Frequently Asked Questions

Everything you need to know about keeping your account safe and how GT Persona Center works online.

Logging In

What is two-factor authentication (2FA) and does GT Persona Center use it? Active

Two-factor authentication (2FA) adds a second step to your login. Even if someone discovers your password, they still cannot access your account without also having the one-time code sent to your email.

GT Persona Center automatically sends a 6-digit code to your registered email address every time you log in. The code expires in 10 minutes and can only be used once.

What happens if I enter the wrong OTP code too many times?

After 3 incorrect attempts your pending login session is cleared and you are returned to the login screen. This prevents automated bots from guessing the 6-digit code.

Simply log in again — a fresh code will be sent to your email.

I didn't receive my OTP email. What should I do?

Check your Spam / Junk folder.
Make sure the email address on your account is correct.
OTP emails are sent within seconds — if nothing arrives in 2 minutes, go back to the login page and try again (a new code is issued each attempt).
If the issue persists, contact support@ganootech.com.

Can I sign in with Google, Facebook, Apple, or GitHub?

Yes. When you use a social login, the third-party provider handles password verification and we receive only a verified email address and basic profile information. You do not need to set a separate GT password for social accounts.

Social logins still go through our session security checks (HttpOnly cookies, SameSite protection, CSRF tokens).

Passwords

How is my password stored?

Your password is never stored in plain text. It is hashed using bcrypt (with a cost factor of 12) or Argon2id before being saved to the database. Even if the database were ever exposed, the raw password cannot be recovered from the hash.

What is the password reset process?

Click Forgot Password on the login page. We send a secure, single-use reset link (64 random hex characters) to your email. The link expires after 60 minutes and is invalidated the moment it is used.

If you did not request a reset, you can safely ignore the email — your password remains unchanged.

How do I create a strong password?

Use at least 12 characters.
Mix uppercase, lowercase, numbers, and symbols.
Avoid real words, names, or dates.
Use a unique password for every service — a password manager makes this easy.
Enable 2FA wherever possible (including here).

Session & Cookies

How does GT Persona Center protect my session?

Sessions are protected with several layers:

HttpOnly cookies — JavaScript cannot read the session cookie, blocking cross-site scripting (XSS) theft.
SameSite=Strict cookies — the cookie is not sent on cross-site requests, blocking CSRF attacks.
Secure flag — the cookie is only transmitted over HTTPS.
CSRF tokens — every form includes a one-time token that must match your session.
Session ID regeneration — the session ID changes on login to prevent session fixation.

Does the site use tracking cookies or advertising cookies?

No. GT Persona Center only uses a single first-party session cookie required to keep you logged in. We do not use advertising networks, tracking pixels, or third-party analytics cookies.

What happens when I log out?

Clicking Logout immediately destroys your server-side session and clears the session cookie from your browser. Any subsequent request will be treated as unauthenticated.

Brute-Force & Rate Limiting

Is there protection against brute-force login attacks? Active

Yes. Failed login attempts are tracked by both email address and IP address. After a threshold of failures within a short window, further attempts from that IP or for that account are temporarily blocked.

This is separate from the OTP attempt limit and covers the initial password check.

My account seems locked after failed attempts. How long before I can try again?

Lockouts are time-based and lift automatically. Wait a few minutes, then try again. If you believe your account has been targeted, reset your password immediately via the Forgot Password link and contact support.

How Search Engines See This Site

Is GT Persona Center indexed by Google?

Only public-facing pages — such as this FAQ, the Privacy Policy, Terms of Service, and the login/register pages — are intended to be indexed. Authenticated pages (dashboard, personas, search results) require a login and are not accessible to search engine crawlers.

What SEO best practices does the site follow?

Unique <title> tags on every page describing the page content.
Meta description tags on public pages.
Canonical URLs (<link rel="canonical">) to avoid duplicate-content penalties.
Semantic HTML — correct use of h1/h2/h3 heading hierarchy, <main>, <nav>, <footer>.
HTTPS — a confirmed ranking signal for Google.
Mobile-responsive design (viewport meta tag, responsive CSS).
Descriptive alt text on images.

Does having a favicon affect SEO?

Not directly — favicons are not a ranking factor. However, a recognisable favicon improves click-through rate from browser bookmarks and search results (Google shows them in mobile SERPs), which indirectly benefits SEO over time.

GT Persona Center provides favicons at multiple sizes (16×16, 32×32, 180×180 Apple touch icon, and Android Chrome icons).

Is there a sitemap?

A sitemap.xml listing all public pages is planned. Submitting it to Google Search Console helps the crawler discover pages faster and understand the site structure.

In the meantime, all public pages are interlinked through the footer navigation, which Google's crawler will follow.

How does page speed affect my ranking?

Google uses Core Web Vitals (Largest Contentful Paint, Cumulative Layout Shift, Interaction to Next Paint) as ranking signals. Key things GT Persona Center does to stay fast:

CSS is served from a single stylesheet (fewer HTTP requests).
Images should be served in modern formats (WebP/AVIF) and correctly sized — upload optimised images to persona profiles.
Server-side rendering (PHP) means there is no client-side JavaScript framework adding parse time.
Retailer API calls (UCP) run in parallel so search results pages load faster.

Does the app use structured data / schema.org markup?

Not yet. Adding JSON-LD structured data (e.g. FAQPage schema on this page) would allow Google to display rich results — expandable Q&A directly in search results — improving click-through rate significantly. This is on the roadmap.

Social Sharing

How does the site look when shared on WhatsApp, Twitter, or LinkedIn?

Social platforms use Open Graph (og:) and Twitter Card meta tags to generate link previews. GT Persona Center public pages include:

og:title and og:description — the headline and summary shown in the preview.
og:image — a preview image (the app logo).
og:url — the canonical URL.

Persona and search pages are private and do not generate public previews.

What We Store

What personal data does GT Persona Center store?

Account: username, email address, hashed password.
Personas: name, birthday, gender, clothing/shoe sizes, colour preferences, brand preferences, and any photos you upload.
Security logs: failed login attempts (IP address + timestamp) — automatically pruned after the lockout window.
OTP codes: hashed, single-use, expire in 10 minutes.

See the full Privacy Policy for details.

Are my persona images stored securely?

Images are stored on the server in a directory that is not publicly browsable. They are served only to your authenticated session. Uploaded filenames are randomised (UUIDs) to prevent guessing.

Deleting a persona image removes both the database record and the file from the server immediately.

Is my shopping search data saved?

Search queries typed into the search bar are used in real-time to call retailer APIs and are not stored in the database. The AI intent classification (powered by Claude) processes your query but does not log it.

Your Rights

How do I delete my account and all my data?

Visit the Data Deletion Instructions page. You can request full deletion of your account and all associated personas, images, and logs. Deletion is processed within 30 days.

Can I export my persona data?

Data export is on the roadmap. In the meantime, contact privacy@ganootech.com to request a copy of your data.