Legal

Privacy Policy

Last updated: 5 July 2026  ·  Effective: 5 July 2026

This Privacy Policy explains how Collimate collects, uses, shares, and protects personal data when you visit our websites, create an account, and use our managed sandbox cloud (the “Service”). We aim to collect only what we need to run the Service securely and reliably.

Controller. The data controller is Gero Consulting, a sole proprietorship registered in Israel (“Collimate”, “we”, “us”). For privacy questions or to exercise your rights, contact privacy@collimate.ai.
Account data vs. the content you run. This Policy covers personal data about you — website visitors, account holders, and billing contacts. It does not govern the code, files, and data you run inside your Sandboxes (“Customer Content”). For Customer Content we act as a processor on your behalf under our Terms and Data Processing Addendum; you are the controller of that content and are responsible for its lawful use. See Section 9.

1.Data we collect

CategoryExamplesSource
Account & identityName, email address, organization, profile identifiers from your sign-in provider (Google or GitHub)You / your identity provider
BillingPlan, billing contact, transaction and subscription status. Card and payment details are collected and stored by Paddle, not by us; we receive limited transaction metadata.You / Paddle
Usage & meteringAPI requests, sandbox lifecycle events, compute/storage metering, quotas, timestampsAutomatic
Technical & logsIP address, device/browser data, request and error logs, security eventsAutomatic
Support & commsMessages you send us, support tickets, survey responsesYou

We do not intentionally collect special categories of personal data, and you should not submit them as account or support data.

2.How we use data

We do not sell your personal data, and we do not use the contents of your Sandboxes to train models.

3.Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you request); legitimate interests (to secure, operate, and improve the Service and prevent abuse, balanced against your rights); legal obligation (for example, tax and accounting); and consent where required (for example, certain communications), which you may withdraw at any time.

4.Sharing & sub-processors

We share personal data only as needed to run the Service, and never sell it. Recipients include service providers acting on our behalf under contract:

ProviderPurpose
Google Cloud PlatformCloud hosting, compute, databases, and storage that run the Service
Paddle.comMerchant of Record — payment processing, invoicing, and tax
Identity providers (Google, GitHub)Authentication / single sign-on, at your election
Communications & support toolingTransactional email and support

We may also disclose data to comply with law, respond to lawful requests, protect our rights and the safety of others, or in connection with a merger, acquisition, or asset sale (with notice where required). A current list of sub-processors is available on request at privacy@collimate.ai.

5.International transfers

We operate from Israel and host the Service on cloud infrastructure that may be located in the United States and other regions. Israel is recognized by the European Commission as providing an adequate level of data protection. Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the Standard Contractual Clauses. Contact us for more information.

6.Retention

We keep personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, accounting, security, and dispute-resolution obligations, after which we delete or de-identify it. Logs and security data are typically retained for a limited period. You may request deletion as described below; some data may be retained where we have a legal obligation or legitimate need.

7.Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls and least-privilege administration, network controls, and logging. Sandboxes are isolated from one another using virtual-machine-level isolation, and we apply controls to prevent access to cloud metadata and cross-tenant access. No method of transmission or storage is completely secure; you are responsible for securing your API keys and credentials and for backing up anything you need.

8.Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to our processing of your personal data, to data portability, and to withdraw consent. If you are in the EEA/UK you may lodge a complaint with your supervisory authority. If you are in Israel, you have rights under the Protection of Privacy Law, 5741-1981. If you are a California resident, you have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of “sale”/“sharing” (we do not sell or share personal data as those terms are defined). To exercise any right, contact privacy@collimate.ai; we will verify your request and respond within the time required by law. We will not discriminate against you for exercising your rights.

9.Customer Content (Sandboxes)

When you run code and data in Sandboxes, we process that Customer Content as a processor solely to provide the Service, under your instructions and our Terms and Data Processing Addendum. We do not access Customer Content except as necessary to operate and secure the Service, prevent or address technical or security problems, comply with law, or at your request. You are the controller of Customer Content and are responsible for its lawful collection and use, including providing any required notices and obtaining any required consents from your own end users.

10.Cookies

Our websites and console use strictly necessary cookies and similar technologies to keep you signed in, remember preferences, and secure the Service. We keep non-essential tracking to a minimum; where we use analytics, we prefer privacy-respecting, aggregate measurement. You can control cookies through your browser settings; disabling essential cookies may break sign-in.

11.Children

The Service is intended for businesses and adults. It is not directed to children, and we do not knowingly collect personal data from anyone under 18 (or under the age of digital consent in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it.

12.Changes & contact

We may update this Policy from time to time. If we make material changes, we will provide notice (for example, by email or in the console) and update the “Last updated” date above. For any privacy question, or to exercise your rights, contact our privacy team at privacy@collimate.ai.


© 2026 Gero Consulting. See also our Terms of Service and Refund Policy.