Privacy Policy

We collect several categories of personal information about you through various means:

1.1 Information You Provide Directly

• Account Information: Name, email address, username, password, and other registration information you provide when creating an account;
• Payment Information: Credit card numbers, billing addresses, and other payment-related information processed through our third-party payment processors;
• Profile Information: Optional profile information, preferences, and settings you choose to provide;
• Communication Data: Information you provide when you contact us for support, feedback, or other communications;
• User Content: All text, files, images, audio, and other content you submit to or through the Service.

1.2 Information We Collect Automatically

• Device Information: IP address, device type, operating system, browser type and version, device identifiers, and mobile network information;
• Usage Data: Information about how you use the Service, including features accessed, time spent, interaction patterns, and performance metrics;
• Location Data: General location information derived from your IP address (not precise geolocation unless explicitly consented);
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies.

1.3 Information from Third Parties

• Authentication Services: If you use third-party authentication services (e.g., Google, GitHub), we may receive basic profile information such as your name, email address, and profile picture;
• Google User Data: When you connect Google services, we may access and collect data from your Google account including but not limited to email, calendar events, contacts, and documents as authorized by you through Google's OAuth consent process;
• Analytics Providers: Information from third-party analytics services that help us understand Service usage and performance;
• Security Services: Information from fraud prevention and security services to protect against unauthorized access.

We use your personal information for the following purposes:

2.1 Service Provision and Operation

• Providing, maintaining, and improving the Service and its features;
• Processing and responding to your requests and interactions with the AI assistant;
• Google User Data Processing: Using Google user data solely to provide and improve our AI assistant functionality, including processing emails, calendar events, and documents to provide relevant assistance and responses;
• Personalizing your experience and delivering relevant content and recommendations;
• Processing payments and managing your account and subscriptions.

2.2 Communication and Support

• Responding to your inquiries, comments, and support requests;
• Sending you service-related communications, updates, and notifications;
• Providing customer support and technical assistance;
• Conducting surveys and gathering feedback to improve our services.

2.3 Analytics and Improvement

• Analyzing usage patterns to understand how the Service is used and to improve functionality;
• Conducting research and analytics to enhance our AI models and algorithms;
• Monitoring and analyzing trends, usage, and activities in connection with the Service;
• Developing new features, services, and products.

2.4 Security and Legal Compliance

• Protecting against fraud, unauthorized access, and other security threats;
• Investigating and preventing violations of our Terms of Service;
• Complying with applicable laws, regulations, and legal obligations;
• Enforcing our rights and protecting our property and interests.

We do not sell, rent, or lease your personal information to third parties. We do not sell Google user data to third parties. However, we may share your information in the following limited circumstances:

3.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting and infrastructure providers;
• Payment processing companies;
• Customer support and communication platforms;
• Analytics and monitoring services;
• Security and fraud prevention services.

Google User Data: We only share Google user data with service providers who are necessary for providing our AI assistant functionality and who have agreed to appropriate data protection measures. We do not transfer Google user data to third parties for advertising or other unrelated purposes.

3.2 Legal Requirements

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or government request;
• Protect and defend our rights or property;
• Prevent or investigate possible wrongdoing in connection with the Service;
• Protect the personal safety of users of the Service or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

We use cookies and similar tracking technologies to collect information about your use of the Service. These technologies include:

4.1 Types of Cookies

• Essential Cookies: Required for basic Service functionality and cannot be disabled;
• Analytics Cookies: Help us understand how you use the Service and improve its performance;
• Preference Cookies: Remember your settings and preferences for a better user experience;
• Third-Party Cookies: Placed by our service providers for analytics and security purposes.

4.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service. For more information about managing cookies, please refer to your browser's help documentation.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols;
• Access controls and authentication mechanisms to limit access to personal information;
• Regular security assessments and monitoring of our systems;
• Employee training on data privacy and security best practices;
• Incident response procedures to address potential security breaches.
• Google User Data Protection: Enhanced security measures for Google user data including restricted access on a need-to-know basis, secure API connections, and compliance with Google's security requirements.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to:

• Access the personal information we hold about you;
• Receive a copy of your personal information in a structured, commonly used format;
• Request information about how we use and share your data.

6.2 Correction and Deletion

You have the right to:

• Correct or update inaccurate or incomplete personal information;
• Request deletion of your personal information in certain circumstances;
• Withdraw consent where our processing is based on your consent.

6.3 Restriction and Objection

You have the right to:

• Restrict the processing of your personal information in certain circumstances;
• Object to processing based on our legitimate interests;
• Opt-out of marketing communications.

To exercise these rights, please contact us using the information provided in Section 10.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account information: Retained while your account is active and for a reasonable period after closure;
• Usage data: Typically retained for up to 24 months for analytics and improvement purposes;
• Payment information: Retained as required by law and for legitimate business purposes;
• Support communications: Retained for up to 3 years for quality assurance and legal compliance.
• Google User Data: Retained only as long as necessary to provide our services or as required by law. You can request deletion of your Google user data at any time through your account settings or by contacting us directly.

We may retain certain information for longer periods when required by law or for legitimate business purposes such as fraud prevention and security. Google user data is deleted when no longer necessary for providing our AI assistant services.

Your personal information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country. When we transfer your information internationally, we implement appropriate safeguards to protect your information, including:

• Standard contractual clauses approved by relevant data protection authorities;
• Adequacy decisions confirming that the destination country provides adequate protection;
• Other appropriate safeguards as required by applicable law.

The Service may contain links to or integrate with third-party websites, applications, or services. This Privacy Policy does not apply to these third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our Service.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

• Post the updated Policy on our website;
• Update the "Effective Date" at the top of this Policy;
• Provide notice through the Service or via email for significant changes;
• Obtain your consent where required by applicable law.

Your continued use of the Service after any changes become effective constitutes your acceptance of the updated Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@heygaia.so

12.1 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used;
• Right to request deletion of personal information;
• Right to opt-out of the sale of personal information (we do not sell personal information);
• Right to non-discrimination for exercising your privacy rights.

12.2 European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data based on consent, contract performance, legitimate interests, or legal obligations;
• Right to lodge a complaint with your local data protection authority;
• Right to data portability in machine-readable format;
• Enhanced rights regarding automated decision-making and profiling.