Privacy Policy

Last updated: December 18, 2025

1. Introduction

GSTPro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our goodwill letter automation service.

Please read this privacy policy carefully. By using our service, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Name and email address (for account creation)
  • Mailing address (for sending physical letters on your behalf)
  • Payment information (processed securely via Stripe)
  • Creditor information you provide for your campaigns
  • Details about late payments you wish to dispute

2.2 Automatically Collected Information

When you use our service, we automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information (device type, operating system)
  • Usage data (features used, actions taken)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Generate personalized goodwill letters on your behalf
  • Send physical mail to creditors through our mail service provider
  • Process payments and manage your account
  • Send you service-related emails and notifications
  • Respond to your comments, questions, and support requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following situations:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Lob - For printing and mailing physical letters
  • Stripe - For payment processing
  • Supabase - For data storage and authentication
  • Anthropic (Claude AI) - For letter generation

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure payment processing through Stripe

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your data at any time (see Section 8).

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Types of cookies we use:

  • Essential cookies - Required for the service to function
  • Authentication cookies - To keep you logged in
  • Analytics cookies - To understand how you use our service

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access - Request a copy of your personal data
  • Correction - Request correction of inaccurate data
  • Deletion - Request deletion of your data
  • Export - Request your data in a portable format
  • Opt-out - Unsubscribe from marketing communications

To exercise these rights, please contact us at support@gstpro.io or use the data export feature in your account settings.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). We process your data based on your consent, contractual necessity, or our legitimate interests. You have the right to withdraw consent, access your data, request portability, and lodge a complaint with a supervisory authority.

11. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: support@gstpro.io
  • Through the Help page in your dashboard