Privacy Policy

We collect information to provide, improve, and personalize our Service. The types of information we collect include: Personal Information You Provide: • Account registration details (name, email address, password) • Billing information (payment method, billing address) • Profile information (company name, role, preferences) • Communications you send to us (support requests, feedback) Information Collected Automatically: • Device information (browser type, operating system, device identifiers) • Usage data (features used, actions taken, timestamps, session duration) • Log data (IP address, access times, pages viewed, referring URLs) • Cookies and similar tracking technologies (see Section 5) Information from Third-Party Integrations: • Data from services you connect to your Good Folks account (email providers, calendar services, smart home platforms) • Authentication data from single sign-on providers • Information from analytics and advertising partners AI Interaction Data: • Commands and instructions you provide to AI agents • Task history and agent interaction logs • Outputs and results generated by AI agents on your behalf

We use the information we collect for the following purposes: Service Delivery and Operations: • To create and manage your account • To provide, operate, and maintain the Service • To process transactions and send related billing information • To enable AI agents to perform tasks on your behalf Improvement and Personalization: • To understand how users interact with our Service • To develop new features, products, and services • To personalize your experience and AI agent behavior • To conduct research and analysis to improve our platform Communication: • To send you technical notices, updates, and security alerts • To respond to your comments, questions, and support requests • To send promotional communications (with your consent, where required) • To provide information about new features and services Safety and Compliance: • To detect, investigate, and prevent fraudulent or unauthorized activity • To comply with legal obligations and enforce our Terms of Service • To protect the rights, property, and safety of our users and the public

We do not sell your personal information. We may share your information in the following circumstances: Service Providers: We share information with third-party vendors who perform services on our behalf, such as payment processing, data hosting, customer support, and analytics. These providers are contractually obligated to use your information only as necessary to provide services to us. Third-Party Integrations: When you connect third-party services to your Good Folks account, we share information as necessary to enable those integrations. Your use of third-party services is governed by their respective privacy policies. Business Transfers: If Good Folks Inc. is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information. Legal Requirements: We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public. With Your Consent: We may share your information for any other purpose with your explicit consent.

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including: • Encryption of data in transit using TLS 1.3 • Encryption of data at rest using AES-256 encryption • Regular security assessments and penetration testing • Access controls and authentication mechanisms for internal systems • Employee security training and background checks • Incident response procedures and breach notification protocols • Secure software development practices • Regular backup and disaster recovery procedures While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. If you become aware of any unauthorized access to your account, please contact us immediately at [email protected].

We use cookies and similar tracking technologies to collect and track information about your use of our Service. Types of cookies we use include: Essential Cookies: Required for the Service to function properly. These cannot be disabled. They include session management, authentication, and security cookies. Analytics Cookies: Help us understand how users interact with our Service. We use these to analyze trends, track user movements, and gather demographic information. You may opt out of analytics cookies through your browser settings. Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings. Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These are only set with your consent where required by law. You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be alerted when cookies are being set. Please note that disabling certain cookies may affect the functionality of the Service.

Depending on your location, you may have the following rights regarding your personal information: • Access: Request a copy of the personal information we hold about you • Correction: Request that we correct inaccurate or incomplete personal information • Deletion: Request that we delete your personal information, subject to legal retention requirements • Portability: Request a copy of your data in a structured, machine-readable format • Restriction: Request that we restrict processing of your personal information • Objection: Object to our processing of your personal information for certain purposes • Withdrawal of Consent: Withdraw consent where processing is based on your consent To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or sooner if required by applicable law. We may need to verify your identity before processing your request. You may also opt out of promotional emails by clicking the "unsubscribe" link in any marketing email we send you.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply: Legal Bases for Processing: We process your personal data based on one or more of the following legal bases: • Performance of a contract (providing the Service to you) • Legitimate interests (improving our Service, security, fraud prevention) • Consent (marketing communications, certain cookies) • Legal obligation (compliance with applicable laws) Data Transfers: When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or reliance on the recipient's participation in an approved data transfer framework. Data Protection Officer: You may contact our data protection team at [email protected] for any GDPR-related inquiries. Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights: Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the purposes for collection, the categories of sources, and the categories of third parties with whom we share your information. Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions. Right to Opt Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. Categories of Personal Information Collected (past 12 months): • Identifiers (name, email, IP address) • Commercial information (billing history, subscription details) • Internet or network activity (usage data, browsing history on our Service) • Professional information (company, role) • Inferences (preferences, characteristics derived from the above) To exercise your CCPA rights, contact us at [email protected] or submit a request through your account settings.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, and applicable legal requirements. Specifically: • Account data is retained for the duration of your account and up to 90 days after deletion • Billing records are retained for 7 years for tax and accounting purposes • Usage logs are retained for up to 24 months • AI interaction data is retained for up to 12 months after account deletion, unless you request earlier deletion • Anonymized and aggregated data may be retained indefinitely for analytical purposes

Good Folks Inc. is based in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. We take appropriate measures to ensure that your personal information remains protected in accordance with this Privacy Policy, regardless of where it is processed.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by: • Posting the updated Privacy Policy on this page • Updating the "Last Updated" date at the top of this page • Sending you an email notification for material changes (where we have your email) We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Good Folks Inc. Email: [email protected] Website: https://goodfolks.ai For GDPR-related inquiries, you may also contact our data protection team at the email address above. We will do our best to respond to your inquiry within 30 days.