Portal | Gestru

Gestru

Last updated: February 19, 2026

IMPORTANT

Information We Collect

We collect various types of information to provide and improve our services

Personal Information

Name, email address, and profile information when you register
Microsoft account information when you authenticate (email, name, profile picture)
Organization and department affiliation
Communication preferences and settings
Usage data and analytics to improve our services

Microsoft Entra ID Authentication

Microsoft account credentials for secure authentication
Profile information from your Microsoft account
OAuth tokens (encrypted and stored securely)
We do NOT access your Microsoft account without explicit permission
Authentication is handled through Microsoft Entra ID (Azure AD)

Cookies and Tracking

Session cookies for authentication and security
Analytics cookies to understand usage patterns
Preference cookies to remember your settings
Third-party cookies from Microsoft services (when connected)

How We Use Your Information

Your information helps us provide and improve our services

Service Provision

Authenticate and authorize your access
Manage expense reports and financial documents
Process credit card transactions and bank statements
Handle holiday requests and approvals
Manage ticketing and support requests
Manage your profile and preferences
Provide customer support

Improvement & Analytics

Analyze usage patterns and trends
Improve user experience and features
Identify and fix technical issues
Develop new functionality

Data Security

We implement industry-standard security measures to protect your data

Encryption

All data transmitted over HTTPS/TLS
OAuth tokens encrypted at rest
Database-level encryption
Secure key management

Access Control

Role-based access controls
Multi-factor authentication
Session management
Regular security audits

Data Sharing and Third Parties

We are committed to protecting your privacy and only share data when necessary

We DO NOT sell, rent, or trade your personal information

Your personal information is only shared in the following limited circumstances:

Microsoft Services: Only when you authenticate using Microsoft Entra ID, in accordance with Microsoft's privacy policy
Service Providers: Trusted third parties who help us operate our services (hosting, analytics, cloud storage, etc.)
Legal Requirements: When required by law or to protect our rights and safety
Business Transfers: In case of merger, acquisition, or sale of assets (with notice)

Your Rights and Choices

You have control over your personal information

Access and Control

View and update your profile information
Download your data (GDPR compliance)
Delete your account and data
Manage organization access and permissions
Revoke Microsoft account access through your Microsoft account settings

Communication Preferences

Opt-out of marketing communications
Control notification settings
Manage cookie preferences
Update privacy settings

Data Retention

How long we keep your information

Active Accounts: Data is retained while your account is active

Inactive Accounts: Data is deleted after 2 years of inactivity

Deleted Accounts: Data is permanently deleted within 30 days

Legal Requirements: Some data may be retained longer if required by law

Children's Privacy

Our services are not intended for children under 13

We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time

We will notify you of any material changes to this policy by:

Posting the updated policy on our website
Sending an email notification to registered users
Displaying a notification in the application

Important: Continued use of our services after changes constitutes acceptance of the updated policy.

Questions about this privacy policy?

If you have any questions about this privacy policy or our data practices, please contact us:

Email: team@gestru.com
Company: Gestru