We are CUBE ROOT, UNIPESSOAL LDA ("Gendalf","we", "us" and"our"). In this Privacy and Cookies Notice (this "Notice") for https://gendalf.ai/ (the "Site") and any other sites, apps and related services we provide (together, our "Service"), we explain who we are, why and how we collect, store and use (together, "process" or "processing") information that relates to you (your "personal information"), your rights and how to contact us. We also set out information regarding our use of cookies and similar technologies.
Your privacy is important to us. Gendalf is committed to respecting and protecting your privacy regarding any information we may collect from you across our Service. By engaging with our Service you acknowledge you have read and understood this Privacy Notice.

If you have any questions about how we protect your personal information, please contact us: [email protected].

Who is responsible for your personal information
We are the data controller of your personal information that we collect when you use our Site, purchase Gendalf products on behalf of your organisation or manage your organisation's company account on the Service. This means we are responsible for treating this personal information safely, in accordance with applicable data protection and privacy laws. This Notice sets out how we use that personal information. If your organisation uses our Service, you or your organisation may provide us with information about you as part of their use of the Service. Except where this Notice explains otherwise, your organisation is the controller, and we are a data processor in respect of this personal information.This means we hold this information on your organisation's behalf and they tell us why and how to use it. You should refer to your organisation's privacy policy for further information about how this personal information will be used.Please contact your organisation if you have any questions about their use of your personal information.

What information we process
We explain what categories of information we collect (and how) in this section, and what we do with each of the categories in the next section.
You provide us with
When you interact with us (for example, registering on our Site, or sending us an e-mail), we collect the following categories of personal information:

• Contact: including first and last name, company e-mail address, job title, and phone number(s). We may also collect any social media handle used to connect with our customer service team.
• Communications: any correspondence and communications with us, including any queries you submit or feedback you provide to us. This covers information we learn about you from:
• emails;
• audio recording of calls; and
• face-to-face conversations you have with us.
• Business Development: information about events to which you are invited, preferences related to managing those events, and information that you give us or we otherwise obtain when you visit us.
• Marketing: you may also provide us with your personal marketing preferences in relation to direct email marketing.
• Company Account: information used to administer your company account, including information regarding payments you make in relation to the Service.

It is important that the personal information we hold about you is accurate and current. Please let us know if you need to update your information.
Other parties may provide us with
We receive the following information about you from other parties:

• Engagement: We may post content on social media websites, such as LinkedIn. If you engage with this content, we may see your profile information and any comments. We may also see aggregated engagement statistics; these do not contain any personal information.

We will inform you via this Notice (or at the time) if and when we receive information about you from any other third parties, and explain how and why we intend to use that information (including when combining it with information we already hold).

We automatically collect
We automatically collect the following personal information regarding how you access and use the Service:

• Technical information;
• Information about your visit; and
• Tracking pixel data.
• Technical information may include:
• Internet Protocol (IP) address;
• login information;
• browser type and version;
• browser plug-in types and versions;
• device IDs;
• Google ID/email address;
• time zone setting;
• operating system and platform;
• hardware version;
• device settings (e.g. language and time zone); and
• information relating to your mobile operator or Internet Service Provider (ISP).
• Information about your visit may include:
• full Uniform Resource Locators (URLs);
• page response times & download errors;
• page interaction data (including data relating to scrolling, clicks, length and frequency of visits, type of content engaged with, and mouse-overs); and
• methods used to browse away from a page.
• Tracking pixel data about how you engage with emails (when an email is opened, how long it is open for, and when it is deleted).

We will only place tracking pixels in emails where we have your explicit consent to do so. You may withdraw this consent at any time.
How and why we use your information
We use your personal information for different purposes, each in reliance on a different legal basis (or legal bases). We explain how we use the categories of personal information, and what legal basis (or bases) permit this use, below. We explain more about what each legal basis means below.
Information you provide to us:

Contact Information
How it is used:

• To provide our Site to you, including tailoring how the Site is displayed.
• To set up and authenticate your account when signing up on behalf of your organisation.
• To respond to your requests for booking a demo.
• To communicate with your organisation, respond to queries or complaints, and send service-related communications.
• To send unsolicited marketing communications in accordance with your preferences.
• To collect and record feedback regarding our Service.

Legal bases for processing:

• Legitimate interest in tailoring the Site to be more relevant to users.
• Legitimate interest in providing the Service to your organisation.
• Consent is required for unsolicited marketing communications.
• Legitimate interest in resolving issues and improving the Service.

Communications
How it is used:

• To communicate with your organisation and send service-related updates.
• To record audio calls (with your consent) for internal training and Service improvements.

Legal bases for processing:

• Legitimate interest in customer service and support.
• Consent for call recordings and training purposes.

Business Development
How it is used:

• To organise and host events you are invited to.
• To record your preferences for events.

