Privacy Policy - Gimi AI

Last updated: March 30, 2026

This notice applies to the Gimi AI affiliate and influencer portal at affiliate.gimiapp.com. It is separate from the consumer app and public landing-page privacy policy. It explains how we handle personal data of invited affiliates, creators, influencers, and portal administrators.

---

1. What this notice covers

This notice covers portal access, affiliate account administration, agreement acceptance, referral tracking, commission reporting, payout administration, compliance review, and related support communications.

2. Data we collect

• Identity and contact data, such as your name, email address, social profile links, campaign or creator name, and account role.
• Portal account and authentication data, such as Firebase authentication identifiers, sign-in status, invitation status, and account timestamps.
• Affiliate profile and commercial data, such as commission rate, payout schedule, payout policy, payment method, status history, and other structured terms assigned to your affiliate account.
• Performance and attribution data, such as referral campaign identifiers, installs, attributed subscription events, commissionable revenue records, payout-period summaries, and related internal analytics.
• Agreement and compliance records, such as agreement version, rendered agreement snapshot, acceptance timestamp, acceptance history, review requests, suspension records, and enforcement notes.
• Technical and browser data needed to operate the portal, such as IP address, user agent, device/browser information, Cloud Functions request metadata, and basic security logs.
• Local browser storage used for sign-in flow support, such as the saved email address for magic-link sign-in and authentication/session persistence handled by Firebase.
• Payment, tax, and verification details if you provide them to us directly for payout administration or compliance, such as payout account details, billing details, tax identifiers, invoices, or supporting documents.
• Support communications and documents you send to us.

If sensitive financial, tax, or identity-verification information is collected, we use it only for payout operations, identity verification, tax/accounting administration, anti-fraud review, and legal/compliance purposes.

3. How we collect data

• Directly from you when you sign in, accept an agreement, request review, update profile information, or contact us.
• From our internal attribution, subscription, payout, accounting, fraud-review, and admin systems when referred purchases, reversals, review events, or payout events are recorded.
• Automatically from your browser and device when you access or use the portal.
• From administrators acting on behalf of Gimi AI when they create, update, suspend, reactivate, or terminate affiliate accounts.
• From service providers or workflow tools used to deliver emails, accepted agreement copies, payout-related communications, or support interactions.

4. Why we use your data

• To authenticate you and provide portal access.
• To administer your affiliate account and display your assigned commercial terms.
• To track referral performance, calculate eligibility, and show commission or payout status.
• To manage payout operations, fraud checks, reversals, disputes, and compliance reviews.
• To store evidence of agreement acceptance and preserve an audit trail.
• To secure the portal, prevent abuse, detect unauthorized access, and troubleshoot issues.
• To communicate with you about portal access, legal notices, support, and the affiliate relationship.
• To comply with tax, accounting, anti-fraud, and legal obligations.

5. Legal bases for EEA/UK users

• Contract: to operate the affiliate relationship and provide the portal.
• Legitimate interests: security, fraud prevention, attribution integrity, payout administration, recordkeeping, and dispute defense.
• Legal obligation: where records must be retained for tax, accounting, compliance, or legal claims.
• Consent: where required by law for a specific activity.

6. Sharing and service providers

We do not sell personal information. We may share relevant data with service providers and infrastructure vendors strictly as needed to operate the affiliate portal and related business processes.

• Hosting, authentication, database, and infrastructure providers, including Firebase and Google Cloud.
• Email, file-delivery, and document-workflow providers used to send portal access emails, agreement confirmations, or accepted agreement copies.
• Attribution, subscription, billing, payout, accounting, fraud-review, and support operations systems where relevant to the affiliate relationship.
• Professional advisers, auditors, payment or payout providers, banking counterparties, tax authorities, regulators, or law-enforcement authorities where required or reasonably necessary.

We do not use affiliate portal data for targeted advertising, cross-context behavioral advertising, or sale of personal information.

7. Cookies and local storage

The portal does not use advertising cookies. It does use browser storage and authentication/session mechanisms that are necessary for sign-in and secure operation, including a saved email value for the magic-link flow, Firebase authentication persistence, and related security/session storage. We may also use strictly necessary technical storage or logs for security, abuse prevention, request integrity, and troubleshooting. We do not currently use the affiliate portal for optional advertising trackers.

8. Retention

We keep affiliate portal data for as long as needed for the affiliate relationship and for a reasonable period afterward where required for audit, payout reconciliation, accounting, fraud prevention, contractual enforcement, or legal defense.

• Portal account and invitation records: generally for the active relationship and a reasonable period afterward for support, security, and account-history purposes.
• Agreement acceptance records and rendered agreement copies: kept as part of the contractual record of the affiliate relationship.
• Payout, payment, tax, invoice, and accounting records: retained for the periods reasonably required for accounting, tax, audit, and dispute purposes.
• Security, access, and support logs: retained for a limited period appropriate to abuse prevention, troubleshooting, and evidentiary needs, unless a longer hold is required for an investigation or legal claim.
• Suspension, review, fraud, and enforcement records: retained for as long as reasonably necessary to protect the portal, resolve disputes, and document program decisions.

9. International transfers

We operate globally and may use providers that process data in Israel, the United States, the EEA, the UK, and other countries depending on the provider and service used. Where required, we rely on appropriate transfer mechanisms and safeguards, which may include adequacy decisions, standard contractual clauses, or comparable contractual and organizational measures. You may contact us for more information about the safeguards relevant to a particular transfer.

10. Automated decisions and profiling

Some portal functions may use rule-based automation to calculate payout status, classify transactions, or update lifecycle status based on configured business rules, including suspension, review-pending, payout eligibility, or auto-termination timing. These records remain subject to the governing affiliate agreement and our internal review processes. Where applicable by law, you may ask for human review of a significant decision affecting you.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal data. We may need to verify your identity and may keep limited records where the law or our legitimate interests require it.

• EEA / UK: you may have rights of access, rectification, erasure, restriction, objection, portability, and rights relating to certain automated decision-making.
• California: you may have rights to know, delete, correct, and receive information about the categories of personal information collected and disclosed, subject to applicable exceptions.
• Israel and other regions: we will handle requests in line with applicable local law.

To exercise a privacy right, contact support@gimiapp.com and describe your request clearly. We may ask for information reasonably necessary to verify your identity, authority, and relationship to the portal before acting on the request. Where applicable law permits authorized agents, we may request proof of authority. We aim to respond within the timeframe required by applicable law.

12. Complaints

You can contact us first at support@gimiapp.com. If applicable law gives you the right to complain to a supervisory or regulatory authority, you may also do that.

13. Security

We use reasonable technical and organizational measures appropriate to the risk, including access controls, authentication, logging, and encryption in transit.

14. Children

This portal is intended for adult affiliates, influencers, creators, and administrators. It is not directed to children.

15. Changes

We may update this notice from time to time. We will post the updated version here and change the last-updated date. For material changes, we may also notify affiliates through the portal or by email.

16. Contact and Controller

For privacy questions or requests about the affiliate portal, email support@gimiapp.com.

For privacy-law purposes, the controller for the affiliate portal is Amir Landau, an individual developer based in Israel operating Gimi AI. The primary contact channel for privacy requests is support@gimiapp.com.