GTM Diagnostic

Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how GTM Diagnostic (“we,” “us”) collects, uses, and shares information when you visit www.gtmdiagnostic.com or take the diagnostic assessment.

1. Information we collect

We collect the following information directly from you:

  • Identity and contact information: name, job title, company, work URL, and email address you submit to receive your report.
  • Assessment responses: the answers you provide to each diagnostic question, along with derived pillar scores, AI summary, and recommendations generated from those answers.
  • Contact form submissions: any message and contact details you send via the Contact page.

We also automatically collect limited technical information:

  • Log data: IP address, browser type, referring page, pages viewed, and timestamps, used for security and reliability.
  • Cookies and local storage: a small number of functional items needed to keep your assessment session working. We do not use third-party advertising cookies.

2. How we use information

  • To deliver the diagnostic and your personalized report.
  • To send you the report copy and respond to your inquiries.
  • To improve the assessment, methodology, and underlying models.
  • To monitor, secure, and prevent abuse of the Service, including rate limiting and fraud prevention.
  • To comply with legal obligations.

3. Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we process your information based on (a) your consent, (b) the performance of a contract with you (delivering the report you requested), (c) our legitimate interests in operating, securing, and improving the Service, and (d) compliance with legal obligations.

4. How we share information

We do not sell your personal information. We share it only with:

  • Service providers that host our infrastructure, database, email delivery, and AI model inference, all bound by confidentiality and data-protection terms.
  • Authorities when required by law, valid legal process, or to protect rights, property, or safety.
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

5. AI processing

Your assessment answers are sent to large-language-model providers via the Lovable AI Gateway to generate summaries and recommendations. These providers are contractually restricted from using your inputs to train their public models.

6. Data retention

We retain assessment submissions and contact information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. You can request deletion at any time via the Contact page.

7. Security

We use industry-standard administrative, technical, and physical safeguards including encryption in transit, row-level security on our database, server-side input validation, and rate limiting. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to our processing of your personal information, and to withdraw consent. To exercise these rights, contact us via the Contact page. We will respond within the time required by applicable law.

9. International transfers

We may process your information in countries other than your own. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses for cross-border transfers.

10. Children

The Service is intended for working professionals and is not directed to children under 16. We do not knowingly collect personal information from children.

11. Changes

We may update this Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by a more prominent notice.

12. Contact

For privacy questions or requests, reach us via the Contact page.