Privacy Policy

GAMVIS (\"we\", \"us\", \"our\") operates the customer service platform available at gamvis.pro and related products (collectively, the \"Service\"). This Privacy Policy describes how we process personal data of visitors, account holders and end users who interact with our customers through the Service.

We act as a data controller for information about our own account holders and website visitors, and as a data processor for end-user data that our customers route through the Service.

We collect the following categories of personal data:

• Account data: name, work email, company, role, password hash, billing details.
• Usage data: pages visited, features used, device, browser, IP, approximate location.
• Customer content: tickets, chats, calls, attachments and contact records uploaded by our customers.
• Communications: emails, support requests, and survey responses you send us.

We use personal data to:

• provide, secure and improve the Service;
• authenticate users and prevent fraud or abuse;
• process payments and manage subscriptions;
• send service notices and, with consent, marketing messages;
• comply with legal obligations and enforce our agreements.

Where the GDPR applies, we rely on the following legal bases: performance of a contract (providing the Service), legitimate interests (securing and improving the Service), consent (marketing and non-essential cookies), and compliance with legal obligations.

We share personal data with vetted sub-processors that help us operate the Service (cloud hosting, email delivery, analytics, payment processing). A current list of sub-processors is available on request. We do not sell personal data.

We retain personal data for as long as your account is active and for up to 12 months after termination, unless a longer period is required by law. Backups are rotated within 35 days.

Depending on your jurisdiction, you may have the right to access, correct, delete, export or restrict processing of your personal data, and to lodge a complaint with a supervisory authority. To exercise these rights, email [email protected].

We protect data with TLS 1.2+ in transit, AES-256 at rest, role-based access controls, SSO for staff, continuous logging and annual penetration tests. No system is perfectly secure; we will notify affected users of any incident in line with applicable law.

Data may be processed in the EU, the UK and the United States. Where required, we rely on Standard Contractual Clauses and supplementary measures to safeguard transfers.

We may update this Privacy Policy from time to time. Material changes will be announced in-product or by email at least 14 days before they take effect.