GoodGist, Inc. (“GoodGist,” “we,” “us”) provides (a) GoodGist Assistants (Classic)—email-based AI assistants—and (b) Avery, our autonomous software development platform (AI Virtual Engineer for Reliable Yield). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our websites, create an account, or use our products and services (together, the “Services”). GoodGist +1

If you do not agree with this Policy, please do not use the Services.

Contact details (name, email, company, role), passwords, authentication data.

Billing details (address, tax info, payment method via our payment processor).

Assistants (Classic): emails, attachments, prompts, instructions, and related metadata you process through our assistants.

Avery: product ideas/specs, prompts, architectural notes, issues/tasks, source code and configs, test artifacts, logs, PR descriptions/comments, and deployment manifests created, ingested, or generated while you use Avery.

Third-party service identifiers and tokens you connect (e.g., GitHub/GitLab/Bitbucket, ticketing/CI tools, cloud providers like AWS/GCP/Azure, host platforms like Vercel/Netlify/Render). We store tokens encrypted and use them only to perform the actions you enable.

Event logs (feature usage, timestamps, request/response sizes), PR/CI status, deploy status, performance metrics, error diagnostics, device/OS/browser info, IP address, cookie IDs, pages viewed, referrers.

Feedback, survey responses, troubleshooting artifacts you share, and communications with our team.

Model-generated annotations (e.g., classifications, summaries), quality metrics, and aggregated statistics derived from the items above.

Note: The Services are not designed to process special categories of data (e.g., health, biometric, or children’s data). Please do not upload regulated data unless you have a written agreement with us that expressly permits it.

We use information to:

Provide the Services – authenticate users; operate features; generate Outputs (including code); run PRs/CI/CD; perform deployments; deliver email-based automations.

Improve & develop – debugging, analytics, testing new features; training and tuning models using de-identified and aggregated telemetry (not your raw code or emails) unless otherwise agreed (see “Your Choices”).

Communicate – service notices, onboarding, updates, marketing (you may opt out).

Comply with law – legal requests, disputes, enforcement of our Terms.

Actions Avery may perform (when you enable them): propose scope/acceptance criteria; create/edit issues; generate/modify code and configs; run tests/lint/security checks; open PRs; apply automated fixes; merge per your branch policies; configure pipelines; deploy; instrument telemetry.

Data Avery may access/process: repository contents and history, branches/PR metadata, build/test logs, dependency manifests, environment variables you provide, deployment targets and statuses, and runtime telemetry you opt into.

Your responsibilities: grant least-privilege tokens; set required checks and branch protections; review PRs and deployment plans; manage secrets; use staging before production.

Ownership: As between you and GoodGist, you own the Outputs Avery generates for you (including code), subject to your payment and our Terms.

Early Access / Beta: Some Avery features may be Alpha/Beta/Preview and may log additional diagnostics to improve stability and safety; such features may change or be withdrawn. (See Terms.) GoodGist

Where applicable, we process personal data on these bases:

Contract (Art. 6(1)(b)): to deliver the Services you request.

Legitimate interests (Art. 6(1)(f)): to secure and improve the Services, prevent abuse, and understand usage—balanced against your rights.

Consent (Art. 6(1)(a)): for optional cookies/marketing or where required.

Legal obligation (Art. 6(1)(c)): to comply with applicable laws.

We may share information with:

Vendors/Sub-processors who support the Services (hosting, storage, analytics, communications, support, payment, logging/monitoring).

Third-party services you connect (e.g., GitHub/CI/CD/cloud), strictly per your configuration and their terms.

Corporate transactions (merger, acquisition, financing, sale of assets).

Legal/safety – to comply with law, enforce our Terms, or protect rights, safety, and security.

We do not permit vendors to use your personal information for their own marketing.

We use necessary cookies to operate the Services and (where permitted) analytics/functional cookies to understand usage. Where required, we will request consent and provide controls to manage preferences.

We retain information for as long as needed to provide the Services, comply with legal obligations, and resolve disputes.

Assistants (Classic): email content/attachments may be retained per your settings and applicable law.

Avery: repositories are in your version control; we retain operational logs, telemetry, and job artifacts for reasonable periods to support auditing, debugging, and security (you can request shorter retention for enterprise plans).

We may retain aggregated and de-identified data without time limits when it cannot reasonably be used to identify you.

We employ administrative, technical, and physical safeguards appropriate to the risk (e.g., encryption in transit, encrypted token storage, access controls, monitoring). No system is 100% secure. You are responsible for safeguarding credentials, applying least-privilege, and promptly revoking tokens/secrets that are no longer needed.

Marketing: You may opt out of marketing emails via the link in the message.

Cookies: Use our preference tools or your browser settings to manage cookies.

Model improvement: If you require a no-training/no-retention posture for Customer Content, contact us; enterprise controls are available.

Access tokens: Rotate/revoke third-party tokens at any time from those providers.

Depending on your location, you may have rights to access, correct, delete, port, or object to/limit certain processing of your personal information. You may also withdraw consent where we rely on consent.

EEA/UK: You may lodge a complaint with your local authority (e.g., ICO in the UK).

California: We provide disclosures consistent with the CPRA. We do not knowingly “sell” or “share” personal information for cross-context behavioral advertising; if our practices change, we will update this Policy and provide required opt-out mechanisms.

To exercise rights, contact us at the address below. We may ask you to verify your identity and authority.

If we transfer personal data outside your region, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures where required.

The Services are not directed to children under 13 (or the age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided information, contact us to request deletion.

Our Services may contain links to third-party websites, apps, and services. Their privacy practices are governed by their own policies, not this Policy.

We may update this Policy periodically. If changes are material, we will provide notice (e.g., email or in-product banner) and indicate the Effective date at the top. Your continued use of the Services after changes take effect constitutes acceptance. GoodGist

GoodGist – Privacy privacy@goodgist.com