Privacy

Privacy policy

Last updated: 21 May 2026

This policy describes how personal data is processed in connection with the Gabel website, trial intake, and the brief service. Gabel is operated by Emmanouil Gketsim (Switzerland). Swiss data protection law (revDSG) applies. Where the GDPR applies to you, the same principles below are followed.

Controller

Emmanouil Gketsim
Vorderuttenberg 6
8934 Knonau
Switzerland
[email protected]

What this policy covers

  • The public website at gabel.app (including the free trial form)
  • Email correspondence about trials and onboarding
  • The Gabel brief service for customers who have been provisioned

Data collected on the website (trial form)

When you submit the free trial form, the following fields are processed:

  • Name
  • Work email address

We collect Jira site, board, team size, git provider, and other setup details in follow-up email — not through the public form. Credentials (Jira tokens, git tokens, Slack webhooks) are never collected on the website. They are exchanged separately over an agreed secure channel during onboarding.

Purpose: to respond to your request, run a free trial, and communicate about setup.
Legal basis: steps prior to a contract at your request, and legitimate interest in operating a B2B trial programme (Art. 6(1)(b) and (f) GDPR where applicable; Art. 31 revDSG).

Retention: intake data is kept for up to 24 months after the last contact about the trial, unless a longer period is needed for an active customer relationship or legal obligation.

No marketing list: submitting the form does not subscribe you to a newsletter. Product updates are sent only in direct reply to your trial or customer relationship.

Data processed for the brief service

For provisioned tenants, Gabel reads metadata only from connected systems:

  • Jira: issue metadata, sprint fields, status transitions (read-only API access)
  • Git: pull request metadata (open, merge, review timing) from Bitbucket or GitHub

Not processed: source code, ticket descriptions or bodies, attachments, or end-customer PII from tickets.

Digests are team-level aggregates. They are not designed as individual employee performance monitoring.

Purpose: to generate and deliver the subscribed brief.
Legal basis: performance of the service agreed with your organisation (contract).

Hosting and processors

Personal data may be processed by service providers acting on instructions:

  • Netlify — hosting of the static website and trial form submissions
  • Amazon Web Services (AWS) — scheduled brief execution, encrypted credential storage (SSM), and optional tenant configuration storage (S3)
  • Email — direct email from [email protected] for trial and support messages
  • Slack — delivery to your workspace when you provide an Incoming Webhook URL (data is sent to Slack under your control)

Processors are used under contractual terms that require appropriate security and processing only on documented instructions.

International transfers

Website and cloud infrastructure may involve processing in the EU, United States, or other countries where these providers operate. Appropriate safeguards (such as standard contractual clauses or provider certifications) are relied on where required.

Cookies and analytics

The public website does not use non-essential analytics or advertising cookies at the time of this policy. Essential technical storage for form submission may apply via the host. If analytics are added later, this policy will be updated and consent obtained where required.

Your rights

Depending on applicable law, you may have the right to:

  • Access personal data held about you
  • Request correction or deletion
  • Restrict or object to certain processing
  • Data portability where applicable
  • Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), or your local EU supervisory authority

Requests: [email protected]

Security

Credentials are stored as encrypted parameters (KMS-backed). Access to production systems is limited to what is required to operate the service. No system is perfectly secure; incidents will be handled in line with applicable breach-notification duties.

Changes

This policy may be updated when the service, processors, or legal requirements change. The date at the top will be revised.

See also: Legal notice.