Privacy Policy
Last updated: February 19, 2026
IMPORTANT
Information We Collect
We collect various types of information to provide and improve our services

Personal Information

  • Name, email address, and profile information when you register
  • Microsoft account information when you authenticate (email, name, profile picture)
  • Organization and department affiliation
  • Communication preferences and settings
  • Usage data and analytics to improve our services

Microsoft Entra ID Authentication

  • Microsoft account credentials for secure authentication
  • Profile information from your Microsoft account
  • OAuth tokens (encrypted and stored securely)
  • We do NOT access your Microsoft account without explicit permission
  • Authentication is handled through Microsoft Entra ID (Azure AD)

Cookies and Tracking

  • Session cookies for authentication and security
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings
  • Third-party cookies from Microsoft services (when connected)
How We Use Your Information
Your information helps us provide and improve our services

Service Provision

  • Authenticate and authorize your access
  • Manage expense reports and financial documents
  • Process credit card transactions and bank statements
  • Handle holiday requests and approvals
  • Manage ticketing and support requests
  • Manage your profile and preferences
  • Provide customer support

Improvement & Analytics

  • Analyze usage patterns and trends
  • Improve user experience and features
  • Identify and fix technical issues
  • Develop new functionality
Data Security
We implement industry-standard security measures to protect your data

Encryption

  • All data transmitted over HTTPS/TLS
  • OAuth tokens encrypted at rest
  • Database-level encryption
  • Secure key management

Access Control

  • Role-based access controls
  • Multi-factor authentication
  • Session management
  • Regular security audits
Data Sharing and Third Parties
We are committed to protecting your privacy and only share data when necessary

We DO NOT sell, rent, or trade your personal information

Your personal information is only shared in the following limited circumstances:

  • Microsoft Services: Only when you authenticate using Microsoft Entra ID, in accordance with Microsoft's privacy policy
  • Service Providers: Trusted third parties who help us operate our services (hosting, analytics, cloud storage, etc.)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice)
Your Rights and Choices
You have control over your personal information

Access and Control

  • View and update your profile information
  • Download your data (GDPR compliance)
  • Delete your account and data
  • Manage organization access and permissions
  • Revoke Microsoft account access through your Microsoft account settings

Communication Preferences

  • Opt-out of marketing communications
  • Control notification settings
  • Manage cookie preferences
  • Update privacy settings
Data Retention
How long we keep your information

Active Accounts: Data is retained while your account is active

Inactive Accounts: Data is deleted after 2 years of inactivity

Deleted Accounts: Data is permanently deleted within 30 days

Legal Requirements: Some data may be retained longer if required by law

Children's Privacy
Our services are not intended for children under 13

We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy
We may update this privacy policy from time to time

We will notify you of any material changes to this policy by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notification in the application

Important: Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us
Questions about this privacy policy?

If you have any questions about this privacy policy or our data practices, please contact us:

  • Email: team@gestru.com
  • Company: Gestru