Privacy Policy
Last updated: March 12, 2026
1. Overview
This Privacy Policy explains how account.gocools collects, uses, stores, protects, and discloses personal data in connection with account identity and security services.
If you use account.gocools, this policy applies to that use.
2. Controller and Contact
GoCools operates account.gocools for identity and account operations.
For privacy requests:
For support:
3. Categories of Data We Collect
Depending on how you use the service, we may process:
3.1 Account Identity Data
- Username
- Email address
- Phone number
- Name fields
- Date of birth (where provided)
3.2 Authentication and Security Data
- Password hashes (not plaintext passwords)
- MFA settings and challenge metadata
- Session tokens (hashed or managed as secure cookies)
- Session status (active, revoked, expired)
3.3 Technical and Device Data
- IP address and approximate location metadata
- Device/browser user agent information
- Login timestamps and security event timestamps
3.4 Operational and Audit Data
- Account activity events
- Security-relevant actions (login failures, session revocations, profile/security changes)
- Legal/policy admin audit metadata where applicable
4. Data Sources
We collect data from:
- Information you submit directly.
- Automated signals generated during authentication and session use.
- Security tooling and infrastructure logs.
5. Purposes of Processing
We process personal data to:
- Create and manage user accounts.
- Authenticate users and enforce access control.
- Detect and prevent abuse, fraud, and account compromise.
- Maintain auditability and incident response capability.
- Provide support and recover account access.
- Improve service reliability, stability, and security.
- Meet legal and compliance obligations.
6. Legal Bases (Where Required)
Depending on jurisdiction, processing may rely on:
- Contract performance (account operation and access control).
- Legitimate interests (security, abuse prevention, diagnostics).
- Legal obligation (compliance, law enforcement requests).
- Consent (where explicitly requested for optional processing).
7. Cookies and Similar Technologies
We use essential cookies and comparable mechanisms for:
- Session continuity.
- Authentication state.
- Security checks and anti-abuse controls.
- Limited preference persistence.
These technologies are required for core account functionality.
8. Data Sharing and Disclosure
We do not sell personal data.
We may share data with:
- Infrastructure and cloud service providers.
- Security and anti-abuse service providers.
- Professional advisers where required.
- Authorities when legally required.
All sharing is limited to necessary purposes and subject to safeguards.
9. International Transfers
Data may be processed in multiple countries depending on infrastructure and support operations.
Where required, we apply transfer safeguards such as contractual protections and reasonable security controls.
10. Data Retention
We retain data only for as long as necessary for the purposes described, including:
- Active account operations.
- Security investigations and abuse prevention.
- Audit, legal, tax, and regulatory obligations.
Retention periods may vary by data category and legal requirements.
11. Security Measures
We implement technical and organizational controls, including:
- Encryption in transit.
- Access controls and least-privilege practices.
- Password hashing and secure session handling.
- Monitoring and logging for security-sensitive events.
- Administrative controls around legal/policy updates.
No method is absolutely secure, but we continuously improve controls.
12. User Rights
Depending on applicable law, you may have rights to:
- Access your personal data.
- Correct inaccurate data.
- Request deletion of certain data.
- Restrict or object to specific processing.
- Request portability where applicable.
To exercise rights, contact privacy@gocools.com. We may verify identity before fulfilling requests.
13. Children and Age Restrictions
account.gocools is not intended for children below the minimum legal age in relevant jurisdictions unless explicitly permitted by law and platform policy.
If we learn personal data was collected in violation of this requirement, we will take appropriate corrective action.
14. Automated Decision-Making
Security systems may apply automated risk checks (for example, suspicious login detection). Significant decisions are reviewed or can be escalated through support channels where appropriate.
15. Data Breach and Incident Handling
If a personal data incident occurs, we follow internal incident response procedures and applicable legal notification requirements.
16. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or product changes. Updated versions become effective upon publication unless a later date is stated.
17. Region-Specific Addenda
If required, region-specific disclosures (for example, U.S. state privacy rights or GDPR details) may be added as supplements to this policy.
18. Contact
Privacy and data protection:
Security reports:
General support:
Customization Notes (for admin legal editor):
- Add legal entity address and designated representative where required.
- Add jurisdiction-specific rights timelines and supervisory authority references.