Gogoratu Privacy Policy
At Gogoratu, we are committed to protecting your personal data. This policy explains how we collect, use, and protect your information in accordance with the GDPR (EU Regulation 2016/679) and LOPDGDD (Organic Law 3/2018).
1. Data Controller
The data controller is Ovinion OÜ, owner of the Gogoratu platform, with fiscal address in Estonia and contact via email.
2. Personal Data We Collect
- Registration Data: First name, last name, email, encrypted password
- Financial Data: Transactions, categories, balances (never full banking data)
- Technical Data: IP, device type, operating system, activity
- Group Data: Members, roles, shared transaction history
3. Legal Bases and Purposes
| Purpose | Data | Legal Basis | Retention |
|---|---|---|---|
| Service Provision | Registration, groups, transactions | Contract execution | 5 years after last activity |
| Security and fraud prevention | IP, device, activity | Legitimate interest | 1 year |
| Billing and legal compliance | Payment data, invoices | Legal obligation | 10 years |
4. International Transfers
We use providers with appropriate safeguards:
- Stripe (USA): Payment processing - PCI DSS certification
- Amazon Web Services (EU): Data hosting - SCC clauses
- Google Analytics (USA): Usage analytics - IP anonymization mode
5. Your Rights
You can exercise your rights by sending a request to email .
- Access: Obtain a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Delete your data when possible
- Objection: Limit certain processing
- Portability: Obtain your data in a structured format
Exercising Rights
To protect your privacy, we will require identity verification before processing any request. We will resolve it within a maximum period of 30 days.
6. Security Measures
- TLS/SSL encryption in all communications
- Encrypted storage of sensitive data
- Two-factor authentication available
- Periodic security reviews
- ISO 27001 certification on our servers
7. Cookies and Similar Technologies
We use technical cookies necessary for operation. You can manage them from the Cookie Policy. Cookies Policy.
8. Minors
Our service is not directed to individuals under 16 years of age. We do not knowingly collect data from them.
9. Policy Changes
We will notify substantial changes via email or through a notice in the application. We recommend periodically reviewing this policy.
Data Protection Officer Contact
For specific questions about data protection: dpo@gogoratu.net
Also check our Terms and conditions.