Privacy Policy

• Service Delivery: Provide, operate, and maintain AI coaching services; generate personalized business insights and recommendations.
• AI Model Improvement: Improve our AI models and algorithms using de-identified and aggregated data only, unless you opt in to additional training use.
• Personalization: Customize your coaching experience, tailor recommendations, and adapt our AI responses to your business context and goals.
• Communications: Send transactional emails, service updates, product announcements, and marketing communications (with your consent where required).
• Analytics and Research: Analyze usage patterns, measure platform performance, and develop new features and services.
• Security and Compliance: Detect, prevent, and address fraud, abuse, security incidents, and technical issues; comply with legal obligations.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contractual Necessity: Processing necessary to perform our contract with you and deliver the Services.
• Legitimate Interest: Processing for fraud prevention, security, platform improvement, and analytics, where not overridden by your rights.
• Consent: Processing based on your explicit consent, such as for marketing communications or optional AI training participation.
• Legal Obligation: Processing required by applicable law or regulation.

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: Trusted vendors who help us operate the Platform, including cloud hosting, payment processing, analytics, and email delivery. All service providers are bound by data processing agreements.
• AI Infrastructure Partners: Third-party AI model providers who process data solely to deliver our Services, subject to strict contractual protections.
• Legal Requirements: When required by law, subpoena, court order, or government request; to protect our legal rights; or to prevent imminent harm or illegal activity.
• Business Transfers: In connection with a merger, acquisition, financing, or sale of company assets. You will be notified of any such change.
• With Your Consent: When you have explicitly authorized us to share your information with a specific third party.

• Account Data: Retained for the duration of your account and for 30 days after account deletion to allow for reactivation.
• Coaching Session Data: Retained for the duration of your account. You may delete individual sessions at any time through your account settings.
• Usage and Analytics Data: Retained in identifiable form for up to 24 months, then aggregated or anonymized.
• Legal and Compliance Records: Retained as required by applicable law (e.g., tax records for 7 years).

We use the following categories of cookies and similar technologies:

You can manage cookie preferences through our cookie banner or your browser settings. Disabling essential cookies may affect Platform functionality.

We implement industry-standard technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls and multi-factor authentication for internal systems.
• Regular security assessments, penetration testing, and vulnerability scanning.
• Incident response procedures with notification within 72 hours of a confirmed breach affecting your personal data.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

Your data may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer personal data across borders, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data Processing Agreements with all service providers and sub-processors.
• Supplementary measures including encryption and access controls where required.
• Compliance with the UK International Data Transfer Agreement (IDTA) for UK residents.

Our Services are designed for business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal data, please contact us at hello@goldeneggs.co.

Our Platform may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal data. This Privacy Policy applies solely to information collected by our Platform.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our Platform with a revised "Last Updated" date. For significant changes, we will provide additional notice through email or an in-app notification.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EEA residents, you also have the right to lodge a complaint with your local supervisory authority if you believe your personal data has been processed in violation of applicable data protection laws.