Privacy
How we handle your data
We collect as little as possible and tell you everything we do collect. This page explains it, section by section.
Last updated: 2026-05-19
Who we are
This privacy policy applies to the allowgate.com website. The company behind AllowGate, and the data controller for personal data collected through this site, is:
- Company
- Opservio sp. z o.o.
- Address
- Al. Prymasa Tysiąclecia 16, 05-504 Prace Duże, Poland
- KRS
- 0001216790
- NIP
- 1231595637
- REGON
- 543724743
- Registry court
- Sąd Rejonowy Lublin-wschód w Lublinie, VI wydział gospodarczy
- Share capital
- 15 000,00 PLN
- Contact
- hello@opservio.com
You can reach us at the email address above for anything in this policy: rights requests, questions, complaints. We respond within 30 days, usually faster.
What this policy covers
This page covers the allowgate.com website only - the marketing site, the early-access signup, the contact form, and the analytics and logs that run alongside them.
It does not cover the AllowGate product. The product is a multi-tenant service; data processed inside it is governed by the Data Processing Agreement signed with each tenant, not by this page.
What we collect
We collect data in four narrow places. Each one is listed below with what it is and where it lives.
- Early-access list. Your email address, a consent timestamp, and your responses to the early-access survey, all linked together under the same email. The promise on the homepage holds: messages to this list are only about the early-access programme (design conversations, paid early-access offer). Never marketing.
- Contact form. Your name, email address, and the message you send. Separate from the early-access list - one-off inbound enquiries, not the programme.
- Analytics. Aggregated, cookieless page-view data from our self-hosted analytics. No cookies, no cross-site identifiers, no profiling. IP addresses are truncated and hashed before they reach storage.
- Server logs. IP address, user-agent, requested URL, and timestamp, recorded by the webserver. Used to investigate abuse and diagnose errors.
Why we collect it, and on what legal basis
Under Article 6(1) of the GDPR, every processing operation must rest on a named lawful basis. Ours:
- Early-access list. Your consent - Article 6(1)(a). Withdrawn any time, with no effect on the lawfulness of what came before. Messages are strictly limited to the programme you signed up for; never marketing.
- Contact form. Your consent in submitting it, plus steps taken at your request before entering a relationship - Article 6(1)(a) and (b).
- Analytics. Our legitimate interest in understanding how the site is used - Article 6(1)(f). The data is aggregated and cookieless; there is no profiling and no identification of individual visitors.
- Server logs. Our legitimate interest in keeping the site secure and available - Article 6(1)(f).
Where it lives
Everything described above runs on virtual servers in the European Union, operated by Opservio. The list manager, survey tool, analytics, webserver, and the contact form are all self-hosted.
We do not pass your data to third-party services - no external analytics providers, no email marketing platforms, no CRMs. We do not transfer personal data outside the European Economic Area. If that ever changes, this page changes first.
How long we keep it
Retention is by data type, not a blanket policy:
- Early-access list. Your email and your linked survey responses share one retention rule. We keep them until you opt out (plus a 30-day grace window to make the change reversible), or until the early-access programme closes - whichever comes first. When you opt out, both are deleted together.
- Contact form / inbound email. 24 months from the last message in the thread.
- Analytics. Aggregated and cookieless, so no personal data to expire. Retained indefinitely as aggregates.
- Server logs. 180 days, then deleted.
Encrypted backups follow a separate cycle: data deleted from primary storage can persist in backups for up to 12 months before it rotates out. Backups are used only for disaster recovery.
Your rights
Under the GDPR (Articles 15 to 22), you have the following rights over the personal data we hold about you. Email us to exercise any of them - see the contact in section 1.
- Access. Ask for a copy of the personal data we hold about you.
- Correction. Ask us to fix anything that is wrong or out of date.
- Deletion. Ask us to delete your data. For the early-access list this is the same as opting out.
- Restriction. Ask us to stop processing your data while a dispute is sorted out.
- Portability. Ask for your data in a machine-readable format, or for us to transmit it to another controller.
- Objection. Object to processing based on legitimate interest (analytics, server logs).
- Withdraw consent. For anything we do on the basis of your consent (the early-access list, the contact form), withdraw it any time. Processing before withdrawal stays lawful; everything after stops.
We respond to rights requests within 30 days. There is no identity-verification ceremony - replying from the email address on file is enough.
Complaints
If you are not happy with how we handle your data, you can lodge a complaint with our supervisory authority:
Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl
Automated decisions
This site does not make any decisions about you by automated means, and does not profile you.
The AllowGate product does make automated decisions about software components - the deny/allow output described on the Approach page - but those decisions are about software, not people, and are out of scope for this policy.
Children
This site is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email us and we will delete it.
Changes to this policy
When this policy changes, we update this page and bump the "last updated" date at the top.
Because we promise no newsletter, we have no push channel for change notifications. For material changes, the previous version will remain linked at the bottom of this page so the diff is visible.