Privacy Policy

You must accept this privacy policy in order to use our website. If you do not agree to this privacy policy, you must immediately stop using our website.

Last updated: 24 June 2025

Introduction

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, and manage your personal data when you visit and use our website. This policy complies with the General Data Protection Regulation (GDPR).

Who we are

We are GearStead and you can contact us through our support email address, hello@gearstead.com.

Personal data we collect and process

We may collect and process the following personal data:

Data collected when you visit our website:

  • IP address
  • Browser type and version
  • Operating system
  • Referral source
  • Length of visit, page views, navigation paths

This data is collected by WordPress and Google Analytics via cookies. We use this data to analyse website traffic, enhance user experience, improve our services, and monitor website security. Our lawful basis for this processing is our legitimate interests in maintaining and improving our website and services.

Data collected when you register an account:

  • Name
  • Email address
  • Any other details you provide voluntarily

We use this information to create and manage your account, verify your identity, provide access to our services, and prevent fraudulent activity, such as multiple account creations for free credit misuse. The lawful basis for processing this information is the performance of our contract with you and our legitimate interest in fraud prevention.

Payment information:

We do not directly process your payment details. Payments are securely processed through Stripe. Your payment details are subject to Stripe’s own Privacy and Data Protection policies. We do not store or have access to your payment card details.

Document uploads:

When you upload a document, a temporary copy is stored securely on our server for processing. This copy is permanently deleted within 1 month. Our lawful basis for processing this data is the performance of our contract with you and legitimate interest in providing you with our service.

AI prompt data:

Data you input into AI prompts is retained temporarily solely to provide and facilitate your use of our tools. This information may be temporarily shared with reputable AI service providers, such as Google’s Gemini and DeepSeek (provided by DeepSeek Technology), solely for processing your requests. Our lawful basis for this processing is the performance of our contract with you and our legitimate interest in delivering the requested services.

Data storage and backups

Our website and your data are hosted on servers provided by EuroVPS. Additionally, we use Updraft and Dropbox to create additional secure backups of your data to ensure its safety and availability. These backups help us recover data in the event of loss or corruption.

Marketing communications

If you register an account, we may use your email address to contact you with marketing communications relating to similar products or services. Our lawful basis is our legitimate interest in promoting our services to users who have shown an interest. We use email marketing platforms such as Brevo (formerly Sendinblue) and Mailchimp to send these emails. These companies will process your data (name and email address) on our behalf solely for the purpose of delivering these communications.

You may opt out of marketing communications at any time by clicking the unsubscribe link provided at the bottom of marketing emails.

Transactional and account communications

We will send essential account-related communications, such as a registration email containing a link to set your password. These are necessary for providing our services and cannot be opted out.

Cookies

We use cookies from WordPress and Google Analytics to collect information and analyse website usage. Cookies help us understand visitor behaviour, improve website performance, and provide a better user experience. You can manage your cookie preferences through your browser settings.

Data security

We implement robust security measures to protect your personal data from unauthorised access, misuse, or loss.

Data retention

We retain personal data only for as long as necessary for the purposes outlined in this policy, or as required by law.

Your rights

Under GDPR, you have rights including:

  • Accessing your personal data
  • Correcting inaccuracies in your personal data
  • Requesting deletion of your personal data
  • Objecting to or restricting the processing of your personal data
  • Data portability

To exercise these rights, please contact Rhys Griffiths DPO at hello@gearstead.com.

Changes to this policy

We may update this Privacy Policy occasionally. Any changes will be published on this page.

Contact us

If you have any questions or concerns about your data or this Privacy Policy, please contact Rhys Griffiths DPO at hello@gearstead.com.