Privacy Policy

1. Introduction

At Gyld ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using our services, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Our Commitment to Privacy

3. Information We Collect

3.1 Information You Provide

• Account information (name, email address, password)
• Profile information you choose to provide
• Content you create, upload, or share through our services
• Communications you send to us (support requests, feedback)
• Payment information (processed securely through third-party payment processors)

3.2 Information Automatically Collected

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Analytics data to improve our services

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Develop new features and services
• Detect, prevent, and address technical issues
• Protect against fraudulent or illegal activity
• Comply with legal obligations

5. Data Sharing and Disclosure

• With your consent: We may share information with your explicit consent
• Service providers: We work with trusted third-party services (hosting, analytics, payment processing) under strict confidentiality agreements
• Legal requirements: If required by law or to protect rights, property, or safety
• Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security audits and assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-out: Opt-out of marketing communications
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at curt@gyld.ai

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Keep you logged in to your account
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Deliver relevant content and features

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our services.

9. Third-Party Services

We use the following third-party services that may collect information:

• Vercel Analytics: For website analytics and performance monitoring
• Stripe: For payment processing
• Supabase: For database and authentication services
• OpenAI, Anthropic, Google: For AI model services

These services have their own privacy policies, and we encourage you to review them.

10. Google API Services User Data Policy (Limited Use)

Specifically, Gyld:

• Only uses Google user data to provide or improve the user-facing features of the Gyld app that are prominent in the app's user interface.
• Does not use Google user data for serving advertisements, including retargeting or personalized advertising.
• Does not transfer Google user data to third parties except as necessary to provide or improve the app, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent.
• Does not allow humans to read Google user data, except (a) with the user's affirmative consent for specific messages; (b) as necessary for security purposes (e.g., investigating abuse); (c) to comply with applicable law; or (d) for internal operations, and then only where the data has been aggregated and anonymized.
• Does not use Google user data to develop, improve, or train generalized AI or machine-learning models.

11. Data From Connected Apps (OAuth Scopes)

When you connect a third-party app to Gyld, we request the minimum OAuth scopes necessary for the capabilities you enable. We never silently upgrade scope requests, and we never request access to data unrelated to the features you've asked the AI employee to perform.

Google Services

• Gmail — we read messages so the AI employee can summarize your inbox, draft replies, label/archive/search at your request, and send mail on your behalf only when you explicitly trigger a send.
• Google Calendar — we read your calendars to check availability and create/update/delete events the AI employee schedules for you.
• Google Drive, Docs, Sheets, Slides — we open, read, and update only the files, documents, spreadsheets, and presentations you reference in your instructions. We do not index your whole Drive.
• Google Meet, YouTube, Analytics, Ads, Search Console, Maps — each is scoped to the specific API actions the corresponding AI capability performs (creating meetings, listing videos, reading a report, etc.).

Microsoft Services

• Outlook, Teams, OneDrive, SharePoint, Excel — equivalent capabilities for Microsoft-based inboxes, calendars, and files through Microsoft Graph. Same minimum- scope principle as Google.

Other Providers

Slack, Notion, HubSpot, Salesforce, Linear, GitHub, Asana, Trello, Calendly, Zoom, Stripe, QuickBooks, Shopify, and other integrations follow the same pattern: we request only what's needed for the capabilities you enable, and we only act on your explicit instructions.

You can revoke Gyld's access to any connected app at any time — either by disconnecting in Gyld's Apps page, or directly from that provider's security/permissions page (for Google: myaccount.google.com/permissions; for Microsoft: account.microsoft.com/consent).

12. Deleting Your Data

You have the right to delete your Gyld account and all associated data at any time. There are three ways to do so:

• Self-service: from Settings → Account → Delete account inside the app. This immediately revokes all active OAuth connections and queues permanent deletion of your account data within 30 days.
• Email request: send a request to support@gyld.ai with the subject "Delete my account". We respond within 3 business days and complete deletion within 30 days of receipt.
• Revoke at the provider: you can sever Gyld's access to any connected third-party app (e.g. Gmail) from that provider's security/permissions page without deleting your Gyld account.

Data retained after account deletion is limited to what we are legally required to preserve (e.g., billing records under tax law) and is stored encrypted with restricted access until retention expires.

13. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information. This age threshold complies with GDPR requirements for digital consent in the European Union.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. When we transfer personal data outside of the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for the destination country
• Other lawful transfer mechanisms as required under applicable data protection laws

15. Data Retention

We retain your personal information only for as long as necessary to provide our services and fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Concrete retention windows we follow:

• Account data (email, profile, agent configurations): retained while your account is active; deleted within 30 days of account deletion.
• OAuth tokens for connected apps (Google, Microsoft, etc.): retained while the connection is active; revoked and deleted immediately when you disconnect the app or delete your account.
• Data fetched from connected apps (e.g. email content your AI employee reads to perform a task): held in memory only for the duration of the request, or in short-lived conversation memory (up to 30 days) if required for follow-up context. Never used to train generalized AI models.
• Automated task execution logs: retained up to 90 days for debugging and support, then automatically purged.
• Billing records: retained up to 7 years where required by tax and accounting law.

When retention expires we securely delete or irreversibly anonymize the information.

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

17. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR. We process your personal data based on the following legal bases:

• Performance of a contract: Processing necessary to provide you with our services
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security, provided these interests are not overridden by your rights
• Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., marketing communications)
• Legal obligation: Processing necessary to comply with applicable laws and regulations

Your Rights Under GDPR

In addition to the rights listed in Section 7, European residents have the right to:

• Object to processing: You may object to our processing of your personal data based on legitimate interests
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority
• Data portability: You may request your personal data in a structured, commonly used, and machine-readable format
• Right to erasure: You may request deletion of your personal data, subject to our legal retention obligations

Data Protection Officer

For any GDPR-related inquiries or to exercise your rights, please contact us at curt@gyld.ai. We will respond to your request within 30 days, as required by applicable law.

Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. For UK residents, you may contact the Information Commissioner's Office (ICO).

18. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date at the top.

19. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at: