GAL Legal
Privacy Policy
This page summarizes how GAL collects, uses, stores, and deletes account data, workspace data, and agent session data.
Last updated: March 2026
What We Collect
- Account identity from GitHub and connected providers, including email, username, user ID, and avatar metadata.
- Workspace configuration, policy settings, and repository integration metadata required to run GAL.
- Agent session data such as prompts, tool-call metadata, redaction events, and audit events generated during interactive or background sessions.
- Operational telemetry including API logs, diagnostics, and compliance evidence.
How We Use Data
- Deliver authentication, workspace sync, scanning, compliance, and agent-governance features.
- Detect abuse, investigate incidents, and enforce security policies.
- Support customers, billing, and legal compliance obligations.
Storage and Regions
- Primary GAL application data is stored in Google Cloud and Firebase, including EU regions where configured.
- Backups, logging, and support tooling may process limited data in additional regions when needed for resilience and operations.
Retention
Accounts and org metadata
Until deletion request plus 30 days
Configuration and policy data
While active plus 30 days
Telemetry and analytics
90 days by default
Audit logs and enforcement events
90 days minimum
Billing records
7 years where legally required
Your Rights
- Request access, correction, export, or deletion of your data.
- Request deletion of session data subject to billing, fraud-prevention, incident-response, and legal retention requirements.
- Contact privacy@scheduler-systems.com for privacy or GDPR requests.
Questions about legal terms, privacy, or vulnerability disclosure can be sent to security@scheduler-systems.com or privacy@scheduler-systems.com.