Privacy Policy
Effective date: 03.06.2026
Getmany Software LLC ("we") welcomes you! We respect your privacy.
In this Privacy Policy ("Policy"), we would like to inform you how we collect, process, and use your personal data when you interact with our website https://landing.getmany.com.ua ("Website") and the Getmany MCP service ("Platform").
Please take a look at the "DEFINITIONS" used in this Policy to understand the content fully. This Policy should be read together with our Terms of Use.
This Policy has been established to inform you about our commitment to compliance with the EU GDPR. We also included specific details regarding US privacy laws and regulations (CCPA, CPRA, VCDPA, CPA, CTDPA and UCPA) regarding the data subject rights of California, Virginia, Colorado, Connecticut and Utah residents.
CONTENTS:
- WHO WE ARE?
- DATA COLLECTION
- LEGAL BASES FOR PROCESSING
- USE OF YOUR PERSONAL DATA
- DATA SHARING AND DISCLOSURE
- DATA TRANSFER TO THIRD COUNTRIES
- DATA RETENTION
- SECURITY AND INTEGRITY OF THE DATA
- DATA SUBJECT AGE
- YOUR RIGHTS UNDER THE GDPR
- DATA PROTECTION AUTHORITY UNDER THE GDPR
- US PRIVACY LAWS AND REGULATIONS
- COMPLAINTS
- UPDATES TO THE POLICY
- HOW TO CONTACT US
- DEFINITIONS
You can learn more about how we use cookies in our Cookie Policy.
WHO WE ARE?
Getmany Software LLC is a company incorporated in the State of Wyoming, United States of America, with the registration number 35-2841890.
- Our address: 30 NGOULD ST STE R, SHERIDAN, WY 82801-6317-301;
- Our phone number: +1 906 680 9581;
- Our email: support@getmany.com.ua
When processing your personal data as outlined in this Privacy Policy, we can play different roles under the GDPR. We may act as a controller under the GDPR, but we may also process third-party data (such as Upwork job-poster and client business information surfaced through the Services) on behalf of and under the instructions of the Client, in which case we act as the data processor. Such processing is governed by the Data Processing Addendum (DPA) concluded between the Client and us.
DATA COLLECTION
You can be a Website Visitor or a Client:
- You are a Website Visitor when you merely browse the Website without creating an account or signing up and voluntarily share your data with us via available options for communication, or we collect your data via cookies or other tracking technologies;
- You are a Client when you register an account on our Platform, generate an API Key, subscribe to our services or purchase Credits, and contact us via the available options for assistance.
As a data controller, we collect your personal data when you:
- visit our Website;
- contact us via email or our support chat;
- register an account on our Platform using your email and password, or with your Google or GitHub account;
- generate an API Key and use the Services;
- subscribe to the Pro plan, purchase Credit packs, or enable auto-refill;
- voluntarily provide your data, including any other instances on the Website where you knowingly choose to share your personal data.
The Company may also process third-party data surfaced through the Services (such as Upwork job postings, which may include job-poster and client business information). Where this data is processed on behalf of the Client, we process it only according to the Client's instructions and in accordance with the Data Processing Addendum (DPA) concluded between us and the Client.
Providing your contact details for payment and transaction information is necessary to enter into or perform a contract with you in the meaning of the GDPR.
We collect the categories of information described in the table below. In particular, we collect:
| Type of data | Description | Data subject |
|---|---|---|
| (a) Cookies Information | We use cookies on our Website and Platform to ensure the functionality of the Services (for example, to keep you signed in), to remember your preferences, and — with your consent — for product analytics. We do not use advertising or targeting cookies. To learn more about our use of cookies, please read our Cookie Policy. | Website Visitor, Client |
| (b) Automatically Collected Information | We automatically collect and process some information about you and your device when you access our Website or Platform or make API requests to the Services (for example, through server logs or other similar technologies). This information may include the IP address of your device, the user agent / type of browser or client you are using, technical information, and request logs (including the timing, frequency, and pattern of your service use). | Website Visitor, Client |
| (c) Contact & Support Information | When you contact us via email or our support chat, we collect and process some information about you. It may include your name, email address, and the content of the support-chat messages or emails you choose to share with us. | Website Visitor, Client |
| (d) Registration Information | We collect and process your information when you register an account on our Platform using your email and password. It may include your email, your name, and your password (which we store only as a bcrypt hash — we never store your password in plain text). We use this information to manage our relationship with you, to authenticate you, and to communicate with you. | Client |
| (e) OAuth Identity Information | When you sign up or sign in with your Google or GitHub account, we collect and process the OAuth identity information returned by that provider, such as your email, name, and provider account identifier. | Client |
| (f) API Key Information | When you generate an API Key on the Platform, we store only a SHA-256 hash of the key (the raw key is shown to you once at creation and is not retained), along with a short display prefix and metadata such as the creation date. | Client |
| (g) Usage & Credit Information | As you use the Services, we collect usage logs and per-tool usage records, and we maintain a credit and billing ledger reflecting the Credits you have purchased and consumed. | Client |
| (h) Transactions and Payment Information | If you subscribe to the Pro plan, purchase Credit packs, or enable auto-refill, payment is processed by Stripe, our third-party payment processor. Stripe is responsible for the collection, processing, and storage of your payment card details; we do not store card numbers or other payment card details on our servers. We do store a Stripe customer identifier and limited payment-method metadata (such as card brand and last four digits) so we can manage your billing. | Client |
| (i) Third-Party Job Data | The Services return Upwork job postings, which may include job-poster and client business information and other public job data. Where this data is processed on behalf of the Client, we act as a processor under the DPA between the Client and us. | Client |
In addition, please note the following with respect to the personal data we process:
- we DO NOT collect or process your sensitive data;
- we DO NOT use automated decision-making, including profiling, which produces legal effects concerning a data subject or similarly significantly affects a data subject.
