What personal data does GDK Digital collect?

We collect information you provide directly (name, email, account credentials), usage data (how you interact with our products), and technical data (IP address, browser type, device information). The specific data collected varies by product.

Does GDK Digital sell my personal data?

No, GDK Digital does not sell, rent, or trade your personal information to third parties. We only share data with service providers necessary to operate our products, and they are bound by strict confidentiality agreements.

How can I delete my account and data?

You can request account deletion by contacting support@gdkdigital.com. We will delete your personal data within 30 days, except where we are legally required to retain certain information. For products like Fortilis, you can also delete data directly within the application.

Is GDK Digital GDPR compliant?

Yes, GDK Digital complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area. This includes providing data access, portability, and erasure rights upon request.

How does GDK Digital protect my data?

We use industry-standard security measures including AES-256 encryption for data at rest, TLS 1.3 for data in transit, secure password hashing (Argon2id), and regular security audits. Fortilis specifically uses zero-knowledge architecture for credential storage.

Privacy Policy

Last Updated: January 4, 2026

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Data Sharing and Disclosure
5. Data Retention
6. Data Security
7. Your Rights
8. Cookies and Tracking
9. Third-Party Services
10. Children's Privacy
11. International Data Transfers
12. Changes to This Policy
13. Contact Us

1. Introduction

GDK Digital LLC ("GDK Digital," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including:

Fortilis - Secure credential and secrets management
FTC (Team Communications) - Task and decision collaboration platform
GDK-CRM - Customer relationship management
Feathers - AI prompt management tools
GDK Digital Website - gdkdigital.com and related pages

By using our products and services, you agree to the collection and use of information in accordance with this policy.

Quick Summary: We collect only the data necessary to provide our services. We never sell your personal information. You have full control over your data and can request access, correction, or deletion at any time.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our products:

Account Information: Name, email address, password, organization name
Profile Information: Job title, phone number, profile picture
Payment Information: Billing address, payment method details (processed by Stripe)
Content: Files, documents, tasks, decisions, and other content you create
Communications: Messages you send through our support channels

2.2 Information Collected Automatically

When you use our products, we automatically collect certain technical information:

Device Information: Device type, operating system, browser type and version
Usage Data: Features used, actions taken, time spent in the application
Log Data: IP address, access times, pages viewed, referring URLs
Cookies: Session identifiers and preferences (see Section 8)

2.3 Product-Specific Data Collection

Product	Data Collected	Special Considerations
Fortilis	Encrypted credentials, vault metadata, access logs	Zero-knowledge architecture - we cannot access your stored secrets
FTC	Tasks, decisions, comments, team activity	Workspace data isolated by organization
GDK-CRM	Customer records, interactions, pipeline data	Multi-tenant isolation with row-level security
Feathers	Prompt templates, usage metrics	Prompts stored locally; cloud sync optional

3. How We Use Your Information

We use the information we collect to:

Provide Services: Operate, maintain, and improve our products
Authenticate: Verify your identity and manage account access
Communicate: Send service announcements, security alerts, and support responses
Personalize: Customize your experience and remember your preferences
Analyze: Understand usage patterns to improve our products
Secure: Detect and prevent fraud, abuse, and security incidents
Comply: Meet legal obligations and respond to lawful requests

3.1 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

Contract Performance: Processing necessary to provide our services
Legitimate Interests: Improving services, preventing fraud, ensuring security
Consent: Marketing communications and optional features
Legal Obligation: Compliance with applicable laws

5. Data Retention

We retain your data for as long as necessary to provide our services and fulfill the purposes described in this policy:

Data Type	Retention Period
Account Information	Duration of account + 30 days after deletion
Product Data	Duration of account + 30 days after deletion
Payment Records	7 years (legal/tax requirements)
Audit Logs	1 year (security purposes)
Analytics Data	Aggregated and anonymized after 90 days
Support Communications	2 years

When data is no longer needed, we securely delete or anonymize it.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption at Rest: AES-256 encryption for stored data
Encryption in Transit: TLS 1.3 for all data transmission
Password Security: Argon2id hashing for passwords
Access Controls: Role-based permissions and multi-factor authentication
Infrastructure: Regular security audits and vulnerability assessments
Zero-Knowledge (Fortilis): End-to-end encryption where we cannot access your secrets

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong, unique passwords and enable multi-factor authentication where available.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 All Users

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Export: Download your data in a portable format

7.2 European Economic Area (GDPR)

EEA residents have additional rights under the General Data Protection Regulation:

Restriction: Request limitation of processing
Objection: Object to processing based on legitimate interests
Portability: Receive data in a structured, machine-readable format
Withdraw Consent: Withdraw consent at any time
Complaint: Lodge a complaint with your local data protection authority

7.3 California Residents (CCPA/CPRA)

California residents have rights under the California Consumer Privacy Act:

Know: What personal information we collect and how it's used
Delete: Request deletion of personal information
Opt-Out: Opt-out of the sale of personal information (we do not sell data)
Non-Discrimination: Equal service regardless of exercising privacy rights
Correct: Request correction of inaccurate personal information
Limit: Limit use of sensitive personal information

To exercise any of these rights, contact us at privacy@gdkdigital.com or support@gdkdigital.com. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to operate our services. For detailed information, see our Cookie Policy.

8.1 Types of Cookies

Essential: Required for authentication and core functionality
Functional: Remember preferences and settings
Analytics: Understand usage patterns (anonymized)

8.2 Managing Cookies

You can manage cookies through your browser settings. Note that disabling essential cookies may affect functionality.

9. Third-Party Services

Our products may integrate with third-party services. Each has its own privacy policy:

We encourage you to review the privacy policies of any third-party services you connect to our products.

10. Children's Privacy

Our products are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@gdkdigital.com.

11. International Data Transfers

GDK Digital is based in the United States. If you access our services from outside the US, your data may be transferred to, stored, and processed in the United States or other countries.

For EEA users, we ensure appropriate safeguards for data transfers, including Standard Contractual Clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page
Updating the "Last Updated" date
Sending an email notification for significant changes

We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

GDK Digital LLC

P.O. Box 85

Benton Harbor, MI 49023

United States

Email: privacy@gdkdigital.com

Phone: 1-877-GDK-DIGITAL (1-877-435-3424)

For data protection inquiries in the EEA, you may also contact your local supervisory authority.