GATE Privacy Policy

This policy explains what GATE does with your data, why we do it, and what you can do about it. We wrote it in plain English. If anything here is unclear, email us and we will rewrite it.

1. Who we are

GATE is operated by Wall & Berg AB, a Swedish limited company.

• Org.nr: 559588-0385
• Postal address: Ankargränd 2, 111 29 Stockholm, Sweden
• Email for privacy questions: legal@gate.software

Wall & Berg AB is the data controller for everything described in this policy.

2. What we collect

We try to collect only what we need to run the service.

Account data. Your name, email, password hash, organization, billing address, VAT number if you give one, and language preference.

Chat content. The messages you send to your bots, the files you upload into your bot’s workspace, the responses the bots send back, and any tool calls those bots make. Chat content is the working memory of the product. If you delete a chat, we delete it.

What we do NOT store: the content of your connected accounts. When a bot reads your Gmail, Google Calendar, Drive, or another connected service, it reads that content live, in the moment, to do the task you asked for. We do not copy your mailbox, your calendar, or your files into our database. The agent acts on them and the content is gone when the task is done. What stays is only the chat record of what you asked and what the bot reported back.

The one exception is your own workspace. If you ask the agent to save something (a note, a summary, a piece of data) into your bot’s own encrypted workspace, it stays there until you ask the agent to remove it. That is your data, in your space, under your control. We do not save anything into your workspace unless you tell the agent to.

Embeddings of chat for memory. Some of your chat content is converted into vector embeddings so the bot can recall past discussions. Embeddings live in our database alongside the original messages and are deleted when the source message is deleted.

Bot workspace files. Every bot has a workspace directory with markdown files (SOUL.md, MEMORY.md, MISTAKES.md, bank notes, etc.). These are part of your account data and are deleted when you delete the bot.

Billing data. What you bought, when, the amount, the VAT line, and the Stripe transaction ID. We do not store full card numbers. Stripe holds those.

Logs. IP address, user agent, request timestamps, and error traces. We use these to debug, to detect abuse, and to keep the service running.

OAuth tokens for integrations. When you connect Gmail, Google Calendar, Apollo, Brevo, Shopify, or any other third-party integration through GATE, the access token lives in our integration provider (Composio by default). GATE itself does not store the raw token. We store the reference to the connection so your bots can use it.

Voice audio. If you use the voice features (TTS), the text of your message is sent to ElevenLabs to render audio. We do not retain the audio after delivery.

3. Why we collect it (legal bases under GDPR)

Purpose	Legal basis
Running your account, serving chat, billing you	Contract (Art. 6(1)(b))
Security, fraud detection, abuse handling, log retention	Legitimate interest (Art. 6(1)(f))
Sending product update emails you can opt out of	Legitimate interest (Art. 6(1)(f))
Analytics, if and when we add it	Consent (Art. 6(1)(a))
Accounting and tax records	Legal obligation under Swedish Bokföringslagen (Art. 6(1)(c))

4. Where your data lives

Primary hosting is on Hetzner Cloud in their Helsinki and Nuremberg datacenters, both inside the EU.

The product makes calls to AI models and other services that route data outside the EU. Specifically:

• Anthropic (US): Claude model serving. This runs the heavy work (code sessions and building). It uses your own Claude account that you connect.
• OpenAI / Codex (US): the default model behind everyday chat.
• OpenRouter (US): routing layer in front of several models, used as a fallback.
• z.ai (China): a Chinese AI model gateway. Off by default. Your chat never touches z.ai unless your organization explicitly turns it on in your settings. If you leave it off, no chat data goes to China.
• ElevenLabs (US): voice text-to-speech, only if you use voice.
• Stripe (Ireland for EU customers, US parent): payments.
• Cloudflare (US and global edge): DNS, CDN, WAF.
• Postmark (US): transactional email.
• Composio (US): the integration provider that holds your OAuth tokens. Your Gmail/Calendar/Drive tokens live here, not on our servers.

Keeping all data inside the EU. The defaults above send model traffic to the US. If you need all processing to stay inside the EU/EES, we offer a local EU package starting from €450/month. It runs your AI, email, token storage, and hosting entirely on EU-based providers (Mistral in France, Brevo, our own EU database, Hetzner). Contact us and we will set it up for your organization.

5. How we move data across borders

For transfers to subprocessors outside the EU we use the European Commission’s Standard Contractual Clauses (SCCs, 2021/914) plus, where the subprocessor offers them, additional safeguards like encryption in transit and at rest. The full list of subprocessors and their locations is at gate.software/legal/subprocessors.

6. How long we keep it

• Active account data: for as long as your account exists.
• After you delete your account: 12 months in cold backups, then permanent deletion.
• Billing records (invoices, tax data): 7 years from the end of the financial year, as required by Swedish Bokföringslagen.
• Security logs: 90 days.
• Abuse and fraud investigation records: up to 12 months after the case is closed.

7. Your rights

Under GDPR you can:

• Access what we hold about you.
• Correct anything that is wrong.
• Delete your account and the data tied to it (subject to the legal retention windows above).
• Export your chat history and workspace files in a portable format.
• Object to processing based on legitimate interest.
• Restrict processing while a dispute is open.
• Withdraw consent for anything we asked consent for, at any time.
• See an activity log of what your bots did on your account: which tools they called and when.

Email legal@gate.software to use any of these rights. We respond within 30 days.

Deleting your account. You can delete your account from your settings. When you do, we remove your account data and revoke your connected OAuth tokens at the integration provider, and we send you a confirmation when it is done. The only things that survive are billing records we are legally required to keep (see retention above).

If you think we are not handling your data correctly, you can also complain to IMY, the Swedish data protection authority (Integritetsskyddsmyndigheten), at imy.se.

8. Subprocessors

A subprocessor is a company we use to deliver part of the service. The full list lives at gate.software/legal/subprocessors and is also in subprocessors.md in this repository. We give 30 days notice before adding a new one.

9. Cookies

We use a small number of cookies, all listed in our Cookie Policy at gate.software/legal/cookies. Strictly necessary cookies (login session, CSRF token) do not need consent. Analytics cookies, if we add them, will only run with your consent.

10. Children

GATE is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has signed up, email us and we will delete the account.

11. Security

We use TLS in transit and AES-256-GCM encryption at rest for the secrets we store (API keys, delegated tokens). Your integration OAuth tokens (Gmail, Calendar, Drive, etc.) are not stored on our servers at all, they live with the integration provider. We use scoped tokens for bots, rate limiting, and audit logs. No system is perfectly secure. If we have a personal data breach that meets the GDPR threshold, we notify IMY within 72 hours and notify affected users without undue delay.

11a. Who can see your data

The bots you run process your content to do the work you ask. Beyond that:

• If you use GATE for your own internal work and you opt out of our product-improvement program, no Wall & Berg staff and no other organization’s bots get access to your content. Your workspace is yours.
• Any access that does happen (for example, support you explicitly ask for) is logged.
• GATE is licensed for your own internal use. It is not a tool to resell or operate on behalf of your own customers without a separate agreement.

12. Changes to this policy

When we change this policy we update the “Last updated” date at the top and, for material changes, email account holders at least 30 days before the new version takes effect.

13. Contact

Wall & Berg AB Ankargränd 2, 111 29 Stockholm, Sweden Email: legal@gate.software (will move to legal@gate.software)