Privacy Policy

1Who We Are

GitOps Manager, S.L. is the data controller responsible for personal data collected through GitOps Manager and the gitopsmanager.io website.

Registered in Spain. For all data protection enquiries please use the contact method described in Section 13.

2What Data We Collect

We collect personal data in the following contexts:

Contact form

• Work email address
• Name (optional)
• Message content
• IP address (for security and spam prevention)
• Timestamp of submission

Support chat (verified customers)

• Work email address — used to verify customer status and pre-populate the support chat session
• IP address (for security logging)
• Chat transcript — stored by LiveChat Inc. under their own privacy policy

Product onboarding (marketplace subscribers)

• Full name and company name
• Work email address
• AWS region or Azure region of deployment
• IP ranges (CIDR blocks) — used to whitelist access to your portal
• AWS Marketplace or Azure Marketplace subscription token
• Additional notes you choose to provide
• IP address and timestamp of submission

Technical data (all visitors)

• IP address — processed by Cloudflare Turnstile for bot detection on forms
• We do not use Google Analytics, Facebook Pixel, or any behavioural tracking
• We do not use tracking cookies for advertising purposes

3Cookies and Tracking

We use a minimal set of cookies and third-party scripts. We do not use advertising cookies or build behavioural profiles of visitors.

The LiveChat widget is loaded on all pages. By using our website you acknowledge that LiveChat may set functional cookies necessary for the chat service to operate. You can disable the chat widget by blocking cdn.livechatinc.com in your browser.

We do not currently use analytics cookies. If we introduce privacy-focused analytics in future (such as Cloudflare Web Analytics or Plausible) we will update this policy and notify users.

4How We Use Your Data

• To respond to contact form submissions — we read your message and reply to your email address
• To verify support chat access — we check your email domain against our customer records to confirm you are an active subscriber before opening a live chat session
• To process product onboarding — we use your name, email, region, and CIDR blocks to provision your access to GitOps Manager and whitelist your IP ranges
• To prevent spam and abuse — IP addresses and Turnstile tokens are used to detect and block automated form submissions
• To maintain audit records — message records and onboarding submissions are retained in our database for operational and legal compliance purposes
• To communicate service updates — we may email you about significant changes to GitOps Manager that affect your subscription

5Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)) — processing your onboarding data, CIDR ranges, and email to deliver the GitOps Manager service you subscribed to
• Legitimate interests (Art. 6(1)(f)) — security logging (IP addresses), spam prevention (Turnstile), and responding to contact form enquiries
• Legal obligation (Art. 6(1)(c)) — retaining billing and transaction records as required by Spanish and EU tax law
• Consent (Art. 6(1)(a)) — where you have explicitly agreed to our Privacy Policy before submitting a form

6Data Storage and Processors

Your data is processed and stored using the following AWS and third-party services:

• Amazon Web Services (AWS) — DynamoDB (contact records, onboarding data, tokens), SES (email delivery), CloudFront (CDN and security), Lambda (form processing). Data stored in the EU West (Ireland) region by default.
• LiveChat Inc. — chat transcripts and session data. Governed by the LiveChat Privacy Policy.
• Cloudflare, Inc. — Turnstile bot detection. Governed by the Cloudflare Privacy Policy.
• AWS Marketplace / Azure Marketplace — subscription and billing data is processed by Amazon Web Services or Microsoft under their respective privacy policies.

All data processors are bound by data processing agreements consistent with GDPR requirements.

7Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

• Service processors — AWS, LiveChat, and Cloudflare as described in Section 6, solely to deliver our services
• Legal compliance — if required by applicable law, court order, or regulatory authority
• Business transfer — if GitOps Manager, S.L. is acquired or merges, your data may transfer to the new entity under equivalent privacy protections

8Data Retention

• Contact form messages — retained for 24 months then deleted
• Support chat verification tokens — auto-deleted after 60 minutes via DynamoDB TTL
• Onboarding records — retained for the duration of your subscription plus 30 days after cancellation, unless legal retention obligations apply
• CIDR blocks — retained while your subscription is active, deleted within 30 days of cancellation
• Security and IP logs — retained for 90 days
• Billing and transaction records — retained for 7 years as required by Spanish tax law

9Your Rights

Under GDPR you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data where no legal retention obligation applies
• Right to restriction — request we limit processing of your data in certain circumstances
• Right to portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior processing

To exercise any of these rights, please contact us using the method described in Section 13. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Spain this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.

10Data Breach Notification

In the event of a personal data breach we will:

• Assess the risk to individuals within 24 hours of becoming aware
• Notify the AEPD within 72 hours where required by GDPR Article 33
• Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms

11Children's Privacy

GitOps Manager is an enterprise software product intended for professional use. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has submitted data to us please contact us and we will delete it promptly.

12Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified to active subscribers by email. The current version is always available at gitopsmanager.io/gitops_privacy.html.

Continued use of our services after the effective date of an updated policy constitutes acceptance of the changes.

13Contact Us

For privacy enquiries, data subject requests, or questions about this policy please contact us via the support form on gitopsmanager.io.

Enter your work email address in the General Enquiries form. We operate a verified contact system — you will receive a one-time secure link by email to submit your message. This confirms your email address can receive replies and helps prevent spam.

GitOps Manager, S.L.
Registered in Spain
support@SUPPORT_gitopsmanager.io