Last updated: May 22, 2026
When you join the waitlist or create an account we collect: your name, email, phone (optional), current employer, salary band, coverage preferences, your tech domain (a curated taxonomy — e.g. "Backend", "ML / AI", "Sales", "HR / People"), and years of experience (banded: 0-2 / 3-5 / 6-10 / 11-15 / 16+); plus — optionally — your LinkedIn URL, GitHub URL, and a résumé file (stored in a private Storage bucket; never published as a public URL). We also collect technical/usage data (pages visited, features used, browser, IP address) for security and platform operation. Sign-ups from known disposable / throwaway email domains are rejected at the API boundary to keep junk out of the user base.
To: (1) provide and personalise Gatoms services; (2) verify ownership of the email you submit, via a one-time 6-digit code; (3) match you with opportunities and present you to enrolled employers when you authorise it; (4) verify qualifying layoff events and process income-bridge payments; (5) send transactional and (with consent) marketing email. We do not sell your data.
Your data is processed by: (a) Supabase, our database and private Storage provider; (b) Loops.so, our email-delivery provider — and ONLY after you verify your email via OTP, so unverified contacts are never sent to Loops; (c) employers / recruiters only when you explicitly authorise contact; (d) payment processors for billing; (e) sub-processors under written confidentiality agreements. We never share data with your current or former employer without your explicit consent.
You may access, correct, download, or delete your personal data. To exercise these rights, email privacy@gatoms.com — we acknowledge within 7 days and complete within 30. Our erasure process removes your Loops contact, your waitlist row, and your résumé file from Storage; where you have no payment, membership or activation history, your account is hard-deleted; where financial records exist and must be retained by law, the personally identifiable fields on those records are anonymised (a unique tombstone email replaces the original) and your résumé file is removed. Every erasure writes an immutable audit-log entry.
We retain data for as long as your account is active. On account closure or an erasure request we apply the process above. Financial transaction records (payments, memberships, activations) are retained for the period our regulators require, after stripping personally identifiable fields from those rows. Unverified waitlist sign-ups (those who never completed the email OTP) are held only as anonymised funnel data and are not used for outreach.
Data is encrypted in transit (TLS 1.3) and at rest. Production access is service-role-scoped and audited; every destructive admin action writes an immutable audit-log row. Résumés sit in a private bucket with no public URL. We test for and fix common web vulnerabilities — open redirects, ID enumeration, SQL injection, RLS gaps — as part of our development process. In the event of a breach affecting your data, we will notify you within 72 hours.
The only cookies we set are the Supabase Auth sb-* session cookies that keep you signed in. Product analytics is provided by PostHog and stored in your browser's localStorage (not cookies), on PostHog's EU host by default. See our Cookie Policy for the full table and opt-out instructions.
For privacy questions or requests, contact our Data Protection Officer at privacy@gatoms.com or write to Gatoms Technologies Pvt. Ltd., Koramangala, Bangalore 560034, India.