Privacy Policy

Last updated: 30 April 2026

1. Who we are

This Privacy Policy applies to Gera Prime (“Gera Prime”, “we”, “us”, “our”), a subscription product operated by Gera Services Ltd (“Gera Systems”), a company registered in England and Wales. Gera Prime is accessible at prime.gera.services.

Gera Services Ltd is the data controller for personal data processed in connection with Gera Prime. Contact our data protection team at privacy@gera.services.

2. Scope

This policy applies to personal data processed when you visit prime.gera.services, create or manage a Gera Prime subscription, or contact us. It complements the general Gera Systems privacy notice for other Gera products.

3. Data we collect

3.1 Account and contact data

Email address, name, country, language preference, and authentication identifiers you provide when you sign in or sign up.

3.2 Subscription and payment data

Subscription tier (Individual, Family, Business), billing cycle (monthly, yearly), status, renewal dates, and a Stripe customer / subscription identifier. Card details are entered directly with Stripe and are never seen or stored by us.

3.3 Usage and device data

IP address, browser type and version, operating system, referral URLs, pages visited, time spent, and product interaction events. Used for fraud prevention, service operation, and aggregated analytics.

3.4 Support data

The contents of any messages you send via the contact form or by email, plus metadata required to respond.

4. Lawful basis for processing (UK GDPR / EU GDPR)

  • Contract (Art. 6(1)(b)) — to deliver the Gera Prime subscription you have purchased, manage renewals, and provide member benefits across Gera products.
  • Legal obligation (Art. 6(1)(c)) — VAT records, anti-fraud checks, and statutory retention requirements.
  • Legitimate interests (Art. 6(1)(f)) — service security, fraud prevention, debug logging, and aggregated product analytics.
  • Consent (Art. 6(1)(a)) — non-essential analytics cookies and marketing communications, where required.

5. How we use your data

  • Operate and provide the Gera Prime subscription
  • Process payments, renewals, refunds, and dunning notifications via Stripe
  • Apply Prime member benefits across other Gera products
  • Send transactional email (account, billing, security)
  • Provide customer support
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal, regulatory, and tax obligations
  • Improve the service via aggregated analytics

6. Third-party processors

We share personal data with the following sub-processors, each bound by GDPR- compliant data processing agreements:

  • Stripe Payments Europe Ltd — payment processing, subscription billing, and dunning. Stripe receives your name, email, and card details.
  • Resend (Resend, Inc.) — transactional email delivery (account confirmations, receipts, billing notifications).
  • Sentry (Functional Software, Inc.) — error and crash reporting. Receives anonymised stack traces and limited request metadata.
  • PostHog (PostHog Inc., EU region) — product analytics. We host in the EU; pseudonymised event data only, no card or password data.
  • Vercel Inc. — web hosting and CDN.
  • Neon (Neon Inc.) — managed PostgreSQL database for subscription state.

We never sell your personal data and we do not share it with advertisers.

7. International transfers

Some sub-processors are based outside the UK / European Economic Area. Where data is transferred internationally we rely on UK and EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and (for Stripe) the EU-US Data Privacy Framework, together with supplementary technical and organisational measures.

8. Retention

  • Active subscription data — for the life of the subscription.
  • Cancelled / expired subscription records — kept for 7 years to meet UK tax, accounting, and statutory limitation requirements.
  • Support correspondence — 3 years from last contact.
  • Server logs — 90 days, then aggregated or deleted.
  • Analytics events — pseudonymised, retained per PostHog defaults, deletable on request.

9. Your rights

Under UK and EU GDPR you have the right to access your personal data, request correction or deletion, restrict or object to processing, request portability, and withdraw consent (where consent is the lawful basis). To exercise any of these rights, contact privacy@gera.services. We respond within one calendar month.

You also have the right to lodge a complaint with your supervisory authority. In the UK that is the Information Commissioner’s Office (ICO).

10. Cookies and tracking

We use a minimum set of cookies. See our Cookie Policy for the full list and how to control them.

11. Security

We use TLS 1.2+ for all traffic, encrypt data at rest, enforce least-privilege access on internal systems, require multi-factor authentication on admin accounts, and run regular vulnerability scans. Payment card data is handled exclusively by Stripe (PCI DSS Level 1 certified) and never touches our infrastructure.

12. Children

Gera Prime is not directed to anyone under 16. The Gera Prime Family tier requires the primary subscriber to be 18 or older; child accounts on that tier are managed with the parental controls described in the product features.

13. Changes to this policy

We may update this policy as the service evolves. Material changes will be notified by email and via a banner on this page at least 14 days before they take effect.

14. Contact

Email privacy@gera.services or use the contact form.