Privacy Policy

Gateway Architect, LLC (“Gateway Architect,” “we,” “us,” or “our”), a Delaware limited liability company doing business in Virginia, operates the Gateway Architect platform and websites located at gatewayarchitect.com and gatewayarchitect.ai (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you visit our website or use our services.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, you should not use the Service.

1. Information We Collect

1.1 Information you provide directly

When you create an account, request a demo, contact us, or use the Service, you may provide personal and organizational information including your name, email address, company name, job title, team size, and communications. Within the platform, this includes architectural decisions, feedback entries, project data, and other content you create or upload (“Customer Data”).

1.2 Information collected automatically

When you access the Service, we automatically collect certain technical and usage information such as IP address, browser type and version, device information, operating system, referring URLs, pages visited, timestamps, and interaction data. We use this information to operate, secure, and improve the Service.

1.3 Cookies and similar technologies

We use essential cookies required for authentication, session management, and core functionality. We may also use analytics cookies to understand usage patterns and improve the Service. You may control cookies through your browser settings, and we may provide cookie consent or preference controls where required by law.

2. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Authenticate users and manage accounts
• Process demo requests and respond to inquiries
• Provide BrainDrop™ knowledge processing within your organization
• Generate architectural documentation and insights
• Provide customer support and service communications
• Send security alerts and administrative notifications
• Send marketing communications where permitted by law
• Monitor and improve performance, reliability, and usability
• Detect fraud, abuse, and security threats
• Comply with legal obligations

3. BrainDrop™ and Organizational Data Isolation

BrainDrop™ is Gateway Architect’s proprietary knowledge engine. Customer Data is logically isolated at the organizational level.

• Customer Data is accessible only within the originating organization
• We do not share Customer Data across organizations
• Customer Data is not used to train generalized machine learning models for other customers
• AI processing occurs solely to provide functionality requested by the customer organization

4. Third-Party Service Providers

We use trusted service providers to operate the Service. These providers process information under contractual confidentiality and security obligations.

• Supabase — database hosting, authentication, and storage
• Vercel — infrastructure and hosting
• Stripe — payment processing
• OpenAI — AI and embedding processing (data submitted via API is not used to train models unless explicitly opted in)
• Anthropic — AI content generation (data submitted via commercial APIs is not used for training unless explicitly permitted)
• Calendly — scheduling services (optional)

We configure subprocessors to limit retention and restrict use to providing services. We do not sell personal data.

5. Data Retention

We retain personal and organizational data for as long as necessary to provide the Service and fulfill contractual obligations. Upon account termination, data is deleted or anonymized within a reasonable period, generally within 30 days, except where retention is required for legal, backup, audit, fraud prevention, or dispute resolution purposes.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit, encryption at rest, authentication controls, and access restrictions. In the event of a data breach, we will provide notification as required by applicable law.

7. Your Rights

You may request access, correction, export, or deletion of your personal data by contacting privacy@gatewayarchitect.com.

8. California Residents

California residents have rights under the California Consumer Privacy Act (CCPA), including access and deletion rights. We do not sell personal information.

9. Other U.S. State Privacy Rights

Residents of certain states, including Virginia, may have rights to access, correct, delete, or obtain copies of personal data under applicable privacy laws.

10. International Transfers

Information may be processed in the United States and other jurisdictions. We rely on appropriate safeguards for international transfers where required.

11. Contact Us

If you have questions about these Terms, contact us at: