Privacy

Privacy Policy

Goletro Technologies Pvt Ltd ("Goletro", "we", "us", "our") operates Goletro — an application deployment platform that makes it easy to deploy and manage apps on any server. This Privacy Policy explains what personal information we collect, how we use and protect it, when we share it, and what rights you have over your data. By creating a Goletro account or using our services, you agree to the practices described in this policy.

Last updated: March 11, 2026

Table of contents

  1. 01Who we are
  2. 02Information we collect
  3. 03How we use your information
  4. 04Legal basis for processing (GDPR)
  5. 05Data storage and security
  6. 06Data sharing and sub-processors
  7. 07International data transfers
  8. 08Your rights
  9. 09Data retention
  10. 10Cookies and tracking
  11. 11Children's privacy
  12. 12Changes to this policy
  13. 13Contact
01

Who we are

  • Goletro Technologies Pvt Ltd is a company incorporated under the laws of India, with its registered office in Pune, Maharashtra, India.
  • Goletro is our primary product — an application deployment platform that lets users connect their own servers, deploy applications, manage domains, configure SSL certificates, monitor server health, and automate backups.
  • The marketing website is available at goletro.com. The Goletro app is available at app.goletro.com.
  • For any privacy-related questions, you can reach us at our contact page.
02

Information we collect

  • Account information: When you register for Goletro, we collect your full name, email address, and a hashed password. Passwords are never stored in plaintext.
  • Profile and workspace data: You may optionally provide a profile photo, company name, and billing address. Workspace names and team member information (names and emails of invited users) are also stored.
  • Server connection data: To allow Goletro to manage your servers, we store encrypted server credentials including IP addresses and SSH key references. We never store root passwords or plaintext SSH private keys. All server credentials are encrypted at rest using industry-standard authenticated encryption.
  • Application and deployment data: We store configuration metadata for applications you deploy — such as app names, environment variable keys (not values), port mappings, and deployment history logs. Sensitive environment variable values are encrypted before storage.
  • Domain and SSL data: Domain names you configure, DNS settings, and SSL certificate metadata are stored to manage your custom domain configurations.
  • Usage data: We collect information about how you use Goletro, including pages visited, features accessed, dashboard actions performed, and timestamps of those actions.
  • Log and diagnostic data: Server-side logs capture API request details, IP addresses, browser type, and error traces for debugging, security monitoring, and performance analysis.
  • Payment information: All billing is handled by Stripe. We store your billing plan, subscription status, invoice history, and the last 4 digits of your card on file. We do not store full card numbers, CVV codes, or banking credentials.
  • Support communications: If you contact us by email or through our contact form, we store the content of your messages and our replies to provide support and improve our service.
  • Cookies and session data: We use essential cookies for session authentication and CSRF protection. No advertising or tracking cookies are used.
03

How we use your information

  • To provide the Goletro: managing your server connections, executing deployments, monitoring uptime, rotating SSL certificates, and running scheduled backups.
  • To authenticate you: verifying your identity on login, managing session tokens, and enabling two-factor authentication.
  • To process payments: validating your subscription status, generating invoices, and processing billing through Stripe.
  • To send transactional emails: account confirmations, password resets, invoice receipts, security alerts, and critical service notifications. You cannot opt out of transactional emails while your account is active.
  • To send product communications: feature announcements, changelog updates, and tips on using Goletro. You can unsubscribe from these at any time via the link in each email or from your account notification settings.
  • To improve the product: analysing usage patterns, identifying underused features, and understanding how users navigate Goletro to prioritise product improvements.
  • To ensure security and prevent abuse: detecting fraudulent account activity, investigating potential violations of our Terms, and protecting against unauthorized access.
  • To comply with legal obligations: responding to lawful requests from government authorities, enforcing our Terms, and resolving disputes.
04

Legal basis for processing (GDPR)

  • If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
  • Contract performance: Processing your account information and server data is necessary to deliver the Goletro you signed up for.
  • Legitimate interests: We process usage data, log data, and security-related data based on our legitimate interest in operating a secure, reliable service. This processing does not override your rights.
  • Legal obligation: We may process data to comply with applicable laws, including tax, accounting, and law enforcement obligations.
  • Consent: Where we rely on your consent (e.g. for marketing emails), you may withdraw that consent at any time without affecting the legality of prior processing.
05

Data storage and security

  • Infrastructure: Goletro data is stored on servers hosted by Hetzner Cloud (Germany, EU) and Amazon Web Services (EU regions). All data is stored within the European Union by default.
  • Encryption at rest: All databases and object storage are encrypted at rest. Server credentials and sensitive environment variable values are encrypted at rest using industry-standard authenticated encryption and are never stored in plaintext.
  • Encryption in transit: All communication between your browser, Goletro, and your servers uses TLS 1.2 or higher. We enforce HTTPS across all endpoints.
  • Access controls: Production database access is restricted to a minimal set of engineers. All production access is authenticated, logged, and audited. We use role-based access controls internally.
  • Security practices: We conduct regular security audits, dependency vulnerability scanning, and periodic penetration testing. Security issues can be reported via our contact page at goletro.com/contact.
  • Backups: Database backups are taken daily and retained for 14 days. Backups are encrypted at rest using the same standards as production data.
  • Incident response: In the event of a data breach, we will notify affected users within 72 hours of becoming aware, as required by applicable data protection laws.
06

Data sharing and sub-processors

  • We do not sell, rent, or trade your personal information to third parties.
  • We share data only with the following sub-processors who help us deliver the service, each evaluated for GDPR compliance and bound by data processing agreements:
  • Stripe — Payment processing and subscription management (United States, EU data residency available).
  • Amazon Web Services — Cloud infrastructure and object storage (EU regions).
  • Hetzner Cloud — Primary server infrastructure (Germany, EU).
  • Postmark by ActiveCampaign — Transactional email delivery.
  • Sentry — Application error monitoring and performance tracing.
  • Plausible Analytics — Privacy-first, cookie-free analytics on our marketing website. No personal data is collected.
  • We may disclose your information if required by law, court order, or a valid governmental request. We will notify you of such requests unless prohibited from doing so by law.
  • In the event of a merger, acquisition, or sale of substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.
07

International data transfers

  • Goletro Technologies is based in India. If you are located in the EEA, UK, or other regions with data transfer restrictions, your personal data may be transferred to and processed in India and other countries where our sub-processors operate.
  • For transfers from the EEA or UK to third countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other appropriate safeguards.
  • You may request information about the specific safeguards we apply to your data transfers by contacting our contact page.
08

Your rights

  • Right of access: You can request a copy of all personal data we hold about you. Most data is available directly in your account settings.
  • Right to rectification: You can update your name, email address, and other account information at any time from your account settings.
  • Right to erasure ("right to be forgotten"): You can delete your account at any time. Account deletion permanently removes all personal data within 30 days, except where we are required by law to retain certain records.
  • Right to data portability: You can export your Goletro account data (configurations, deployment history, server metadata) in JSON format from your account settings.
  • Right to restriction: You can request that we restrict the processing of your personal data in certain circumstances, such as while you contest its accuracy.
  • Right to object: You can object to processing based on our legitimate interests. We will stop processing unless we have compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on consent (e.g. marketing emails), you can withdraw at any time via the unsubscribe link or from notification settings.
  • To exercise any of these rights, email our contact page with the subject "Privacy Request". We will respond within 30 days.
  • If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
09

Data retention

  • Account data is retained for as long as your account is active. Once you delete your account, personal data is purged within 30 days.
  • Billing records and invoices may be retained for up to 7 years to comply with applicable tax and accounting laws.
  • Server and application logs are retained for 90 days, after which they are automatically deleted.
  • Support communications are retained for up to 3 years to help resolve recurring issues.
  • Anonymised, aggregated usage data may be retained indefinitely for product analytics purposes.
10

Cookies and tracking

  • Goletro uses only essential cookies: session authentication tokens and CSRF protection tokens. No advertising, tracking, or analytics cookies are placed by the application.
  • Our marketing website (goletro.com) uses Plausible Analytics — a privacy-first, open-source analytics tool that does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR.
  • We do not use third-party advertising networks, retargeting pixels, or cross-site tracking technologies anywhere on our platform.
11

Children's privacy

  • Goletro is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16.
  • If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete that information promptly.
  • If you believe a child under 16 has provided us with personal data, please contact our contact page.
12

Changes to this policy

  • We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.
  • For material changes — such as new categories of data collected or new sharing practices — we will notify you by email at least 14 days before the change takes effect.
  • Continued use of Goletro after a policy change constitutes acceptance of the updated policy. If you disagree with the updated policy, you may close your account before the change takes effect.
13

Contact

  • For general privacy enquiries: our contact page
  • For data deletion or GDPR rights requests: our contact page — subject line "Data Request"
  • For security vulnerability disclosures: goletro.com/contact
  • Postal address: Goletro Technologies Pvt Ltd, Pune, Maharashtra, India

Questions about this document? Contact us. Last updated March 11, 2026.