Privacy Policy

01 Who we are

This Privacy Policy applies to Gostrata Ltd ("Gostrata", "we", "us", or "our"), a company registered in the Union of the Comoros and operating the website gostrataltd.com.

For the purposes of the EU General Data Protection Regulation (GDPR) and equivalent privacy laws, Gostrata Ltd is the data controller of personal data collected through this website.

02 What personal data we collect

We only collect personal data that you actively provide or that is generated through normal website use. Specifically:

Information you give us

• Name, email address, and company name when you submit our contact form
• The content of any message or inquiry you send us
• Any additional information you choose to share with us by email

Information collected automatically

• Basic technical data such as IP address, browser type, device type, and approximate location (country/region level only)
• Pages visited, time spent, and referrer URLs (aggregated and anonymized)

We do not collect special categories of personal data (such as health, religious, political, or biometric data), and we do not knowingly collect data from children under 16.

03 How we use your data

Your personal data is used solely for the following purposes:

• To respond to your inquiries — when you contact us through the form or by email
• To provide our services — if we enter into a business engagement
• To improve our website — through aggregated, anonymized analytics
• To meet legal obligations — such as bookkeeping, tax compliance, or regulatory requests

We do not sell, rent, or trade your personal data. We do not use your data for automated decision-making or profiling.

04 Legal basis for processing

Under GDPR, we rely on the following legal bases to process your personal data:

• Consent — when you voluntarily submit a contact form or sign up for communications
• Contract performance — when processing is necessary to deliver services to a client
• Legitimate interests — for general business administration, website security, and improving our services, balanced against your rights and freedoms
• Legal obligation — to comply with applicable laws and regulations

05 Who we share data with

We share your personal data only with carefully selected third parties who help us operate this website and our business. Current processors include:

• Web3Forms — to receive and forward contact form submissions to our team
• Our email and hosting providers — to receive correspondence and deliver this website
• Professional advisors — accountants, lawyers, or auditors, where strictly necessary for legal or tax compliance

All processors are bound by data processing agreements requiring them to handle your data securely and only on our instructions. We do not share personal data with advertisers, data brokers, or any third party for marketing purposes.

We may also disclose personal data if required by law, court order, or to protect our legal rights.

06 How long we keep your data

We retain personal data only as long as necessary for the purposes for which it was collected:

• Inquiry data — kept for up to 24 months after our last contact, unless a business relationship begins
• Client data — kept for the duration of the engagement plus 7 years for tax and legal compliance
• Analytics data — anonymized and retained for up to 24 months

You may request earlier deletion of your data at any time (see Section 07).

07 Your rights

Under GDPR and equivalent privacy laws, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — correct any inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time, without affecting prior lawful processing
• Right to lodge a complaint — with a supervisory authority in your country of residence

To exercise any of these rights, please email us at info@gostrataltd.com. We will respond within 30 days.

08 Cookies and tracking

This website uses minimal cookies and similar technologies. We distinguish between:

• Essential cookies — required for the website to function properly (such as security and basic preferences). These do not require consent.
• Analytics cookies — if implemented in the future to understand how visitors use our site, these would only be set with your prior consent.

We do not use advertising cookies, retargeting pixels, or third-party social media trackers. You can disable cookies at any time through your browser settings.

09 How we protect your data

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all data transmitted to and from our website
• Access controls limiting who within our organization can access your data
• Reputable third-party processors with strong security practices
• Regular review of our data handling procedures

While no system is 100% secure, we take reasonable steps to prevent unauthorized access, loss, or misuse of your personal data. In the event of a data breach affecting your rights, we will notify you and the relevant authorities without undue delay.

10 International data transfers

Gostrata Ltd operates internationally, and your personal data may be transferred to and processed in countries outside your country of residence, including the European Economic Area (EEA), the United States, and Asia.

When we transfer personal data internationally, we ensure appropriate safeguards are in place — such as European Commission-approved Standard Contractual Clauses (SCCs) — to protect your data to GDPR-equivalent standards.

11 Changes to this policy

We may update this Privacy Policy occasionally to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised.

Material changes will be communicated through a notice on our website or by direct contact where appropriate.

12 Contact us

For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please reach out:

If you are an EU resident and believe we have not adequately addressed your concerns, you also have the right to lodge a complaint with your local data protection authority.