Privacy Policy

Effective date: 22 May 2026 · Last updated: 22 May 2026

This Privacy Policy explains how GCCPROS (“GCCPROS”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use our websites, the GCC intelligence database, the GCCPROS Enterprise Data API, and related applications and services (together, the “Services”). By using the Services, you agree to the practices described here.

1. Who we are

GCCPROS provides verified market-intelligence data about Global Capability Centers (GCCs) to businesses, under subscription and licensing arrangements. We act as the data controller for the personal information described in this policy. You can reach us at admin@gccpros.com.

2. Information we collect

Account and sign-in information. When you sign in — including through Microsoft or Google single sign-on (SSO) — we receive your name and work email address from your identity provider to confirm your identity and apply your organisation’s subscription. We do not receive or store your password.
Subscription and usage information. We record which organisation you belong to, your access tier, and your usage of the Services (for example, searches run, records returned, timestamps, and approximate IP address) to operate the Services, enforce plan limits (seats, concurrency, quotas), bill accurately, and maintain security and audit records.
Communications. If you contact us, we keep your messages and contact details to respond and keep records.
Cookies and local storage. Our applications use your browser’s session/local storage to keep you signed in and remember preferences. We do not use third-party advertising cookies.

The GCC database itself contains business and professional information about companies and senior business roles, compiled from public and licensed sources for legitimate business-intelligence purposes. Where this includes professional information about individuals (such as a publicly listed company leader’s name and title), we process it on the basis of legitimate interests, and individuals may contact us to exercise their rights as set out below.

3. How we use information

To provide, operate, secure, and improve the Services;
To authenticate users and enforce subscription entitlements (domain whitelisting, seats, concurrency, data tier, geographic scope, usage quotas);
To meter usage, invoice customers, and prevent abuse;
To maintain audit and security logs and to comply with legal obligations;
To communicate with you about your account, support requests, and material changes to the Services.

4. Legal bases for processing

Where the EU/UK GDPR applies, we rely on: performance of a contract (to deliver the Services you or your organisation subscribe to); legitimate interests (to secure, operate, and improve the Services, and to compile business intelligence); consent (where required, for example certain communications); and legal obligation. Where India’s Digital Personal Data Protection Act, 2023 applies, we process personal data for the specified lawful purposes described in this policy.

5. How we share information

We do not sell your personal information. We share it only with:

Service providers who help us run the Services under contract, including our cloud and database provider (Supabase), and identity providers used for sign-in (Microsoft, Google);
Your own organisation, which administers your access and may view usage associated with your account;
Authorities or third parties where required by law, to protect our rights, or in connection with a corporate transaction.

6. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers of personal data.

7. Data retention

We keep personal information for as long as needed to provide the Services, meet legal, accounting, and audit requirements, and resolve disputes. Usage and audit logs are retained for a reasonable period for security and billing, after which they are deleted or anonymised.

8. Security

We apply administrative, technical, and organisational measures to protect personal information, including encrypted transport, access controls, hashed credentials, per-customer access keys, usage logging, and the principle of least privilege. No method of transmission or storage is completely secure, but we work to protect your information and review our safeguards regularly.

9. Your rights

Subject to applicable law, you may have the right to access, correct, update, or delete your personal information, to object to or restrict certain processing, to withdraw consent, and to request a copy of your data. To exercise these rights, email admin@gccpros.com. If you believe an entry in our business database about you is inaccurate or should not be processed, contact us and we will review it promptly.

10. Children

The Services are intended for business use by adults and are not directed to anyone under 18. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above. Material changes will be communicated where appropriate.

12. Contact us

Questions or requests regarding this policy or your personal information: admin@gccpros.com.

This page is a general template provided for convenience and does not constitute legal advice. Please have it reviewed by qualified legal counsel and update the operating legal-entity name, jurisdiction, retention periods, and any sector-specific requirements before relying on it.