Privacy Policy

1. Information We Collect

a. Account Information

When you create an account, we collect your name, email address, and password credentials (managed by Firebase Authentication — we do not store your password directly). For employer-sponsored accounts, we collect your company email domain to associate you with your organization.

b. Information You Provide

As you use Gaite, you provide information about your life events, personal circumstances, family situation, and priorities through onboarding questions and conversations with the AI. This may include sensitive information about health, finances, legal matters, and family relationships. You control what you share.

c. Usage Data

We collect information about how you interact with the application, including which features you use, which life events you navigate, actions you complete, and how you engage with the AI assistant. This helps us improve the product.

d. Device and Technical Data

We collect standard technical information including device type, operating system, browser type, IP address, and general location (city/region level, not precise location). We use cookies and similar technologies for authentication and session management.

e. Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe’s privacy policy governs their handling of your payment data.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Gaite platform
• Personalize your action plans and AI guidance based on your situation
• Build and maintain your Living Profile (knowledge graph) to make guidance more relevant over time
• Surface relevant employee benefits for employer-sponsored users
• Send transactional emails (account confirmation, password reset, notifications you opt into)
• Analyze aggregate usage patterns to improve the product
• Provide customer support
• Process payments through Stripe

3. Employer-Sponsored Accounts

This section applies if your employer provides Gaite as a benefit.

Your employer does not see your individual data.This is by design. Gaite is intentionally not integrated into your employer’s HR or IT systems. Your conversations, life events, action plans, and personal information are private to you. Your employer has no ability to view, access, or request your individual activity.

Employers receive only aggregate, anonymized usage data: how many employees are using the platform, which categories of life events are most common, and overall benefits utilization metrics. No individual user can be identified from this data.

Employers may upload company benefits documents (plan descriptions, policies, enrollment guides) to enable the AI to answer benefits questions specific to your company. These documents are accessible to all employees in the organization but do not contain individual employee data.

4. Information Sharing

We do not sell, trade, or rent your personal information. Our business model is subscriptions, not data. This is non-negotiable.

We share information only in these limited circumstances:

• Service providers: We use third-party services to operate the platform, including Google Cloud Platform (hosting, database), Firebase (authentication), OpenAI (AI language models), Stripe (payments), SendGrid (transactional email), and Vercel (web hosting). These providers process data on our behalf under contractual obligations to protect it.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We would notify you before your information becomes subject to a different privacy policy.
• Aggregate data: We may share aggregated, non-personally identifiable information for industry analysis or reporting purposes.

5. AI and Language Models

Gaite uses large language model (LLM) technology provided by OpenAI to power its AI assistant. When you interact with the AI:

• Your conversations are sent to OpenAI’s API for processing
• We use OpenAI’s API (not consumer ChatGPT), which has a zero data retention policy for API usage
• Your conversations are not used to train OpenAI’s models
• The AI may generate content that is inaccurate or incomplete. Gaite provides guidance, not professional advice. Always consult qualified professionals for legal, medical, or financial decisions.

6. Data Security

We implement security measures including:

• Encryption of data in transit (TLS) and at rest (Google Cloud Platform default encryption)
• Authentication managed by Firebase Authentication (Google’s identity platform)
• Logical isolation of company data for enterprise accounts
• Audit logging for enterprise administrative actions
• Regular review of access controls and security practices

No method of transmission over the internet or electronic storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

7. Your Data Rights

You have the right to:

• Access: View all information Gaite has about you through your profile and Living Profile settings
• Correct: Edit or update any information at any time
• Delete: Request deletion of your account and all associated data
• Export: Request a copy of your data in a portable format
• Opt out: Unsubscribe from non-essential communications at any time

To exercise any of these rights, contact us at support@gaite.ai. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To make a CCPA request, email us at support@gaite.ai with the subject line “CCPA Request.”

9. Data Retention

We retain your account data and associated information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required by law to retain certain records (such as payment transaction records, which are maintained by Stripe).

10. Cookies

We use cookies and similar technologies for:

• Essential cookies: Authentication, session management, and security. Required for the application to function.
• Analytics cookies: Understanding how users interact with the platform to improve the product. These can be disabled in your browser settings.

We do not use advertising cookies or tracking pixels. We do not serve ads.

11. Children’s Privacy

Gaite is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it. If you believe a child under 13 has provided information to us, contact us at support@gaite.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the application. The “Last updated” date at the top of this page indicates when the policy was last revised. Your continued use of Gaite after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data: