GATEMAN

Privacy Policy

Last updated: February 2025

1. Introduction

Gateman AI Inc. ("Gateman," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI governance platform and browser extension.

Please read this privacy policy carefully. By using Gateman, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and organization details when you register.
  • Payment Information: Billing details processed securely through our payment providers.
  • Support Communications: Information you provide when contacting our support team.

2.2 Information Collected Automatically

  • Authentication Tokens: We store authentication tokens locally in your browser extension to maintain your login session with Gateman. We do not store passwords.
  • Detection Metadata: Category of detected content (e.g., "secrets", "PII"), severity level, and action taken. We do NOT store the actual content of your prompts.
  • AI Tool Usage: URLs of AI tools you interact with (e.g., chatgpt.com, claude.ai) to generate usage analytics for your organization.
  • Usage Data: Browser type, timestamps, and feature usage patterns.
  • Device Information: Operating system, browser version, and extension version.

2.3 Information We Do NOT Collect

  • The actual text content of your AI prompts or conversations
  • Passwords or authentication credentials for third-party AI services
  • Personal files or documents from your device

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send administrative notifications and security alerts
  • Respond to customer service requests and support needs
  • Generate anonymized analytics and usage statistics for your organization
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations

4. Data Processing and Security

4.1 Local Processing

All content detection happens locally in your browser. The Gateman extension analyzes text patterns on your device without sending the actual content to our servers. Only metadata (detection category, severity, action taken) is transmitted.

4.2 Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Role-based access controls for employee access

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Third parties who assist in operating our platform (hosting, analytics, payment processing)
  • Your Organization: Administrators in your organization can view aggregated analytics and policy configurations
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Detection event metadata is retained for 90 days by default, configurable by your organization. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@gateman.dev.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant authorities for transfers outside the EEA.

9. Children's Privacy

Gateman is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Gateman after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Gateman AI Inc.

Email: privacy@gateman.dev