing Address: