Gumly LogoAll Legal Docs
Back to Home

Privacy Policy

Legal Document

Last updated: February 10, 2026

1. Introduction

Welcome to Gumly ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our AI-powered marketing platform, or interact with our services.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, phone number, company name, and other information you provide when creating an account
  • Business Information: Business details, products, services, target audience, marketing goals, and budget information
  • Campaign Data: Marketing campaigns, audience profiles, budget allocations, and campaign performance data
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
  • Communications: Messages, feedback, support requests, and other communications you send to us

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our platform, features used, time spent, and navigation patterns
  • Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy)
  • Log Data: Server logs, error reports, and performance data

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

  • Social media platforms when you connect your accounts
  • Marketing platforms (Google Ads, Meta, etc.) when you integrate them with our service
  • Analytics and advertising partners
  • Public databases and data providers

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI-powered marketing platform and services
  • Campaign Generation: To generate personalized marketing campaigns, audience insights, and budget recommendations using AI
  • Account Management: To create and manage your account, process transactions, and send service-related communications
  • Customer Support: To respond to your inquiries, provide technical support, and resolve issues
  • Communication: To send you updates, newsletters, marketing communications (with your consent), and important service notices
  • Analytics and Improvement: To analyze usage patterns, improve our services, develop new features, and conduct research
  • Security: To detect, prevent, and address fraud, security threats, and unauthorized access
  • Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights and interests

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (hosting, payment processing, analytics, customer support)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred as part of the transaction
  • Legal Requirements: When required by law, court order, or government regulation, or to protect our rights and safety
  • With Your Consent: When you explicitly authorize us to share your information
  • Platform Integrations: When you connect third-party marketing platforms, we may share necessary data to enable integrations

5. Data Protection Mechanisms for Sensitive Data

We take the security of your data, especially sensitive information and data received from third-party APIs (such as Google Ads), very seriously. We implement robust technical and organizational measures to ensure its protection:

  • Encryption: All sensitive data (including OAuth tokens for Google Ads and other platforms) is encrypted at rest using industry-standard **AES-256 encryption** (via the Fernet specification). All data in transit between your browser and our servers, and between our servers and third-party APIs, is encrypted using **TLS 1.2 or higher**.
  • Access Control: We enforce the principle of least privilege. Access to sensitive user data is strictly restricted to a limited number of authorized personnel who require it to maintain the service. We use multi-factor authentication (MFA) for all internal access to production systems and database management.
  • Secure Authentication: We use **signed state tokens** (JWT-based) for all OAuth flows to prevent Cross-Site Request Forgery (CSRF) and ensure that third-party data is only linked to the authenticated user who initiated the request.
  • Data Minimization: We only request and store the specific scopes and data points necessary to provide the features you have activated. We do not store your third-party account passwords; instead, we use secure, encrypted OAuth tokens that can be revoked at any time.
  • Security Monitoring: We perform regular security assessments, vulnerability scanning, and continuous monitoring of our infrastructure to detect and respond to potential threats in real-time.
  • Incident Response: We have established procedures to respond quickly to any potential data breaches, including notifying affected users and relevant authorities as required by law.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Opt-Out: Opt out of marketing communications and certain data processing activities
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at privacy@gumly.ai. We will respond to your request within a reasonable timeframe.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

8. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure that your information receives an adequate level of protection in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email:privacy@gumly.ai

Support:support@gumly.ai

General Inquiries:Contact Us