We respect your privacy
and keep things simple

What information we collect

Information you give us directly when you create an account, place an order, or contact support:

Information collected automatically when you browse our site:

• → IP address, browser type, operating system, and device information
• → Pages visited, referring URLs, and time spent on the site
• → Cookies and similar tracking technologies (see the Cookies section below)

How we use your information

We use the data we collect only for legitimate purposes related to running the platform:

• ✓ Deliver your orders — using the URLs and handles you provide to run social media campaigns on your behalf.
• ✓ Manage your account — keeping your settings, order history, wallet balance, and preferences accurate.
• ✓ Process payments — passing billing details to our payment processors to handle transactions securely.
• ✓ Send transactional emails — order confirmations, delivery updates, support replies, and important account notices.
• ✓ Prevent fraud and protect security — detecting unusual account activity, preventing chargebacks, and keeping the platform safe.
• ✓ Improve the service — analysing usage patterns (in aggregate, not individually) to make the platform faster and easier to use.
• ✓ Comply with legal obligations — keeping records required by applicable laws and responding to lawful government requests.

Our legal basis for processing

Under GDPR and similar laws, we must have a valid reason to process personal data. Here is what we rely on:

• § Contract performance — processing your order, managing your account, and delivering services you have paid for.
• § Legitimate interests — fraud prevention, security, and improving the platform in ways that do not override your rights.
• § Legal obligation — complying with tax, financial, or law enforcement requirements where legally mandated.
• § Consent — for optional marketing emails or cookies that are not strictly necessary. You can withdraw consent at any time.

Who we share your data with

We do not sell, rent, or trade your personal data. We share it only with trusted third parties who help us operate the platform, and only to the extent necessary:

• → Payment processors (e.g. Stripe, PayPal, CoinPayments) — to handle transactions. They have their own privacy policies and are PCI-DSS compliant.
• → Hosting & infrastructure providers — the servers and CDN that keep the site fast and available. Your data stays encrypted in transit and at rest.
• → Analytics tools — anonymised usage data (no personal identifiers) to help us understand how the site is used.
• → Legal or government authorities — only when required by law or to protect the rights, property, or safety of GTR Socials and its users.

All third-party processors we work with are contractually required to handle your data securely and in accordance with applicable privacy law.

Cookies & tracking technologies

We use cookies and similar technologies to keep the platform working properly and to understand how people use it. Here is what we use:

• ✓ Essential cookies — required for login sessions, cart state, and CSRF protection. You cannot opt out of these without losing core site functionality.
• i Analytics cookies — help us measure traffic and page performance. Data is aggregated and not linked to individual identities.
• i Preference cookies — remember your settings (e.g. currency, UI preferences) so you do not have to re-enter them every visit.

Most browsers let you control or block cookies. Blocking essential cookies will break login and checkout functionality.

Social logins

We may offer the option to sign in or register using a third-party account such as Google or Facebook. If you choose this, we receive basic profile data from that provider (typically your name and email address) solely for authentication purposes. We do not post on your behalf, access your social feeds, or store your social media credentials.

The privacy practices of those providers are governed by their own policies — we recommend reviewing them before connecting your account.

How long we keep your data

We keep your data for as long as your account is active or as long as needed to provide you with services. Once you close your account, we delete or anonymise personal data within a reasonable period, except where:

• → A legal obligation requires us to retain it (e.g. tax or financial records — typically 7 years).
• → There is an unresolved dispute or fraud investigation involving your account.
• → We are required to preserve records for litigation or regulatory purposes.

How we protect your data

We take security seriously and implement a range of technical and organisational measures to protect your information:

• 🔐 All data is transmitted over HTTPS / TLS — encrypted in transit.
• 🔐 Passwords are hashed using industry-standard algorithms — we never store plain-text passwords.
• 🔐 Access to personal data is restricted to staff who need it to perform their job.
• 🔐 Payment data is handled directly by our PCI-DSS certified payment processors — we do not store full card details.

Your privacy rights

Depending on where you live, you may have some or all of the following rights over your personal data:

To exercise any of these rights, email [email protected] or use the Contact page. We will respond within 30 days in most cases.

Do-Not-Track

Some browsers can send a "Do-Not-Track" (DNT) signal to websites. At this time there is no industry-wide standard for how to respond to DNT signals, so we do not currently change our data practices based on them. If a standard is established, we will update this policy accordingly.

US residents — CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights on top of those listed above:

• ★ Know — the specific categories and pieces of personal information we have collected about you in the past 12 months.
• ★ Opt out of sale or sharing — we do not sell personal information, but you can contact us to confirm.
• ★ Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
• ★ Correct and limit use of sensitive personal information — we do not collect sensitive personal information as defined under CPRA.

To submit a request under CCPA / CPRA, contact us at [email protected]. We respond within 45 days.

Other regions — GDPR & beyond

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws similar to GDPR, the rights listed in the "Your privacy rights" section above fully apply to you. You also have the right to lodge a complaint with your local data protection authority if you believe we are not handling your data lawfully.

Where we transfer data outside the EEA or UK, we do so only with appropriate safeguards in place (such as Standard Contractual Clauses) to ensure your data receives equivalent protection.

Policy updates

We may update this policy from time to time to reflect changes in our practices, new services, or evolving legal requirements. When we make a material change, we will update the "Last updated" date at the top of this page and, where appropriate, notify active customers by email.

Continuing to use GTR Socials after an update means you accept the revised policy. We encourage you to check back periodically.

How to contact us

If you have questions, requests, or complaints about this policy or the way we handle your data, we want to hear from you:

• @ Email: [email protected]
• 🏢 Business: AZ GTR SOLUTIONS LTD (Company Number 17176383), registered with the Registrar of Companies for England and Wales
• 📍 Locations: Dallas, TX, USA; Surbiton, London, UK; Kurunegala, Sri Lanka
• 💬 Contact form: gtrsocials.com/contact
• 🖥 Dashboard support: available when you are logged in to your account

We will acknowledge your request within 5 business days and aim to resolve it fully within 30 days.