Legal bases for processing:

• Legitimate interest in hosting events for customer benefit.
• Legitimate interest in accommodating your event preferences.

Marketing
How it is used:

• To send notifications, news, alerts, and marketing communications.
• To comply with legal obligations for consent-based marketing.

Legal bases for processing:

• Legitimate interest in sending tailored communications.
• Compliance with legal obligations for consent.

Company Account
How it is used:

• To administer your organisation's account.
• To facilitate your organisation's payments.
• To maintain transaction records and handle complaints or queries.

Legal bases for processing:

• Legitimate interest in providing support and managing accounts.
• Legitimate interest in maintaining proper records and resolving queries.

Engagement
How it is used:

• To monitor engagement and interactions with social media posts.

Legal bases for processing:

• Legitimate interest in evaluating social media effectiveness.

Technical Information (Automatically Collected)
How it is used:

• To provide and tailor the Site for users.
• To monitor and improve the Service, resolve issues, and inform new product development.
• To detect fraud or suspicious activity.
• To localise features of the Service.
• To determine products and services of interest for marketing purposes.

Legal bases for processing:

• Legitimate interest in tailoring and improving the Service.
• Legitimate interest in fraud detection and localisation.
• Legitimate interest in informing direct marketing.

Information About Your Visit
How it is used:

• To present the Service on your device.
• To monitor and improve the Service and inform new product development.

Legal bases for processing:

• Legitimate interest in tailoring and improving the Service.

Tracking Pixel Data
How it is used:

• To monitor interactions with marketing communications and tailor them to your interests.

Legal bases for processing:

• Consent is required for tracking pixel usage.

Our promotional updates and communications
With your prior consent (or where permitted in our legitimate interest), we will use your personal information for marketing analysis and to provide you with promotional update communications, by email or by calls, about our services.
You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email at [email protected].
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at [email protected]. If we process your personal information for any new purpose, we will notify you (via updating this Notice, and letting you know we have updated it) and we will explain the legal basis which allows us to do so.

Legal bases explained
We rely on the following lawful bases for processing your personal information, as set out in detail in the table above. Please contact us if you would like further details about the specific legal basis we are relying on to process your personal information.
Consent: We may rely on consent to process your personal information if you submit a query to us, for example if you submit a request to book a demo of Gendalf.
We'll use your personal information for promotional or marketing purposes if you have given your consent to us doing so. For more information, please refer to Our Promotional Updates and Communication section.
You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional communications to you or by sending us an email at [email protected]
Contract: We collect, store and process your personal information where it is necessary for performing a contract you have with us (such as our Terms of Service), or where you have asked us to take specific steps before entering into that contract.
Legal Obligation: We may need to process your personal information to comply with applicable legal obligations and statutory obligations and regulatory rules and guidance, including under applicable EU and local law (including data protection law), and/or any court orders.
Legitimate interests: as indicated in the tables above, processing your personal information is sometimes necessary for our own interests, or sometimes the interests of a third party.
These legitimate interests are only valid if they are not outweighed by your rights and interests. If you would like further information about how we assess our legitimate interests, please contact us at [email protected].
We also use different types of cookies (including automatically collected information) on our Service with your consent – we explain this in the Cookies section.

Who we share your personal information with
We may share your personal information with:

• Any member of the Gendalf group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal information under this Notice. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
• Appropriate third parties including:
• Our business partners, suppliers or sub-contractors which support the performance of any contract we enter into or other dealings we have in the normal course of business with you.
• Our service providers, who process your personal information on our behalf and in accordance with our instructions and data protection law.
• We partner with OpenAI and use their GPT3.5 and GPT4 models. Any data relevant to the query made may be passed to the third-party model as obtained from the users BigQuery Data source. The purpose of sharing this data is to use its capability to enable human language queries to be deciphered by software. Data shared will not be used to train the models. By selecting the option to connect to a particular integration (eg Big Query) you are agreeing to share data with the relevant model powering the integration. We have an enterprise partnership with OpenAI, who have a robust commitment to data security, privacy and compliance. You can read more about OpenAI's approach to data security, privacy and compliance here.

This includes:

• technology providers who support the services we offer to you, for example, by hosting websites, storing data, or providing IT support services;
• payment services providers; and
• companies that help us distribute any communications we send, update marketing lists, facilitate feedback on our services and/or the electronic signing of documents.

These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.

• Our regulators, law enforcement and other parties for legal reasons as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms of Service; and/or (iii) exercise or protect the rights, property, or personal safety of Gendalf, its users or others.
• Purchasers and third parties in connection with a business transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
• Analytics and search engine providers that assist us in the improvement and optimisation of our Service, subject to the Cookie section of this Notice.
• Our auditors, legal advisors, and other professional advisors.
• Anyone who you give us your prior explicit permission to share it with.

Where we store your information & international transfers
Gendalf is based in the European Union (EU). We may transfer your personal information to one or more countries outside of EU or the jurisdiction you are in where we and our third-party service providers have operations. Your personal information may therefore be processed outside of the EU.
Where we transfer your personal information outside of the EU, these international transfers of your personal information will be made pursuant to appropriate safeguards, including:

• ensuring that recipients or the country in which they are located are deemed by the European Commission to provide adequate protection for personal information; and
• ensuring that transfers are subject to standard contractual clauses approved by the European Commission for the transfer of personal information.

If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Notice.
The servers used to process your personal information collected from this website are located in the EU, but we collect information from wherever users are situated. The information that we collect may therefore be transferred to the EU from any other country in which you may be located.

Why do we transfer it?
We may transfer your personal information outside the EU:

• in order to store it;
• in order to enable us to provide our Service to you and fulfil our contract with you;
• where we are legally required to do so; and
• in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

We may transfer your personal information as follows:

Slack Technologies, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Google LLC

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Asana, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Dropbox, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Trello, Inc. (under Atlassian, Inc.)

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

GitHub, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Segment.io, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Facebook, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Intercom, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Cloudflare, Inc.

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Heap Analytics

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

LinkedIn LLC

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Salesforce

• Country: Malta, Europe
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Sentry

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Stripe

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Zendesk

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Customer IO

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Funnelbeam

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Outreach

• Country: USA
• Transfer Safeguard: Standard Contractual Clauses approved for the international transfer of personal data.

Gendalf's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements

How we protect your information
Unfortunately, the transmission of information via the internet is not completely secure. We do our best to protect your personal information, but we cannot guarantee the security of your personal information transmitted to our Service; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
If you have a Gendalf account, we recommend using a strong, unique password for your account and making sure you keep your password confidential.

External sites
Our Service may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Gendalf does not accept any responsibility or liability for these policies or any content on external sites and does not necessarily endorse the views expressed within them. Gendalf has no control over the availability of any of these websites. Please check each site's policies before you submit any personal information to these websites.

Data Deletion Policy
Gendalf's Data Deletion Policy describes how customer data is deleted in connection with the cancellation or termination of a Gendalf account.
This policy applies to all data collected by Gendalf except:

• data that resides in any Gendalf product or service not covered by this policy
• data that resides in third-party services managed and hosted by third parties, with the exception of the company's infrastructure provider
• data that resides in Gendalf products or services that are in beta, testing, or an early access program

By default, a customer's data is stored for the duration of their contract with Gendalf.
The data may be deleted 90 days after the contract ends, at the latest, with the exception of data that is required to establish proof of a right or a contract, which will be stored for the duration provided by enforceable law.

How long we keep your information
If you have an account with us, we will hold your personal information for so long as you use our Service and/or have your account with us in order to meet our contractual obligations to you, and for 6 years after that to identify any issues and resolve any legal proceedings. (We may retain your personal information for a longer period in the event of a complaint, if we reasonably believe there is a prospect of legal proceedings in respect of our relationship with you, or we are aware of pending or ongoing legal proceedings with you.)
We otherwise process personal information only for so long as is necessary to fulfil the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements, after which it will be deleted or archived. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you and you cannot be re-identified). This anonymised data (for example, aggregated statistics) is no longer personal information, and we may keep and use this anonymised information indefinitely without further notice to you, to help us provide, develop and improve our services.

Your rights
Under data protection law, you have a number of rights in respect of your personal information that we process.
If you are in the UK or the EEA you have the following rights, under certain circumstances:

• Right of access. You have the right to obtain:
• to be provided with a copy of your personal information held by us;
• to request the correction or deletion of your personal information held by us;
• to request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example);
• to object to the further processing of your personal information, including the right to object to marketing; and
• to request that your provided personal information be moved to a third party.
• Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
• Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
• Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
• Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
• Right to withdraw consent. If you have provided consent for the processing of your personal information, you have the right to withdraw your consent, including to withdraw consent to marketing.
• Right to object. You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case.

How to exercise your rights
If you have any questions about how we handle your personal information or wish to exercise any of your legal rights you can contact us by writing to us at [email protected]. If our processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.
The Information Commissioner's Office (ICO) is the UK data protection supervisory authority, and can provide further information about your rights and our obligations in relation to your personal information, and deal with any complaints you may have about our processing of your personal information (please visit their website at www.ico.org.uk). You may also approach your local data protection authority (see European Commission: Data Protection - Data Protection Authorities). We would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please do contact us by writing to us at [email protected] in the first instance.

Changes to this notice
This Notice was last updated in DECEMBER, 2024.
Any changes we make to this Notice in the future will be posted on this page. If we make any substantive changes, we may notify you by e-mail, website pop-ups or in-app notifications within this page or the Service.

Contact Us
We welcome your feedback and questions. We can be contacted as follows:
Email: [email protected]

Cookies
Like most websites and apps, we use cookies to distinguish you (or your device) from other users of our Site. Cookies help us provide you with a better browsing experience and also allows us to monitor and analyse how you use and interact with our Site so that we can continue to improve our Site. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.
What are cookies?
Cookies are small amounts of information that are stored on your browser or the hard drive of your device to enable our server to collect certain information from your web browser. Our Service uses cookies and/or other similar technologies such as device-IDs or in-App codes to collect and store certain information. Cookies in themselves do not identify the individual, but do collect information about your computer, browser, online session, the websites you visit and other information.
Third party advertising cookies will be stored for a maximum of 180 days. Except for essential cookies, all other cookies used on our site will be stored for a maximum of 12 months.
We may use the following types of cookies
You can find more information about the individual cookies we use and the purposes for which we use them here:

• Strictly necessary cookies. These are cookies that are required for the operation of our Site and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Site.

Gendalf Session Cookie

• Cookie Name: qsid
• Purpose: Identifies a user and their Gendalf preferences for this Site.

Cloudflare Cookies

• Cookie Name: cfmrk_cic
• Purpose: Used by Cloudflare to route user traffic for this Site.
• Cookie Name: __cfuid
• Purpose: Used by Cloudflare to route user traffic for this Site.
• Cookie Name: sparrow_id
• Purpose: Used by Cloudflare for optimisation and security.

• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us, subject to your choices and preferences, to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily.

Segment User Identifier Cookies

• Cookie Name: ajs_user_id
• Purpose: Used by Segment to identify logged-in users on this Site.
• Cookie Name: ajs_anonymous_id
• Purpose: Used by Segment to identify non-logged-in users on this Site.

Hotjar Identifier Cookies

• Cookie Name: _hjSessionUser_{site_id}
• Purpose: Used by Hotjar to ensure data from subsequent visits to the same site are attributed to the same user ID.
• Cookie Name: _hjid
• Purpose: Used by Hotjar to ensure data from subsequent visits to the same site are attributed to the same user ID.

Google Analytics Tracker Cookies

• Cookie Name: _ga
• Purpose: Used by Google to measure and understand how visitors use this Site.
• Cookie Name: _gid
• Purpose: Used by Google to measure and understand how visitors use this Site.

Heap Analytics Tracker Cookies

• Cookie Name: _hp2_id.2172297888
• Purpose: Used by Heap to measure and understand how visitors use this Site.
• Cookie Name: _hp2_ses_props.2172297888
• Purpose: Used by Heap to measure and understand how visitors use this Site.
• Cookie Name: _hp2_props.2172297888
• Purpose: Used by Heap to measure and understand how visitors use this Site.

• Functionality cookies. These are used to recognise you when you return to our website. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your choice of language or region).

Gendalf Redirect Cookie

• Cookie Name: qred
• Purpose: Used for redirecting users after logging into this Site.

Intercom Cookies

• Cookie Name: intercom-id-js8b5nbz
• Purpose: Used to personalize in-app help/customer service requests on this Site.
• Cookie Name: intercom-session-js8b5nbztd
• Purpose: Used to personalize in-app help/customer service requests on this Site.

• Targeting/Advertising cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information, subject to your choices and preferences, to make our site/app more relevant to your interests. We may also share this information with third parties for this purpose.

Facebook Cookie

• Cookie Name: _fbp
• Purpose: This cookie is used to provide you with more relevant advertising across Facebook.

Bing Cookie

• Cookie Name: _uetsid
• Purpose: This is a tracking cookie utilised by Microsoft Bing Ads. It allows us to engage with a user who has previously visited our website.

We may also work with advertising networks that gather information about the content on our site you visit and on information on other websites and services you visit. This may result in you seeing our advertisements when you visit other websites and services of third parties. For more information about how to turn this feature off see below or visit www.youronlinechoices.eu.
Disabling cookies
The effect of disabling cookies depends on which cookies you disable but, in general, the website may not operate properly if all cookies are switched off.
If you want to disable cookies on our website, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.
Microsoft Internet Explorer

• Select the Tools menu > Internet Options
• Click on the Privacy tab
• Click on Advanced within the Settings section and select the appropriate setting

Google Chrome

• Select Settings > Advanced
• Under Privacy and Security > Content settings.
• Click Cookies and select the relevant options

Safari

• Select Preferences > Privacy
• Click on Remove all Website Data

Firefox

• Choose the Tools menu > Options
• Click on the Privacy icon
• Select the Cookie menu and select the relevant options

Opera 6.0 and further

• Choose Files menu > Preferences
• Select Privacy