Last Updated: January 3, 2025

Privacy Policy

Your data belongs to you. We are a processor, not an owner. This document explains how we handle your information—and, more importantly, how we don't.

The Zero-Training Guarantee

This is our most important promise: User Content (inputs, prompts, and outputs) is NOT used to train our AI models.

We use isolated API instances from Portkey, Anthropic, and Google Cloud, where data retention is minimized. Your prompts and generated content are processed for the immediate task and are not stored for training purposes. We do not feed your work back into our systems to improve our models.

This guarantee exists because we serve organizations that handle sensitive client information. Your trust depends on our restraint.

Data Usage

Strict Prohibition: No Training of LLMs

User Content (inputs, prompts, and outputs) is NOT used to train the underlying Large Language Models (LLMs) provided by Anthropic, Google, or Portkey. We do not feed your content back into these models for training purposes. This prohibition is absolute and fundamental to our service.

Permitted Use: Product Analytics and Improvement

We DO collect and analyze usage metadata, configuration settings (such as Brand Voice selections), and user feedback (thumbs up/down ratings) to improve the GoldenDoodle platform experience and features. This "flywheel" data helps us understand how the platform is used, which features are most valuable, and where we can make improvements—but it does not include your actual prompts or generated content.

Service Delivery

We process and store content solely to provide the service you request. This includes generating text outputs, saving chat history for your convenience, and maintaining system reliability. Content is processed in real-time through our API infrastructure and stored only as necessary to deliver the service and support your workflow.

Data Ownership

You retain full ownership of your client data and all content you create using GoldenDoodle AI. We are a processor, not an owner.

When you use our service, you grant us a limited license to process your content solely for the purpose of generating the outputs you request. This license is temporary and revocable. We do not claim ownership of your inputs or outputs.

What We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. This information is used to manage your account, provide customer support, and ensure service security.

Usage Analytics

We use PostHog for usage analytics to understand how our platform is being used—clicks, navigation flows, and feature adoption. As stated in our Data Usage section, we collect usage metadata and configuration settings, but we do not track sensitive prompt content for analytics purposes. Your actual prompts and the content you generate are not analyzed or stored for analytics.

Content Processing

Your prompts and inputs are processed through our API infrastructure to generate outputs. This processing happens in real-time and is not stored beyond what is necessary to deliver the service and maintain system reliability.

How We Protect Your Data

We use enterprise-grade encryption for data in transit and at rest. Our infrastructure is built on Supabase and PostgreSQL, which provide industry-standard security measures.

We do not sell your data. We do not share your data with third parties except as necessary to provide the service (for example, through our API providers under strict confidentiality agreements).

Data Retention

We retain your account information for as long as your account is active. Content processed through our APIs is not retained for training purposes. Logs and system data are retained only as long as necessary for security, debugging, and service reliability.

When you delete your account, we delete your personal information and account data in accordance with our data retention policies and applicable law.

Your Rights

You have the right to access, correct, or delete your personal information. You can request a copy of your data or request that we delete your account at any time by contacting us at our contact page.

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to data portability and the right to object to processing.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through our contact page.