Is Gatherino GDPR compliant?

Yes. Gatherino is fully GDPR compliant. All data is stored on servers in the EU (Germany), we use encryption at rest, no advertising cookies, and your data belongs to you.

What export formats does Gatherino support?

Gatherino supports CSV, JSON, XLSX, and PDF exports. We also offer direct export to POHODA accounting software.

Does Gatherino support e-signatures?

Yes. You can add signature fields to any form where users can draw or type their signature using multiple font styles.

Is there a free plan?

Yes. Gatherino offers a free plan with up to 3 forms and 100 submissions per month. No credit card required.

Privacy Policy

Last updated: April 9, 2026

1. Data Controller

The data controller is Pikastore s.r.o., IČO: 19693311, with registered office in the Czech Republic, operating the service at gatherino.com ("Gatherino").

Gatherino acts as the data controller for account information and as a data processor for content you collect through your forms. Form submitters interact directly with the form owner; Gatherino only stores and processes that data on the form owner’s behalf.

2. Information We Collect

Account data: name, email address, hashed password, optional avatar.
Usage data: IP address, user agent, timestamps, error logs.
Content: forms you create and submissions you receive, including any files uploaded by submitters.
Billing data: processed and stored by Stripe; we do not store credit card numbers.

3. How We Use Your Data

To provide and operate the Service, authenticate you, deliver email notifications (2FA codes, submission confirmations, password resets), generate documents, process payments, prevent abuse, and comply with legal obligations. We do not use your data for advertising or profiling.

4. Legal Basis (GDPR Art. 6)

Contract performance (Art. 6(1)(b)): processing necessary to provide the Service you signed up for.
Legitimate interest (Art. 6(1)(f)): security, fraud prevention, service improvement.
Legal obligation (Art. 6(1)(c)): accounting and tax records retention.

5. Where Your Data Is Stored

All personal data is stored on servers located in the European Union (Germany). File uploads are stored in S3-compatible object storage with at-rest encryption. Database backups are encrypted and rotated.

6. Sub-processors

We use the following processors strictly to operate the Service:

Netcup GmbH (Germany) — hosting and storage infrastructure.
Resend Inc. (USA) — transactional email delivery (2FA codes, notifications). Data transferred under Standard Contractual Clauses.
Stripe Payments Europe Ltd. (Ireland) — subscription billing and payment processing.
Google LLC — optional Google Sign-In and Gmail/Sheets integrations, only if you enable them.
Functional Software Inc. (Sentry) (USA) — error monitoring. No PII forwarded; only anonymized stack traces.

7. Retention

Account data: retained while your account is active. Deleted within 30 days of account deletion.
Submission data: retained for as long as the form owner keeps it, or up to 7 years where required by Czech/EU accounting law.
Backups: rotated and purged within 30 days.
Server logs: retained for 90 days for security purposes.

You can request earlier deletion at any time.

8. Your Rights (GDPR)

Under the General Data Protection Regulation you have the right to:

Access the personal data we hold about you (Art. 15) — available via Settings → Privacy → Export my data.
Rectification of inaccurate data (Art. 16).
Erasure of your account and data (Art. 17) — available via Settings → Privacy → Delete my account.
Restriction of processing (Art. 18).
Object to processing (Art. 21).
Data portability (Art. 20) — export provided in JSON and CSV formats.
Lodge a complaint with your supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (UOOU).

9. Cookies

We use essential cookies only: an HTTP-only session cookie for authentication and (where enabled) a Stripe billing cookie. No third-party advertising, analytics, or tracking cookies are set. As we use only strictly necessary cookies, consent is not required under the ePrivacy Directive.

10. Security

We implement appropriate technical and organizational measures to protect your data:

All traffic served over HTTPS (TLS 1.2+).
Passwords hashed with bcrypt.
Authentication tokens stored in HTTP-only cookies.
Two-factor authentication (2FA) available for all accounts.
Rate limiting on authentication endpoints.
Database encryption at rest.
Access to production systems restricted to authorized personnel.

11. Children’s Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect.

13. Contact

For privacy-related questions, data access requests, or to exercise any of your rights, contact us at:

Pikastore s.r.o.
IČO: 19693311
Email: hello@gatherino.com