- we DO NOT sell your data.
LEGAL BASES FOR PROCESSING
We process your personal data in accordance with the GDPR. The GDPR provides an exhaustive list of lawful bases for processing. We rely only on four of them:
Article 6.1(a): consent
We process the personal data you choose to provide us with your consent. You may withdraw your consent at any time.
Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw your consent by sending us an email at support@getmany.com.ua.
Article 6.1(f): legitimate interest
We process your personal data to protect our legitimate interests, such as:
- preventing fraud;
- ensuring the security and functionality of our Website.
We only collect and use the data necessary to achieve these purposes and do not override your fundamental rights and freedoms.
Article 6.1(b): performance of a contract
When you provide us with personal data to purchase our services, this can be considered as a request to form a contract or to perform a contract between you and us.
Article 6.1(c): legal obligation
We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements.
In case you send us a request to exercise your rights under the GDPR, we may ask you for some personal data we already have to identify you and comply with the applicable law.
USE OF YOUR PERSONAL DATA
When acting as a data controller, we use your personal data for the purposes listed in the table below, where we also detail the type of personal data processed and the legal bases we rely on to do so.
| Purpose of processing | Type of personal data | Legal grounds | Third parties recipients | Source |
|---|---|---|---|---|
| Account Registration | (d) Registration Information; (e) OAuth Identity Information; (b) Automatically Collected Information | Performance of a contract (Article 6(1)(b)) | Google Cloud Platform; Vercel; Cloudflare; Google LLC (Google OAuth); GitHub | Client |
| Account Maintenance & Provision of the Services | (b) Automatically Collected Information; (d) Registration Information; (e) OAuth Identity Information; (f) API Key Information; (g) Usage & Credit Information | Performance of a contract (Article 6(1)(b)) | Google Cloud Platform; Vercel; Cloudflare | Client |
| Processing of payments | (d) Registration Information; (h) Transactions and Payment Information; (g) Usage & Credit Information | Performance of a contract (Article 6(1)(b)) | Stripe | Client |
| Communication with Clients and Website Visitors (including transactional email, responding to queries and requests, customer support, investigating complaints, and other notifications) | (d) Registration Information; (b) Automatically Collected Information; (c) Contact & Support Information | Performance of a contract (Article 6(1)(b)); Your consent (Article 6(1)(a)) | Customer.io; Slack | Client; Website Visitor |
| Analytics & Development of the Website and the Platform | (a) Cookies Information; (b) Automatically Collected Information | Your consent (Article 6(1)(a)) | PostHog | Client; Website Visitor |
| Security and fraud prevention | (a) Cookies Information; (b) Automatically Collected Information; (f) API Key Information; (h) Transactions and Payment Information | Our legitimate interest (Article 6(1)(f)) | Cloudflare; Google Cloud Platform; Stripe | Client; Website Visitor |
| Legal Compliance | (a) Cookies Information; (b) Automatically Collected Information; (c) Contact & Support Information; (d) Registration Information; (e) OAuth Identity Information; (f) API Key Information; (g) Usage & Credit Information; (h) Transactions and Payment Information | Legal obligation (Article 6(1)(c)) | Stripe; Customer.io; PostHog; Google LLC (Google OAuth); GitHub; Slack; Google Cloud Platform; Vercel; Cloudflare | Website Visitor; Client |
When providing our services, we may also process certain personal data as a data processor at the request and pursuant to the instructions given by the Client (data controller in that case).
