Privacy Policy

Effective January 4, 2026 · Updated April 13, 2026

01 Overview

GOSH AI ("we," "our," or "us") is committed to protecting privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when accessing our website or services.

GOSH AI is headquartered in the United States and operates globally, providing services across multiple regions and jurisdictions.

By using our website or services, you acknowledge the practices described in this Policy.

02 Information We Collect

Information You Provide

We may collect personal information you voluntarily provide, including:

• Name
• Email address
• Phone number
• Company name
• Job title
• Billing and payment details
• Information submitted through forms or service engagements

Automatically Collected Information

When visiting our website, we may collect:

• IP address
• Browser and device information
• Pages visited and time spent
• Referral sources
• Cookie and tracking data

Client Engagement Data

In providing services, we may access or process:

• Public website content
• Analytics and performance data
• SEO and structured data
• AI visibility and citation data
• Other digital assets necessary to fulfill contractual obligations

We do not intentionally collect sensitive personal information unless explicitly required for a contracted engagement.

Business Contact Data (B2B Outreach)

We may collect and process limited professional contact information for business-to-business outreach purposes, including:

• Name
• Business email address
• Job title
• Company name
• Publicly available professional information

03 Legal Basis for Processing (EEA / UK / LATAM)

Where applicable under the General Data Protection Regulation (GDPR), Brazil's LGPD, and similar laws, we process personal data based on:

• Performance of a contract
• Legitimate business interests
• Compliance with legal obligations
• Consent (where required)

Legitimate Interest (B2B Communications)

We process professional contact data under the legal basis of legitimate interest for business communications.

Our legitimate interests include:

• Identifying and contacting relevant business professionals regarding services that may benefit their organization
• Conducting analysis related to AI visibility, digital presence, and market positioning
• Sharing insights that are relevant to a recipient's professional role

We only engage in outreach where there is a reasonable expectation that the communication is relevant to the recipient's role and business context.

04 How We Use Information

We use collected information to:

• Deliver and improve our services
• Conduct AI visibility and optimization analysis
• Communicate with clients and relevant business professionals
• Maintain website functionality and performance
• Send business-related communications (with opt-out capability)
• Protect against fraud or misuse
• Comply with legal obligations

We do not sell personal information.

05 Sources of Data

We may obtain personal data from:

• Publicly available sources (e.g., company websites, directories)
• Business intelligence and data providers
• Public professional profiles
• Direct interactions with individuals or organizations

We take reasonable steps to ensure that data sources are reputable and appropriate for business use.

06 Disclosure of Information

We may share information with trusted third-party service providers that support our operations, including:

• Hosting providers
• Analytics platforms
• CRM systems
• Email delivery platforms
• Payment processors
• Cloud infrastructure providers

These providers are contractually required to protect data and use it only for authorized purposes.

We may disclose information when required by law or to protect our legal rights.

07 Data Retention

We retain personal information only for as long as necessary to:

• Fulfill contractual obligations
• Meet legal and regulatory requirements
• Resolve disputes
• Enforce agreements

For B2B outreach data, we retain contact information only as long as relevant for business communication purposes or until an individual opts out.

We maintain suppression records to ensure individuals who opt out are not contacted again.

08 Data Security

We implement commercially reasonable administrative, technical, and organizational safeguards to protect personal information against unauthorized access, disclosure, or misuse.

While we strive to protect information, no method of transmission or storage is completely secure.

09 Your Rights

Depending on your jurisdiction, you may have the right to:

• Request access to personal information
• Request correction or deletion
• Restrict or object to processing
• Request data portability
• Withdraw consent where applicable

Right to Object (Direct Marketing)

You have the right to object at any time to processing of your personal data for direct marketing purposes.

You may exercise this right by:

• Using the unsubscribe mechanism in our communications, or
• Contacting us at privacy@mygosh.ai

We will honor such requests promptly and maintain a record to prevent further contact.

California Residents (CCPA)

California residents may request:

• Disclosure of categories of personal information collected
• Deletion of personal information
• Confirmation that personal information is not sold

Requests may be submitted to privacy@mygosh.ai. We will take reasonable steps to verify identity before responding.

10 International Data Transfers

Information may be transferred to and processed in the United States or other jurisdictions where we or our service providers operate.

Where required, we implement appropriate safeguards for cross-border data transfers in accordance with applicable laws.

11 Children's Privacy

Our services are not directed to individuals under 13 years of age, and we do not knowingly collect personal information from children.

12 Updates

We may update this Privacy Policy periodically. The revised version will be posted with an updated effective date.

13 Contact