Skip to main content

Privacy Policy

Effective date: March 30, 2026

1. Information We Collect

When you create an account we collect your name, email address, and a hashed password. When you purchase a course or subscription we process payment through Stripe; we never store full card numbers on our servers.

We automatically collect usage data such as page views, feature-flag evaluations, and event analytics to improve the platform. This data is associated with your project and is accessible from your dashboard.

2. How We Use Your Information

3. Data Sharing

We do not sell your personal data. We share information only with service providers that help us operate (Stripe for payments, email delivery providers, hosting on Vercel and Railway, database on Neon) under strict data-processing agreements.

4. Data Retention

Account data is retained while your account is active. Event and analytics data is retained according to your plan's retention window. You may request deletion of your account and associated data at any time from your account settings.

5. Cookies

We use essential cookies for authentication (session tokens) and project context. We do not use third-party advertising cookies. See our Cookie Policy for details.

6. Your Rights

You may access, correct, export, or delete your personal data from your account settings. If you are in the EU/EEA you may exercise your GDPR rights by contacting us at privacy@goatech.ai.

7. Security

We protect your data with encryption in transit (TLS), hashed passwords (bcrypt), hashed API keys (SHA-256), and HttpOnly session cookies. We conduct regular security reviews of our codebase and dependencies.

8. Changes

We may update this policy from time to time. Material changes will be communicated via email or an in-app banner. Continued use after changes constitutes acceptance.

9. Contact

Questions about this policy? Email us at privacy@goatech.ai.