Privacy Policy

Last updated: 02/13/2026

1. Introduction

This Privacy Policy explains how gotoHuman UG (haftungsbeschränkt) (operating as gotoHuman) (“we,” “us,” or “our”) collects, uses, and protects your personal information when you use our services (“Services”), such as when you use our platform, visit our website (at https://www.gotohuman.com or any other website we provide that links to this privacy policy), or engage with us in any other way, including in connection with sales, marketing, support, or events.

If you have questions about this Privacy Policy or how we handle your data, contact us at legal@gotohuman.com.
If you do not agree to this Privacy Policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information You Provide

We may collect the following personal information that you provide to us:
‍
- Account Information: Names, email addresses, usernames, passwords
- Company Information: Company name, role, phone numbers, mailing addresses, or other business details
- Communication Data: Information you provide when contacting us for support, feedback, or other inquiries
- Payment Data: Billing and payment information (including credit card details and billing addresses)
- Social Login Data: If you use one of the social login options to register with us or log in (see Section 5), we receive certain profile information from these providers

Payment data is processed and stored directly by our third-party payment processor, Stripe.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2.2 Information Collected Automatically

When you use our services, we may automatically collect:
‍
- Technical Data: IP and MAC address, browser type and version, device information, operating system, device identifiers
- Usage Data: Pages accessed, referring URLs, features used, actions taken, session-specific information, login times, navigation patterns
- Location Data: Approximate location based on your IP address
- Log Data: Server logs, error reports, and performance data

This information helps us operate our services, ensure security, and improve our platform.

2.3 Customer Data Processed Through Our Platform

When using our Services, you, or individuals you authorize (such as your employees or clients), may enter, submit, upload, or transmit data, such as form inputs, messages, files or other content (“Customer Data”).
The person or organization that owns a workspace (“Customer”) controls any associated Customer Data.
We process Customer Data solely as a Data Processor on behalf of the Customer and according to their instructions.
A Data Processing Agreement governing the processing of Customer Data is available upon request.

3. How We Use Your Information

We use your personal information for the following purposes:

- Provide and maintain our services: Account creation, authentication, platform functionality, and service delivery
- Process transactions: Manage billing, subscriptions, and payments (processed by Stripe)
- Communicate with you: Send service-related notifications, respond to inquiries, provide customer support
- Improve our services: Analyze usage patterns, develop new features, resolve issues, optimize performance
- Security and fraud prevention: Protect our services, detect security threats, prevent abuse
- Marketing: Send promotional emails about our services and features (you can unsubscribe at any time)
- Legal compliance: Comply with applicable laws, regulations, and legal obligations

4. Legal Bases and Data Sharing

4.1 Legal Bases for Processing

Under GDPR and UK GDPR, we process your personal information based on:

- Contractual necessity: To provide our services and fulfill our obligations to you
- Legitimate interests: To improve our services, ensure security, analyze usage, and market to existing customers, where these interests do not override your rights
- Legal compliance: To comply with legal obligations
- Consent: Where we have obtained your explicit consent (e.g., for analytics cookies)

‍Our Role as Controller or Processor: Under European data protection laws, we are the “data controller” of the personal information processed under this Privacy Policy, with the exception of Customer Data (2.3).

4.2 How We Share Your Information

Service Providers: We share your personal information with third-party service providers who perform functions on our behalf, including:
- Cloud hosting and infrastructure
- Payment processing (Stripe)
- Email delivery and communication services
- Analytics
- Error and performance monitoring
- Customer support tools
- Security services

All service providers are contractually required to protect your data and use it only as we instruct them.

‍Legal Requirements: We may disclose your information when required by law, court order, or legal process, or to protect our rights, property, safety, or the rights of others.

‍Business Transfers: In the event of, or in connection with, or during negotiations of, a merger, acquisition, sale of assets, or financing, your personal information may be transferred to or shared with another business.

‍With Your Consent: We may share your information for other purposes with your explicit consent.

5. Social Logins

If you choose to register or log in using Google or GitHub, we receive certain profile information from these providers, which may include your name, email address, profile picture, and user ID.
We use this information solely to create and manage your account, authenticate your identity, and provide our services. We are not responsible for the privacy practices of these providers.

6. International Data Transfers

Data processing primarily takes place within the European Union or the European Economic Area. However, your personal information may be transferred to and processed in other countries (including the United States) in the course of providing our services.

When we transfer data outside the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

7. Data Retention and Security

7.1 Data Retention

We retain your personal information only as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy. When we no longer have a legitimate business need to process your information, we delete or anonymize it. If immediate deletion is not possible (for example, due to backup systems), we securely isolate your information from further processing until deletion is possible.

Some information may be retained longer when required or permitted by law (e.g., for tax, accounting, or legal obligations, or for fraud prevention and dispute resolution).

7.2 Security

To protect your personal information, we implement appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that data.

While we strive to protect your information, please be aware that no method of transmitting data over the internet or storing data is completely secure.

You should also help protect your data. Please keep your password confidential, limit access to your device, and access our services only from secure environments.
If you believe your account has been compromised, contact us immediately.

8. Cookies and Tracking Technologies

We may use cookies and similar technologies (such as web beacons and local storage) on our website and platform.

‍Necessary Cookies: These are essential for our services to function, such as authentication, security, and core functionality. These do not require your consent under applicable law.
‍Analytics Cookies: With your consent, we may use cookies to understand usage patterns and improve our services.

Where cookies are used, you can manage your preferences through our consent banner.
Please note that disabling cookies may impact functionality and prevent you from accessing certain features or logging in.

9. Your Privacy Rights

In certain regions (including the EEA, UK, and Switzerland), applicable data protection laws grant you specific rights regarding your personal information. These rights may include requesting access to or copies of your data, correcting inaccurate information, requesting deletion or restricted processing of your information, receiving your data in a portable format, objecting to certain types of processing, and withdrawing previously given consent.
To exercise any of these rights, please contact us at legal@gotohuman.com.
We will respond to your request in accordance with applicable data protection laws.

9.1 Account Information

You can access, or update your account information or delete your account at any time by:
- Updating your account in the account settings
- Contacting us using the provided contact details

9.2 Marketing Communications

You can opt out of receiving marketing emails at any time by:
- Clicking the “unsubscribe” link in any marketing email
- Contacting us using the provided contact details
You will continue to receive service-related communications necessary for account administration.

9.3 Complaints

If you believe we have not handled your personal information properly, you can lodge a complaint with your data protection authority:
- EEA residents: Your national data protection authority (https://edpb.europa.eu/about-edpb/board/members_en)
- UK residents: Information Commissioner's Office (ICO) (https://ico.org.uk)
- Swiss residents: Federal Data Protection and Information Commissioner (FDPIC) (https://www.edoeb.admin.ch/en)

10. Changes and Contact

10.1 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be indicated by the “Last updated” date at the top.

For material changes, we may notify you by email or through a prominent notice on our platform or website. Your continued use of our services after we publish or notify you of changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

10.2 Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Email: legal@gotohuman.com