Skip to main content

Last updated May 5, 2026

Privacy Policy

GillyTech LLC (“Structor”, “we”, “us”, or “our”) provides the Structor software-as-a-service product available at gostructor.com (the “Service”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to the Service, our websites, and any related communications you receive from us.

The short version

  • We collect the information you give us (account, billing, content you connect) and a limited set of technical data needed to run a reliable service.
  • We use it to operate, secure, support, and improve the Service — and for nothing else, unless we tell you up front.
  • We do not sell your personal information. We do not use your content to train third-party AI models.
  • You can access, correct, export, or delete your data at any time by emailing privacy@gostructor.com.
  • We use a small number of vetted subprocessors (hosting, email, payments, AI inference) listed on our Security page.

1. Who we are

The data controller for personal information processed under this policy is GillyTech LLC, a Florida limited liability company. Questions about this policy or your data should be directed to privacy@gostructor.com or legal@gostructor.com.

2. Information we collect

2.1 Information you provide directly

  • Account information: name, work email, password (stored only as a salted hash), organization name, role.
  • Billing information: billing address, tax ID where required, and a payment-method token. Full card numbers are handled by our PCI-compliant payment processor and never touch our servers.
  • Communications: messages you send us through forms, email, or support chat, including any attachments.
  • Beta and marketing forms: name, email, and the role you selected (site owner, freelancer, agency).

2.2 Information from your connected WordPress sites

When you connect a WordPress site, you authorize the Service to access content via the WordPress REST API using credentials you supply. The Service may read posts, pages, custom post types, taxonomies (categories, tags), media metadata, authors, and revision history necessary to deliver the features you have enabled. We only access the data your credentials grant access to. We do not request or store your WordPress administrator password.

2.3 Usage and device data

  • Product events: actions you take inside the Service (e.g., scans run, suggestions accepted), timestamps, and result codes — used to deliver features, debug issues, and measure usage.
  • Technical data: IP address, browser type and version, operating system, device type, language, time zone, and referring URLs.
  • Logs: request logs and error reports, which may incidentally contain identifiers (such as your user ID) for security and reliability.

2.4 Cookies and similar technologies

We use a small number of strictly necessary cookies for authentication and session management. The marketing site uses self-hosted, privacy-friendly analytics that does not set advertising cookies and does not track you across other sites. See our Cookie Policy for details.

3. How we use information

  • Provide the Service: authenticate you, run the features you request, sync with WordPress, and present results.
  • Billing: process subscriptions, prevent fraud, send invoices and receipts, and meet tax and accounting obligations.
  • Support: respond to questions, troubleshoot issues, and improve documentation.
  • Security and integrity: detect, investigate, and prevent abuse, fraud, security incidents, and violations of our Terms.
  • Service communications: send transactional messages (e.g., billing alerts, security notices, product updates relevant to your account). These are not marketing emails.
  • Marketing communications: with your consent (where required), send occasional product news. You can opt out at any time using the link in every marketing email.
  • Improve the Service: analyze aggregated, de-identified usage patterns to make the product better. We do not use your content to train any third-party AI model.
  • Legal compliance: respond to lawful requests and enforce our agreements.

4. AI processing

To generate suggestions (such as taxonomy cleanups, tag recommendations, or content summaries), the Service may transmit excerpts of your content to third-party AI inference providers acting as our subprocessors. These providers process the data only to return a result for your request. We have contractual commitments from each provider that:

  • Your content is not used to train their models;
  • Inputs and outputs are retained only briefly (typically zero to thirty days) for abuse-prevention and reliability purposes; and
  • Data is processed under appropriate confidentiality and security obligations.

AI outputs are suggestions only. They are not warranted to be accurate, complete, or free of errors. You decide what (if anything) to apply to your WordPress site.

5. How we share information

We share personal information only in the limited circumstances below. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

  • Subprocessors: trusted vendors who process data on our behalf to deliver the Service, including cloud hosting, transactional email, payment processing, error monitoring, and AI inference. Each subprocessor is bound by a written data-processing agreement. The current list is on our Security page.
  • Within your organization: if you join a team workspace, other members of that workspace may see information you contribute to it (such as scans you ran or comments you posted).
  • Legal and safety: when we have a good-faith belief that disclosure is required by law or necessary to protect the rights, property, or safety of Structor, our customers, or the public. We will notify you of legal requests when permitted to do so.
  • Business transfers: if GillyTech LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and honor the commitments in this policy.
  • With your direction: when you explicitly ask us to share information with a third party (for example, by enabling an integration).

6. Data retention

  • Account and customer data: retained while your account is active. After your account is deleted, we erase primary records within thirty (30) days and remove residual copies from encrypted backups within ninety (90) days.
  • Billing records: retained for up to seven (7) years to meet tax, accounting, and audit obligations.
  • Security logs: typically retained for ninety (90) days, and longer if needed to investigate an incident.
  • Marketing contacts: retained until you unsubscribe, then suppressed for as long as necessary to honor that opt-out.

7. Your privacy rights

Subject to applicable law and verification of your identity, you have the right to request: (a) access to the personal information we hold about you; (b) correction of inaccurate information; (c) deletion of your information; (d) a portable copy of your information in a machine-readable format; (e) restriction of or objection to certain processing; and (f) withdrawal of any consent you previously gave us.

To exercise any of these rights, email privacy@gostructor.com from the email address associated with your account. We will respond within the time period required by applicable law (generally thirty days, extendable where permitted). You will not be discriminated against for exercising any right.

7.1 European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, our legal bases for processing are: (a) contract — to provide the Service you requested; (b) legitimate interests — to operate, secure, and improve the Service in ways you would reasonably expect; (c) consent — where you have given it (e.g., marketing emails); and (d) legal obligation — where the law requires us to process your data. You have the right to lodge a complaint with your local data-protection authority, although we encourage you to contact us first so we can try to resolve the issue.

7.2 California (CCPA/CPRA)

California residents have the right to: know what personal information we collect and how we use it; access and obtain a copy of that information; correct inaccurate information; delete personal information; opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising); and limit the use of sensitive personal information (we only use such information for the limited purposes permitted under the CPRA, such as providing the Service). You may also designate an authorized agent to make a request on your behalf.

7.3 Other US states

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) have rights similar to those described above. Contact us at the email above to exercise them.

8. International data transfers

Structor is operated from the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored, and processed in the United States and other jurisdictions where our subprocessors operate. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss equivalent.

9. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS 1.2+), encryption at rest, the principle of least privilege for internal access, audit logging, secure software development practices, and regular security reviews. No method of transmission or storage is one-hundred-percent secure, but we work hard to keep our security posture current. See our Security page for more.

10. Children's privacy

The Service is not directed to children under sixteen (16), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@gostructor.com and we will delete it.

11. Third-party links and integrations

The Service and our website may contain links to third-party sites or enable integrations with third-party tools (such as your WordPress installation). Those third parties operate under their own privacy policies. We are not responsible for their practices, and we encourage you to review them before sharing data.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the “Last updated” date at the top and, where appropriate, notify you by email or through the Service before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. How to contact us

Privacy questions and rights requests: privacy@gostructor.com
Other legal matters: legal@gostructor.com
Postal mail: GillyTech LLC, 600 Cleveland St., Suite 359, Clearwater, FL 33755, USA.