When you, as a Client, provide us with third-party data, the Data Processing Addendum (DPA) shall be applicable to you. In such a case, we may process the following personal data:
| Purpose of processing | Type of personal data | Legal grounds | Third parties recipients | Source |
|---|---|---|---|---|
| Provision of Services | (i) Third-Party Job Data | Performance of a contract (Article 6(1)(b)) | Google Cloud Platform; Vercel; Cloudflare | Client |
DATA SHARING AND DISCLOSURE
We may share your personal data as a data controller with other sole controllers and data processors.
We may share your personal data with our contractors to the extent necessary to provide services, technical and customer support. We may share your personal data with data processors who act on our behalf according to our instructions ("service providers") to manage risks and deliver services effectively.
In particular, we may share and disclose your personal data to our service providers:
- Stripe (Stripe, Inc., USA / Stripe Technology Europe, Limited, Ireland): for payment processing.
- Customer.io (Peaberry Software, Inc., USA): for sending transactional email.
- PostHog (PostHog, Inc., USA): for product analytics.
- Google LLC (USA): for Google OAuth sign-in.
- GitHub, Inc. (USA): for GitHub OAuth sign-in.
- Slack Technologies, LLC (USA): for support-chat relay (optional).
- Google Cloud Platform (Google LLC, USA): for cloud hosting of our database and API/MCP servers.
- Vercel Inc. (USA): for hosting our web app and marketing site.
- Cloudflare, Inc. (USA): for DNS, CDN, and DDoS protection.
As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. Collectively, these specialists and partner websites are referred to as Contractors.
Third-Party Integrations
We may relay support-chat messages to our internal Slack workspace so our team can respond to your requests. When you contact us through the support chat, the content of your messages is shared with Slack Technologies, LLC for this purpose.
We highly recommend reviewing the privacy practices implemented by any third-party service before relying on it.
Links to Third-Party Websites
This Privacy Policy applies only to this Website and our Platform. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Website or Platform. We have no control over other websites' content and data practices and are not responsible for their actions.
DATA TRANSFER TO THIRD COUNTRIES
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of the GDPR (adequacy decision).
In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data, in particular, the standard contractual clauses adopted by the European Commission.
We take additional technical and organizational measures when transferring data outside the EU and the EEA, such as assessing the reliability and personal data protection practices of the service provider, promptly responding to any threats to confidentiality, integrity, and availability of personal data, and conducting Transfer Impact Assessments (TIA) when necessary, etc.
Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.
DATA RETENTION
As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Privacy Policy unless a longer retention period is required or expressly permitted by law.
We store Registration Information for the entire period when the client uses our services and no longer than 6 months after the deactivation of your account.
We store Cookie Information for the period specified in our Cookie Policy.
We may not delete or anonymize your data if we are required to retain it to comply with the law or legal process. You may contact us at support@getmany.com.ua to exercise your right to erasure.
SECURITY AND INTEGRITY OF THE DATA
We have implemented appropriate organizational, technical, administrative, and physical security measures to ensure the ongoing confidentiality, integrity, availability, and resiliency of systems and services that process personal information and will restore the availability and access to information on time in case of a physical or technical incident.
In particular, we have implemented various technical security measures to protect your data, including encryption of data in transit and at rest, hashing of credentials (passwords are stored as bcrypt hashes and API keys as SHA-256 hashes), access controls, and regular data backups. Additionally, we care about implementing organizational security measures such as limited access on a need-to-know basis.
DATA SUBJECT AGE
We do not knowingly collect personal data from persons under 16. By providing us with your personal data, you confirm that you are at least 16 years old and, according to the law of your country, you have all rights to consent to the processing of your personal data.
If you have any reason to believe that a child under 16 has provided his/her personal data to us, please contact us at support@getmany.com.ua.
YOUR RIGHTS UNDER THE GDPR
You may exercise the following rights by submitting a data subject request at support@getmany.com.ua.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
| Right under the GDPR | Description | How to exercise it |
|---|---|---|
| Right to withdraw consent (Art. 7) | You can withdraw your consent for data processing at any time. | You can submit a request. |
| Right to be informed (Art. 13, 14) | You have the right to be informed about the collection and use of your personal data. | All information about our collection and use of your personal data is described in this Privacy Policy, the Cookies Policy, and the Terms of Use. |
| Right of Access (Art. 15) | You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. | You can submit a request. |
| Right to rectification (Art. 16) | You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. | You can submit a request. |
| Right to erasure ('right to be forgotten') (Art.17) | You have the right to have your personal data deleted without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1); the personal data have been unlawfully processed. | You can submit a request. |
| Right to restriction of processing (Art. 18) | You can limit the way in which we use your data where one of the following applies: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defense of legal claims; you have objected to processing, pending the verification of that objection. | You can submit a request. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise, or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest. |
| Right to data portability (Art. 20) | You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. | You can submit a request. |
| Right to object (Art. 21) | You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling). | You can submit a request. |
| Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22) | This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. | We DO NOT use automated decision-making and profiling. |
| Right to lodge a complaint (Art. 77) | You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR. | You can submit the complaint in the EU member state of your place of habitual residence or to the data protection authority stated in this Privacy Policy. |
| Right to compensation (Art. 82) | Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. | Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2). |
DATA PROTECTION AUTHORITY UNDER THE GDPR
We encourage you to contact us initially with any concerns you may have regarding the processing of your personal data.
