Privacy Policy

GTM OS (“we,” “our,” or “us”) respects your privacy and is committed to protecting your information. This privacy policy explains what information we collect, how we use it, and the rights you have over your information.

1. Information we collect

We collect limited information to provide and improve our services:

Member profile information

During onboarding, we ask you business-related questions (e.g., go-to-market focus, ARR range, sales process stage). This information is used to personalize your GTM OS experience.

Email address (personal data)

If you create an account, subscribe, or contact us, we may collect and store your (business) email address. This is the only personal identifier we process.

Usage data

We collect anonymized usage information about how you interact with our platform (e.g., which workflows or playbooks are accessed) to improve functionality.

Non-personal data

Most of the information you provide is related to your business activities and is not personally identifiable.

2. How we collect information

We collect information in the following ways:

• Directly from you when you create an account, complete onboarding, subscribe to updates, or contact us.
• Automatically through cookies, analytics tools, and server logs when you use our website.
• From third parties when you choose to connect integrations or use services that link with GTM OS.

3. How we use your information

We use the information we collect for the following purposes:

• To deliver and personalize GTM OS workflows, playbooks, and resources.
• To manage your account and provide customer support.
• To communicate updates, product improvements, and relevant GTM resources (only if you opt in).
• To ensure security, prevent fraud, and comply with legal obligations.
• To analyze usage and improve product performance.

Lawful basis (GDPR/CCPA):

• Contractual necessity (to provide services).
• Legitimate interest (to improve services and communicate with you, where appropriate).
• Consent (for marketing emails, cookies, or optional features).
• Legal obligations (to comply with applicable laws).

We do not sell your data to third parties.

4. Data sharing

We may share limited information with:

• Service providers (e.g., OpenAI, Notion, hosting partners) to operate our services.
• Legal authorities if required by law.
• Business transfers in the event of a merger or acquisition.

If you connect third-party services (e.g., Slack, Google Drive), their privacy policies govern how they handle your data. We encourage you to review those policies.

We rely on standard Data Processing Agreements (DPAs) made available by our service providers (e.g., OpenAI, Notion) as part of their terms of service to ensure compliance and security.

5. Cookies and tracking

We use cookies and similar technologies for:

• Authentication and security.
• Analytics and product performance.
• User preferences.

You can manage cookie settings through your browser or via cookie banners where applicable.

6. Data storage and security

We apply technical and organizational safeguards to protect your information, including encryption in transit and at rest, access controls, monitoring, and secure hosting with SOC 2 Type 2–compliant providers.

For more details, see our security page.

7. International data transfers

If your information is transferred outside your region (for example, to the United States), we rely on legally recognized mechanisms such as the EU Standard Contractual Clauses to safeguard your data.

8. Data retention

• Business profile data (e.g., GTM strategy info) is retained while you maintain an active account.
• Email addresses are retained only as long as necessary to provide the service or until you request deletion.
• Logs and analytics data are retained for a limited period to support security and performance monitoring.

We retain business profile data and email addresses for as long as your account is active. When an account is closed or inactive, we delete or anonymize personal data within 90 days. Certain usage logs and analytics may be retained for up to 12 months for security, auditing, or troubleshooting purposes, after which they are deleted or anonymized.

9. AI-specific disclosures

• Inputs and outputs: Your prompts and AI-generated outputs are processed only to deliver results.
• Model training: Your data is not used to train OpenAI models unless you explicitly opt in.
• Human review: We do not review your inputs or outputs except where needed to provide support or investigate abuse.

10. Your rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your personal information.
• Export your data (data portability).
• Restrict or object to certain processing.
• Withdraw consent at any time (without affecting prior lawful use).

• EU/UK users: GDPR rights apply.
• California residents: CCPA rights apply.

You can exercise these rights by contacting us at privacy@gtm-os.io.

11. Children's privacy

Our services are designed for business use and are not directed at children under 16. We do not knowingly collect information from children.

12. Updates to this policy

We may update this privacy policy from time to time. Updates will be posted on this page with a revised effective date. If material changes occur, we may also notify you by email.

13. Contact us

If you have questions about this privacy policy or how your information is handled, please contact us: