Last Updated: 12 December 2025
This Privacy Policy ("Policy") explains how Giminds, a product operated by Orchestrator Lda. ("Company," "we," "us," or "our") collects, uses, stores, shares and protects personal data when you ("User", "you" or "your") access, download or use our application, website and related services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Policy.
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (EU Regulation 2016/679, "GDPR"), the UK Data Protection Act 2018 and UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act (collectively "US Privacy Laws"), and any other data protection laws that may apply to you. This Policy also provides transparency regarding our data processing practices related to the use of artificial intelligence ("AI") and machine learning as described in our Terms and Conditions.
Data Controller: Giminds, headquartered in Portugal. This entity determines the purposes and means of processing personal data collected through the Service for users located in the EEA/UK/Switzerland.
Data Protection Officer (DPO): If required by law, we have appointed a DPO whom you may contact regarding any questions or requests related to this Policy:
Data Controller: Giminds, headquartered in Portugal. This entity determines the purposes and means of processing personal data for users located outside Europe.
We adhere to the following data protection principles:
We collect different types of personal data depending on how you interact with the Service:
We aggregate and/or anonymize personal data to create statistical or aggregated information that does not identify you. We may use such information for research, analytics, security, improving our models and services, or other legitimate purposes.
We process personal data for the purposes described below. Where GDPR applies, we also indicate the legal basis for the processing.
Purposes: Creating and managing your account; providing and customizing the Service; enabling interactions with our AI; processing requests, subscriptions and credits; delivering notifications, updates and administrative messages; personalizing user experiences.
Legal bases: Performance of a contract with you (Article 6(1)(b) GDPR) and our legitimate interest in operating a secure and efficient service (Article 6(1)(f) GDPR).
Purposes: Responding to user inquiries and support requests; sending service‑related information, such as password resets, security alerts and policy updates; providing customer assistance and technical support.
Legal bases: Performance of a contract; legitimate interest in maintaining user relations; consent for marketing communications where required (Article 6(1)(a) GDPR).
Purposes: Using input, output and usage data to train, refine and improve our AI models, algorithms and other technologies; researching and developing new features and services; analyzing usage patterns and performance metrics.
Legal bases: Legitimate interest in improving and developing AI technologies (Article 6(1)(f) GDPR); explicit consent for processing sensitive data and for including your content in model training, if required.
You may have the option to opt out of using your data (input/output) for model training through your privacy settings. If you opt out, certain AI features may become limited or unavailable.
Purposes: Complying with legal and regulatory obligations; responding to subpoenas, court orders or other legal requests; detecting, preventing and addressing fraud, security breaches, spam, abuse and illegal or unauthorized activities; protecting our rights, property and safety, as well as those of our users and third parties.
Legal bases: Compliance with a legal obligation (Article 6(1)(c) GDPR); legitimate interest in safeguarding our operations (Article 6(1)(f) GDPR).
Purposes: Processing subscription fees and credit purchases; billing and invoicing; validating payment methods; conducting antifraud checks; complying with tax and accounting requirements.
Legal bases: Performance of a contract; compliance with legal obligations; legitimate interest in preventing fraud.
Purposes: Sending promotional emails, newsletters, offers and other marketing communications. Tracking the effectiveness of marketing campaigns; personalizing marketing messages.
Legal bases: Your consent where required under applicable law (Article 6(1)(a) GDPR) and our legitimate interest in promoting our services. You can opt out of marketing communications at any time through your account settings or the unsubscribe link included in marketing emails.
We may share personal data in the following circumstances:
We engage third‑party companies and individuals to perform services that support the operation of our platform, such as cloud hosting, data storage, analytics, customer support, email delivery, identity verification, payment processing, and IT services. These vendors are contractually obligated to maintain confidentiality and implement appropriate security measures.
We use third-party service providers for infrastructure and communications, including:
Some infrastructure providers may process limited technical data (such as IP addresses and request metadata) for security, performance and abuse-prevention purposes.
We partner with payment processors (e.g., Stripe) to handle transactions. We do not store your full payment card details. Our processors collect and use payment information to process your payments and comply with their legal obligations.
Our primary payment processor is Stripe, Inc.. Payment data is handled directly by Stripe in accordance with their own privacy policy and security standards.
To provide AI-generated content (text, images, video), we share user inputs — including text prompts and uploaded images — with third-party AI service providers:
These providers process data according to their own terms and privacy policies and may retain data as described in those policies.
Depending on the context, these providers may act as independent data controllers for certain processing activities outside our direct control, including security, abuse prevention and legal compliance.
Data may be processed outside the European Economic Area (EEA) under appropriate safeguards.
We may share your data with parent companies, subsidiaries, joint ventures or other companies under common control, provided they comply with this Policy.
We may disclose personal data if required by law, regulation, court order or valid legal process, or in response to a lawful request by public authorities, including law enforcement and national security agencies. We may also disclose personal data if we believe disclosure is necessary to protect the rights, property or safety of the Company, our users or others.
In the event of a corporate transaction such as a merger, acquisition, bankruptcy, dissolution, asset sale or transfer of all or part of our business, your data may be transferred to the relevant third party as part of the transaction. We will ensure that any such transfer is subject to appropriate safeguards and that the recipient continues to honour the commitments in this Policy.
We operate globally and may transfer your personal data to and process it in countries outside your country of residence, including to countries that may not provide the same level of data protection as your jurisdiction. When we transfer personal data outside the EEA/UK/Switzerland, we ensure that adequate safeguards are in place, such as:
We retain personal data for as long as necessary to fulfill the purposes described in this Policy or as required by law. Retention periods vary depending on the nature of the data:
When there is no longer a legitimate business need to process your personal data, we will either delete or anonymize it, or if this is not possible (e.g., because the data has been stored in backup archives), we will securely store your data and isolate it from further processing until deletion becomes possible.
Depending on your location and applicable law, you have certain rights regarding your personal data.
To exercise any of the above rights, please contact us using the details provided in Section 14 below. We may require verification of your identity before processing your request. We will respond within the timeframes required by law (generally within 30 days under GDPR and 45 days under US privacy laws). If you have authorized an agent to submit requests on your behalf, we may require proof of authorization.
We implement technical, administrative and physical safeguards designed to protect personal data from unauthorized access, disclosure, alteration or destruction. These measures include encryption in transit and at rest, access controls, regular security testing and employee training. However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security and encourage you to take your own precautions.
The Service is not intended for children under thirteen (13) years of age, or below the minimum age required by applicable law in your jurisdiction. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete the information as soon as possible. If you believe that a child has provided us with personal data, please contact us immediately.
The Service may contain links to third‑party websites, applications or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third‑party services before providing your personal data.
We use cookies, pixels, device identifiers and similar technologies to collect information about your interactions with the Service. These technologies help us operate and improve the Service, remember your preferences, authenticate users, analyze traffic, and personalize content and advertising. For a detailed explanation of how we use these technologies and how you can manage your preferences, please see our Cookie Policy [if applicable, link here].
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal or regulatory reasons. When we make material changes, we will notify you through the Service or by other appropriate means, such as email. We encourage you to review this Policy periodically for the latest information on our privacy practices.
If you have any questions, concerns or requests regarding this Privacy Policy or our data processing practices, please contact us at:
For users in the EEA/UK/Switzerland, you also have the right to lodge a complaint with your local supervisory authority if you believe that we have not handled your personal data in accordance with applicable law.
Wir verwenden Cookies, um Ihre Benutzererfahrung zu verbessern. Für einen vollständigen Überblick über alle verwendeten Cookies siehe unsere .