Privacy Policy
Effective Date: May 1, 2026 · Last Updated: June 9, 2026
GoodGist, Inc. (doing business as Avery.Software) is committed to protecting your privacy. This Privacy Policy describes our privacy-first approach where most data stays on your device.
Core Privacy Principles
Our software stores prompts, source code, agent graphs, project files, encryption keys, and OAuth tokens locally without transmitting them to Avery.Software except in narrow circumstances like license verification or optional crash reports.
Information We Collect
Minimal Automatic Collection
We collect anonymized operational metrics including install IDs, usage counters, error codes, and software version information. Notably absent from collection: prompts, project content, file paths, and personally identifiable details.
Users can disable telemetry in Settings.
Account Information
- Email address, display name, organization
- Hashed passwords (never stored in plain text)
- Billing details (processed through Stripe, not stored directly by us)
Local Storage
The following data remains entirely on your device:
- Project files and source code
- Encrypted keystores
- Installed plugins and local language models
- Agent run transcripts and logs
Third-Party Data Flows
AI Providers
When you configure cloud AI providers for app building or agent runtime, prompts travel directly from your device to the chosen provider. Avery.Software is positioned outside this data path.
Supported providers include:
- Anthropic (Claude)
- OpenAI (GPT)
- Google AI (Gemini)
- Azure OpenAI
- AWS Bedrock
- Hugging Face
Hosting & OAuth Services
Deployment environments (Vercel, Railway) and connected OAuth services operate independently. Avery.Software maintains no visibility into deployed applications or their data processing.
Agent-to-Agent & MCP Protocol
External agent calls and Model Context Protocol integrations route directly device-to-destination without Avery.Software intermediation. You control which tools agents can access.
Payment Processing
Payment processing is handled securely by Stripe. We do not store full credit card details. Payment information is encrypted and processed in compliance with industry standards (PCI DSS).
Your Privacy Rights
This policy addresses privacy rights under CCPA, GDPR, UK GDPR, and numerous U.S. state laws including Colorado CPA, Virginia VCDPA, and Texas TDPSA.
You have the right to:
- Request data access and correction
- Request data deletion
- Opt-out of telemetry
- Non-discrimination for exercising your privacy rights
To exercise these rights, please contact us at legal@avery.software.
Our Commitments
- ✓No user content or prompts used for AI model training
- ✓No personal information sales
- ✓No cross-context behavioral advertising
- ✓Encryption for sensitive local data using AES-256-GCM
- ✓Regular security reviews and cryptographic verification of updates
Data Retention
We retain your account data while your account is active. Upon account closure, we delete your personal data within 30 days, unless legally required to retain it longer.
International Data Transfers
Data transfers between jurisdictions are protected by Standard Contractual Clauses (SCCs) as approved by relevant data protection authorities.
Cookies & Tracking
We use cookies for essential functions including authentication and security. We do NOT use third-party advertising cookies or tracking pixels for advertising purposes.
Contact Us
For questions about this Privacy Policy or to exercise your privacy rights, please contact us:
Privacy & Legal
We will respond to all legitimate privacy requests within 30 days or as required by applicable law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting. We encourage you to review this policy periodically to stay informed about how we protect your information.