Skip to main content
G
GeraOS← Back

Privacy Policy

Last updated: 1 May 2026

1. Controller

Gera Services Ltd (“Gera”, “we”, “us”) is the data controller for personal data collected via GeraOS and all Gera Systems products. Contact: privacy@gera.services.

2. Data We Collect

  • Account data: name, email, password hash, country, role.
  • Usage data: pages visited, features used, session duration, IP address, device type.
  • Payment data: transaction amounts, currency, payment method type. Card details are processed by Stripe — we never store raw card numbers.
  • Communications: support enquiries, feedback, and email preferences.

3. Legal Basis

We process your data on the following bases: (a) contract performance — to provide the services you signed up for; (b) legitimate interests — to improve the platform, prevent fraud, and ensure security; (c) consent — for marketing emails (you can withdraw at any time); (d) legal obligation — where required by law.

4. How We Use Your Data

  • Provide and improve GeraOS and all Gera products
  • Process payments and prevent fraud
  • Send transactional emails (account verification, password reset, receipts)
  • Send marketing emails (only with consent; unsubscribe any time)
  • Comply with legal obligations

5. Sharing

We do not sell your data. We share data only with: (a) service providers under contract (Stripe, Neon, Upstash, Sentry, PostHog, Vercel, Railway); (b) law enforcement when legally required. All processors are bound by data-processing agreements.

6. Retention

Account data is retained while your account is active and for 6 years after closure (UK tax/legal requirements). Usage logs are retained for 90 days. You can request deletion at any time — see §8.

7. International Transfers

Data may be processed in the US and EU by our processors. Transfers outside the EEA use Standard Contractual Clauses or adequacy decisions.

8. Your Rights

Under UK GDPR you have the right to: access, rectify, erase, restrict, or port your data; withdraw consent; object to processing; lodge a complaint with the ICO (ico.org.uk). Email privacy@gera.services to exercise any right. We respond within 30 days.

9. Cookies

We use strictly necessary cookies (session, CSRF) plus optional analytics cookies (PostHog). You can manage preferences via the cookie consent banner on first visit. See our Cookie Policy link in the footer.

10. Changes

We may update this policy. Material changes will be notified by email or in-app banner at least 14 days before taking effect.

Terms of ServiceBack to GeraOS