This Privacy Policy explains how Gondoor ("we," "us," or "our") collects, uses, stores, and shares personal information when you use our website at gondoor.app, our product, and related services (collectively, the "Platform").
Account information: Email address, name, profile fields, timezone, and authentication metadata provided during signup.
Onboarding data: Business idea descriptions, inferred background information, and generated business plans, competitive analyses, roadmaps, and strategy documents produced during the onboarding process.
Usage information: Product actions, task history, agent execution logs, and performance and diagnostic events.
Communication data: Emails sent and received through your business email address, support messages, and related metadata.
Agent-generated content: Code, websites, blog posts, social media drafts, ad creatives, research findings, strategy documents, and any other content produced by AI agents on your behalf.
Device and network data: IP address, user agent, browser type, and session identifiers.
Billing data: Payment method identifiers stored by our third-party payment processor (we do not store full card numbers), transaction records, job credit balances, and subscription status.
Customer payment data: Transaction records, subscription status, and chargeback or dispute metadata for payments your customers make through the Platform.
Infrastructure data: Code repository metadata, website deployment configurations, database connection details, and related infrastructure credentials. Credentials are stored encrypted.
Research data: Competitive intelligence, market analysis, and opportunity scan results gathered from publicly available sources.
Advertising data: Campaign performance metrics, ad creative metadata, targeting parameters, and conversion events when advertising features are enabled.
We use the information we collect to:
Provide the Platform: Authenticate your account, run onboarding research, deploy your website, provision your code repository and database, and activate your business email.
Run autonomous operations: Execute the nightly evaluation and task cycle, during which the CEO agent evaluates your business and dispatches tasks to specialist agents.
Process tasks: Execute on-demand tasks initiated by you that consume job credits.
Send communications: Deliver morning briefing emails, support agent responses, business emails on your behalf, and service notifications.
Manage advertising: Create, manage, and optimize advertising campaigns on your behalf when advertising features are enabled.
Process payments: Handle subscriptions, job credit purchases, and customer revenue collection.
Conduct research: Generate competitive intelligence and market analysis from publicly available sources to inform your business strategy.
Improve the Platform: Monitor quality, prevent abuse, investigate incidents, and improve reliability and performance.
We process personal data where needed to:
Perform our contract with you: Service delivery, agent operations, infrastructure provisioning, email management, and customer support.
Comply with legal obligations: Tax reporting, fraud prevention, and responding to lawful legal requests.
Pursue legitimate business interests: Platform security, product improvement, abuse prevention, and service reliability.
We share data with categories of service providers necessary to operate the Platform. These include:
AI model providers: Prompts, business context, and task instructions are sent to AI model providers to power agent operations and generate content. We use commercially available large language models. Provider-specific data handling policies apply.
Hosting and infrastructure providers: Application data and deployment configurations are shared with hosting, cloud, and infrastructure providers to serve the Platform and user websites.
Database providers: User data, business data, and agent results are stored with database service providers. User application databases are provisioned through managed database services.
Code hosting providers: User application code is stored in repositories managed through code hosting services.
Email delivery providers: Outbound email content, recipient addresses, and morning briefing content are shared with email delivery services.
Payment processors: Billing information, subscription data, and customer payment data are processed by third-party payment processors. We do not store full credit card numbers.
Advertising platforms: When advertising features are enabled, ad creative metadata, targeting parameters, and campaign performance data are shared with advertising platforms.
Social media distribution: When distribution features are enabled, social media content is shared with distribution service providers for cross-platform posting.
We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We may also disclose data when required by law, to enforce our Terms, or to protect rights and safety.
You own your code, your data, and your content. All code generated by AI agents is stored in a repository provisioned for your account and may be exported at any time. All business data, research findings, and documents are exportable. Websites deployed for your business are yours to migrate. The Gondoor platform, agent prompts, and proprietary systems remain our intellectual property.
We use cookies and similar technologies for session authentication, product functionality, and basic analytics. We do not use third-party advertising trackers on the Gondoor platform beyond those required for advertising features you explicitly enable. You can manage cookies through your browser settings, but disabling required cookies may impact core product functionality.
Account data: Retained for the life of your account.
Agent execution logs: Retained for 90 days for debugging and quality purposes, then automatically deleted.
Research results: Retained for the life of your account. Deleted upon account termination after the soft-delete period.
Morning briefing content: Retained for the life of your account.
Infrastructure credentials: Encrypted credentials are deleted immediately upon resource teardown or account termination.
Advertising data: Campaign metrics and performance data are retained for the life of your account plus 12 months for reporting purposes.
Account deletion: Upon request, we apply a 30-day soft-delete period before permanent deletion, unless longer retention is required by law. Code repositories and website deployments provisioned for your account are not automatically deleted during this period, as you own them independently. You are responsible for exporting any data you wish to retain before deletion is finalized.
We may retain de-identified or aggregated data that does not identify you.
We use technical and organizational safeguards to protect personal data, including:
Encryption: Infrastructure credentials and API tokens are encrypted at rest. All data in transit uses TLS encryption.
Access control: Row-level security policies ensure users can only access their own data at the database level.
Payment security: All payment processing is handled by third-party payment processors. We do not store credit card numbers.
Infrastructure isolation:Each user's application database is isolated. Code repositories are individually permissioned.
No method of storage or transmission is perfectly secure. We cannot guarantee absolute security.
Access and update: You can view and update your profile information in the Platform dashboard.
Data export: You can export your code, website, and business data at any time. You may also request a full data export by contacting us.
Account deletion: You can request account deletion from your settings or by contacting us at privacy@gondoor.app.
Email preferences: You can unsubscribe from morning briefings and marketing emails using the unsubscribe link in any email.
Agent controls: You can disable specific agents, limit their scope, or adjust autonomous operation settings through the CEO agent chat or your account settings.
Advertising controls: You can disable advertising features and associated data sharing at any time in your account settings.
If you are a resident of a US state with applicable privacy legislation (such as California, Colorado, Connecticut, Virginia, or similar), you may have additional rights including the right to access, correct, or delete your personal information, and the right to opt out of certain data sharing.
We do not sell personal information. We do not use personal information for targeted advertising beyond campaign management performed at your direction through the advertising agent.
To exercise your rights, contact privacy@gondoor.app. We will respond within the timeframes required by applicable law.
Gondoor and its service providers may process data in countries outside your country of residence, including the United States. We use contractual and operational safeguards designed to protect transferred personal data.
Gondoor is not intended for individuals under 18 years of age, and we do not knowingly collect data from children.
We may update this Privacy Policy from time to time. The effective date at the top of this document indicates the current version. We will notify you of material changes via email or through the Platform. Continued use of the Platform after updates means the updated policy applies.
If you have questions about this Privacy Policy, contact us at:
Privacy inquiries: privacy@gondoor.app
General support: support@gondoor.app
Website: gondoor.app
Policy version: 2026-03-24