Privacy Policy
Last updated: 21 de junio de 2026
1. Data Controller
The data controller is GeckoAI.app, LLC, a Delaware Limited Liability Company (USA). For privacy matters, contact [email protected]. Our postal address is available upon request.
2. EU Representative (GDPR Art. 27)
EU Representative (GDPR Art. 27): To be appointed before public launch. For GDPR inquiries in the meantime, please contact [email protected].
3. Data We Collect
We collect account data (such as name and email), usage data (such as logs and feature interactions), payment data processed by our Merchant of Record, and data from integrations you connect (such as store, product and order data).
4. How We Use Data
We process personal data to perform our contract with you (providing the Service), based on your consent (where required, such as marketing), and for our legitimate interests (such as security, improvement and fraud prevention), consistent with GDPR legal bases.
5. Data Sharing & Sub-processors
We share personal data with the sub-processors below strictly to operate the Service. We require each to protect personal data under terms consistent with this policy. We do not sell personal data.
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting, CDN, edge functions | USA + global edge |
| Supabase Inc. | Database, authentication, storage | EU (Ireland) |
| Fly.io (Hatchet Networks Inc.) | Backend workers, cron jobs | Global multi-region |
| Resend (Resend.com Inc.) | Transactional emails | USA |
| Cloudflare Inc. | DNS, security, CDN | Global |
6. Data Retention
We retain personal data for as long as your account is active and as needed to provide the Service, then for the period required to comply with legal obligations, resolve disputes and enforce agreements.
7. International Transfers
Where personal data is transferred internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or applicable adequacy decisions.
8. Your Rights
Under the GDPR you may exercise rights of access, rectification, erasure, portability, restriction and objection. Under the CCPA you may know, delete, opt out of sale (we do not sell data) and not be discriminated against for exercising rights. Under the LGPD you have rights similar to the GDPR. To exercise any right, contact [email protected].
10. Children's Privacy
Orklio is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact [email protected].
11. Security Measures
We implement technical and organizational measures including encryption in transit, access controls, least-privilege principles and regular review of our providers to protect personal data.
12. Contact
For any privacy question or to exercise your rights, contact [email protected]. A Data Protection Officer will be designated if and where legally required.
13. Changes to This Policy
We may update this policy. Material changes will be notified by email or in-product, and the effective date below will be updated.