You may use the following email to address your concerns: support@getmany.com.ua.
In some cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.
US PRIVACY LAWS AND REGULATIONS
The table below provides general descriptions of the US residents' privacy rights established by:
- the California Consumer Privacy Act (the "CCPA") amended with the California Privacy Rights Act (the "CPRA");
- the Virginia Consumer Data Protection Act (the "VCDPA");
- the Colorado Privacy Act (the "CPA");
- the Connecticut Data Privacy Act (the "CTDPA");
- the Utah Consumer Privacy Act (the "UCPA").
Please note some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law.
The terms used in this section of the Policy are taken from the GDPR, considering the definitions established in the CCPA, CPRA, VCDPA, CPA, CTDPA and UCPA.
You may exercise the following rights by submitting a request at support@getmany.com.ua.
Please note that we may need to confirm your identity to process your requests to exercise your rights. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
| Right | Description | US laws |
|---|---|---|
| Right to know | You can request information about what personal information we collect about you and how it is used and shared. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to access | You can request access to the collected personal information. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to correct | You can request us to correct the inaccurate personal information about you. | California (CCPA&CPRA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to delete | You can request us to delete the personal information that we have collected from you. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to data portability | You can request obtaining a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to opt out of the sale | You can request opting out of the processing of personal data for the sale of personal information. We neither sell your personal information to anyone nor use your data as a business model. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to opt out of sharing | You may request to stop sharing your personal information. | California (CCPA&CPRA) |
| Right to opt out of targeting ads | You can request opting out of the processing of personal data for targeted advertising. | Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to opt out of profiling | You can request opting out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. | California (CCPA&CPRA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to initiate a private cause of action for data breaches | The right to bring an individual cause of action or a class action if nonencrypted or nonredacted personal information is subject to unauthorized access and exfiltration, theft or disclosure as a result of the business's violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information. | California (CCPA&CPRA) |
| Right to non-discrimination | Right to be free from discrimination relating to the exercise of any of your privacy rights. | California (CCPA&CPRA); Utah (UCPA); Virginia (VCDPA); Colorado (CPA); Connecticut (CTDPA) |
| Right to limit the use and disclosure of sensitive personal information | This right allows you to limit the use and disclosure of your sensitive personal information by the company. We don't intentionally collect any sensitive personal information about you. | California (CCPA&CPRA) |
You can find a detailed description of the personal information that we may collect from you above in the "DATA COLLECTION" section of this Policy.
The purposes of the collection and/or use of personal information are stated in the "USE OF YOUR PERSONAL DATA" section of this Policy.
You can review the categories of third parties with whom we may share your personal information in the "DATA SHARING AND DISCLOSURE" section of this Policy.
COMPLAINTS
If you have any complaints regarding our processing of your personal data, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on the place of your residence, you may have the right to appeal our decision by contacting us or lodge your complaint with your local data protection authority.
UPDATES TO THE POLICY
We may periodically update this Policy to reflect new updates, technologies, legal requirements, or for other reasons. Any changes will be communicated by posting a revised version of the Policy on our Website. Such changes will be effective immediately upon posting them.
We encourage you to review this Policy periodically. Your continued use of our Website and Platform after the revised Policy has become effective constitutes your acceptance of the new terms of the Privacy Policy. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change.
HOW TO CONTACT US
For questions regarding the processing of your personal data, please contact us:
Getmany Software LLC
- Our address: 30 NGOULD ST STE R, SHERIDAN, WY 82801-6317-301;
- Our phone number: +1 906 680 9581;
- Our email: support@getmany.com.ua
DEFINITIONS
We use the following definitions in this Privacy Policy:
- "GDPR" means the European Union's General Data Protection Regulation.
- "personal data" means any information relating to you and helping identify you (directly or indirectly), such as a name, email, address, etc.
- "data subject" is an identified or identifiable natural person about whom we hold personal data.
- "controller" means the natural or legal person who (either alone or jointly with others) determines the purposes and means of the processing of personal data.
- "processor" means a natural or legal person who processes personal data on behalf of the controller.
- "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- "CCPA" means the California Consumer Privacy Act;
- "CPRA" means the California Privacy Rights Act;
- "VCDPA" means the Virginia Consumer Data Protection Act;
- "CPA" means the Colorado Privacy Act;
- "CTDPA" means the Connecticut Data Privacy Act;
- "UCPA" means the Utah Consumer Privacy Act.