Privacy Policy

GCCI (Gus & Co Cyber Investigations) is built around the idea that cybercrime victims should be able to get help without surrendering their privacy in the process. This page describes what information we collect, what we don't, and how we handle anything you share with us.

What we collect

We collect only what's necessary to respond to you and, if applicable, deliver an investigation.

• Intake form submissions: name, email, optional phone number, the tier you've selected, your description of the situation, and what you already have (links, usernames, screenshots, etc.). Submitted via mailto and routed to our email.
• Payment information: handled entirely by Stripe. We never see or store your full card number, CVC, or bank details. We see only what Stripe relays to us (name, email, last four digits of card, payment status).
• Case details you send us: whatever you share by email or through the post-payment form on /thanks.html, in order to perform the investigation you've engaged us for.
• Server logs: our hosting provider (Cloudflare) keeps standard access logs (IP address, timestamp, user-agent) for security and abuse prevention. We do not run any third-party analytics or tracking pixels on this site.

What we don't collect

• No third-party analytics (no Google Analytics, no Facebook Pixel, no advertising trackers).
• No cookies set by us. (Cloudflare may set technical cookies necessary for the site to function.)
• No social-media share trackers.
• No newsletter signups, no marketing automation.
• No saved chat history. Conversations begin and end with you and us.

How we use what we collect

We use the information you provide solely to:

• Respond to your inquiry
• Confirm whether your case fits our scope
• Perform the investigation you've engaged us for, if you proceed
• Deliver our findings to you
• Comply with legal obligations (such as a lawful subpoena, if one is ever served)

Who we share it with

By default, no one. Specific exceptions:

• Stripe processes your payment and necessarily receives the data required for that.
• Rexxfield Technologies may receive a referral of your case — with your permission — if your situation exceeds the scope of our small-case work.
• Law enforcement or courts, only in response to a valid legal request. We would notify you in such an event unless legally prohibited.

We do not sell, rent, or trade your information. We don't run remarketing campaigns. We don't share client lists.

How long we keep it

Intake submissions and case correspondence are retained for up to 24 months after engagement, so that we can answer follow-up questions or reopen a case if needed. After that, records are deleted unless you ask us to retain them longer. Payment records are retained by Stripe according to their policy and US financial recordkeeping requirements.

Your rights

You may request a copy of what we hold about you, or ask us to delete it, by emailing Gus@gcci.io. We respond within 30 days. If you're in a jurisdiction with specific privacy rights (GDPR, CCPA, etc.), those rights apply.

Security

The site runs over HTTPS via Cloudflare. Case data lives in our email and on devices secured with full-disk encryption and 2FA. We do not store case data in any cloud database or third-party CRM.

Children

GCCI's services are not for minors. If you're under 18 and dealing with cybercrime, contact a parent or guardian and use NCMEC's Take It Down service for image-based abuse. Do not submit an intake on this site as a minor.

Changes to this policy

If we materially change how we handle data, we'll update this page and the "Last updated" date above. Engagements already in progress remain governed by the policy in effect when you submitted your case.

Contact

Questions about privacy? Email Gus@gcci.io.