Last updated: 25 May 2026
This Privacy Policy explains how Gibney Technology Enterprises Limited ("Gibney", "we", "us", or "our") collects, uses, discloses, and protects personal data in connection with HipTrack.io (the "Service"), a social bookmarking software-as-a-service platform.
We are committed to protecting your personal data and your right to privacy. This Policy applies to personal data we process as a data controller (for example, in relation to our customers, prospects, website visitors, and the authorised users of our customers) and explains the role we play when we process personal data as a data processor on behalf of our customers.
If you have questions or concerns about this Policy or our practices, please contact us using the details in section 14.
The data controller responsible for your personal data is:
Gibney Technology Enterprises Limited
Dublin, Ireland
Email: [email protected]
This Policy applies to personal data processed through:
This Policy does not apply to third-party websites, products, or services that may be linked from or integrated with the Service. We encourage you to review the privacy policies of any third parties before providing them with personal data.
HipTrack.io is a business-to-business product. The way we handle personal data depends on the context:
As a data processor. When our business customers ("Customers") use the Service to bookmark, organise, share, and collaborate on content, the Customer is the controller of personal data submitted into the Service ("Customer Data"). We process Customer Data on the Customer's behalf and in accordance with our agreement with that Customer (including any Data Processing Addendum). If you are an authorised user of a Customer's account and want to exercise rights in relation to Customer Data, please contact your organisation directly.
As a data controller. We act as a controller in relation to: account registration and administration data; billing and payment data; data we collect through our website and marketing activities; and data we collect when providing support. The remainder of this Policy primarily addresses processing where we act as controller.
We collect the following categories of personal data:
Name, work email address, job title, employer/organisation name, username, password (stored in hashed form), and profile preferences.
Billing contact details, billing address, VAT/tax identification number, subscription plan, and records of payments. Payment card details are collected and processed directly by our payment processor; we do not store full card numbers on our systems.
Bookmarks, tags, folders, collections, notes, comments, and other content you save or create in the Service; URLs, titles, descriptions, and metadata of bookmarked content; sharing and collaboration activity; and records of your interactions with other users within your workspace.
IP address, browser type and version, operating system, device identifiers, time zone, language preferences, referring URLs, and log data relating to your use of the Service.
The content of your communications with us (for example, support tickets, emails, and chat messages), and information you provide when responding to surveys or feedback requests.
Information about your engagement with our marketing emails and website (for example, opens, clicks, and pages visited), and your preferences in relation to marketing communications.
We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). Please do not submit such data to the Service.
We collect personal data:
Under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Irish Data Protection Act 2018, we must have a lawful basis for processing personal data. We rely on the following bases:
| Purpose | Legal basis |
|---|---|
| Providing the Service, authenticating users, and supporting your account | Performance of a contract; legitimate interests |
| Billing, invoicing, and collecting payments | Performance of a contract; legal obligation |
| Operating, securing, and improving the Service | Legitimate interests (running and improving our business) |
| Providing customer support | Performance of a contract; legitimate interests |
| Communicating service-related notices (e.g. outages, security alerts) | Performance of a contract; legitimate interests |
| Direct marketing to business contacts | Legitimate interests, subject to your right to object; consent where required |
| Analytics and product research | Legitimate interests; consent for non-essential cookies |
| Complying with legal, accounting, and regulatory obligations | Legal obligation |
| Establishing, exercising, or defending legal claims | Legitimate interests; legal obligation |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You can request more information about that assessment by contacting us.
We share personal data only where necessary and with appropriate safeguards. Recipients may include:
We do not sell personal data.
We are based in Ireland and primarily process personal data within the European Economic Area ("EEA"). Some of our sub-processors are located outside the EEA, including in the United Kingdom and the United States.
Where we transfer personal data outside the EEA, we rely on a valid transfer mechanism, such as:
You may request a copy of the safeguards in place by contacting us using the details in section 14.
We retain personal data only for as long as necessary for the purposes set out in this Policy, including to satisfy legal, accounting, tax, or reporting requirements.
In general:
Where we act as a processor on behalf of a Customer, retention of Customer Data is governed by our agreement with that Customer.
We use cookies and similar technologies on our website and in the Service to keep you signed in, remember preferences, secure the Service, and understand how it is used. Some cookies are strictly necessary, while others (analytics and marketing) are used only with your consent, where required.
You can manage your cookie preferences through our cookie banner and through your browser settings. Refusing non-essential cookies will not prevent you from using core features of the Service.
Subject to the conditions and exceptions set out in the GDPR and the Irish Data Protection Act 2018, you have the following rights:
To exercise your rights, please contact us using the details in section 14. We may need to verify your identity before responding. We will respond within one month, which may be extended by a further two months for complex requests.
If you are an authorised user of a Customer's workspace and your request concerns Customer Data, we will generally direct you to the Customer or assist them in responding.
If you believe we have not handled your personal data in line with this Policy or applicable law, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the Irish Data Protection Commission, which is our lead supervisory authority:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
You may also contact the supervisory authority in the EU/EEA Member State of your residence, place of work, or place of the alleged infringement.
For any questions about this Policy or to exercise your rights, please contact:
Gibney Technology Enterprises Limited
Dublin, Ireland
Attn: Privacy
Email: [email protected]
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy on our website and update the "Last updated" date above. Where changes are material, we will provide additional notice, for example by email or through the Service.
