OpenGoose · Legal

Privacy Policy

How we collect, use, share, and protect your information.

Effective 7 July 2026 · Last updated 7 July 2026 · Version 1.0

This Privacy Policy explains how GooseMind LLC ("OpenGoose," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the OpenGoose applications, website, and services (the "Services"). It is part of, and incorporated into, our Terms of Service.

The essentials.
  • You control your content. We host and sync it to run the Services, and we do not use it to train AI models.
  • AI features work by sending your inputs to third-party AI providers (for example, the providers of Claude, GPT, Gemini, Grok, DeepSeek, Kimi, or Qwen, and an image model for image generation) so they can generate responses. We tell you which providers are involved, and you consent when you use an AI feature.
  • We earn from subscriptions — not from your data. We do not sell your personal information or share it for cross-context behavioral advertising.
  • You can access, export, or delete your data, including deleting your account from within the app.

1. Scope & Who We Are

This Policy applies to personal information we process in connection with the Services across all platforms (macOS, iOS, Windows, Linux, Android, and web). The controller responsible for your information (the "business" under U.S. state laws, or "personal information handler" under the PIPL) is GooseMind LLC, San Jose, California, USA. For BYOK usage (Section 6), when you use your own model-provider keys, that provider is an independent controller of the data you send to it. This Policy does not cover third-party services you separately access, which are governed by their own policies.

2. Information We Collect

We collect the following categories of personal information, depending on how you use the Services:

CategoryExamples
Account & identityEmail address, display name, authentication credentials (managed by our authentication provider), and, for OAuth sign-in, basic profile data from the provider you choose.
User contentThe content you create or submit through the Services: chat prompts and conversations, files and images you attach, images generated for you, and any information you ask the assistant to remember ("memory").
Usage & log dataFeature usage, model selections, credit/usage consumption, timestamps, diagnostic and crash logs, and performance metrics.
Device & technicalDevice type, operating system and version, app version, language and locale, IP address, approximate location inferred from IP (e.g., country/region), and device or other identifiers.
Payment & transactionSubscription plan, purchase history, and billing status. Card details are collected and processed by our payment processor (Stripe) or the Apple App Store / Google Play; we do not store full card numbers.
Communications & supportMessages you send us, support requests, and your marketing-communication preferences.
Cookies & local storageCookies, local storage, and similar technologies used for authentication, preferences, and (where enabled) analytics — see Section 9.

Sensitive information. You may choose to include sensitive information in your prompts or files. We process such content to provide the Services at your direction, but do not seek it out or use it to infer characteristics about you for our own purposes. Please avoid submitting sensitive information you do not want processed to deliver a feature.

3. How We Collect It

We collect information: (a) directly from you, when you register, use the Services, create Content, subscribe, or contact us; (b) automatically, through your use of the Services (usage, log, device, and cookie data); and (c) from third parties, such as authentication/OAuth providers when you sign in, and payment processors and app stores when you subscribe.

4. How We Use Information

5. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area (EEA) or the United Kingdom, we rely on these legal bases under the GDPR / UK GDPR:

Where you include special-category data in your Content, we process it based on your explicit consent or because you have manifestly made it public through the way you use the Services, as applicable.

6. AI Processing & Third-Party Model Providers

Please read this section. AI features necessarily involve sharing your Content with third-party AI providers so they can generate responses. By using an AI feature, you direct us (or, in BYOK mode, configure the Services) to transmit the relevant Content for that purpose, and you consent to that sharing.

Cloud Service (routed by OpenGoose). When you use an AI model through our Cloud Service, we transmit your inputs and the context needed to fulfill your request (which may include prior messages in the conversation, attached files, or memory you have enabled) to the applicable model provider, receive the AI Output, and return it to you. We select providers and use their services under terms that do not use submitted data to train their models by default, and we do not use your Content to train our own or others' models.

BYOK (your own keys). When you configure your own model-provider credentials, your inputs are sent directly to the provider you selected, under your own account and that provider's terms and privacy policy. In that case, the provider is an independent controller of the data you send, and its handling is governed by your agreement with it, not this Policy.

Model providers. Depending on the model you choose, providers may include Anthropic (Claude), OpenAI (GPT), Google (Gemini), xAI (Grok, and image generation), DeepSeek, Moonshot AI (Kimi), and Alibaba Cloud (Qwen). These providers may process data outside your country (Section 10). We may also reach model providers through a cloud model-hosting platform.

Image generation. When you generate an image, your prompt (and any input image) is sent to the applicable image provider to produce the result, which is stored with your conversation and synced to your devices.

Memory. If you enable memory, information you ask the assistant to remember is stored to personalize future responses and may be sent as context to model providers when relevant. You can review and delete memory where the Services provide those controls.

7. How We Share Information

We share personal information only as described here. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Key sub-processors and service providers:

ProviderPurpose
SupabaseAuthentication and managed database (account and application data).
Cloudflare (R2 & edge)Object storage for files and generated images; content delivery and security.
StripePayment processing and subscription management (web/desktop).
Apple App Store / Google PlayIn-app purchases, subscriptions, and billing on mobile.
AI model providersGenerating AI Output — Anthropic, OpenAI, Google, xAI, DeepSeek, Moonshot AI, and Alibaba Cloud, depending on the model you select.
Cloud hosting / infrastructureRunning the backend servers and processing requests, using reputable cloud infrastructure providers located primarily in the United States.

8. Memory & Public Sharing

Memory. See Section 6. Memory is optional and can be reviewed and deleted where the Services provide those controls.

Public sharing. When you create a share link, a read-only snapshot of the selected conversation, including attachments and generated images, is copied to public storage and made accessible to anyone with the link, without sign-in, until you revoke it. Do not share content containing personal or confidential information you are not authorized to disclose. After you revoke a link, we disable access and remove the public copy, but content already viewed, cached, indexed, or copied by others may persist beyond our control.

9. Cookies & Similar Technologies

On our website and in web-based parts of the Services, we and our providers use cookies, local storage, and similar technologies for: (a) strictly necessary purposes such as authentication, security, and session management; (b) preferences such as language; and (c) where enabled, analytics to understand usage. You can control non-essential cookies through your browser settings (and our cookie controls where provided); blocking some cookies may affect functionality. Where required, we obtain consent for non-essential cookies.

10. International Data Transfers

We and our providers may process and store personal information in countries other than your own, including the United States and other countries where our infrastructure and model providers operate, which may have different data-protection laws. Where we transfer personal information from the EEA, the UK, or other regions with transfer restrictions, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an applicable adequacy decision. You may request information about these safeguards using the contact details in Section 22.

11. Data Retention

We retain personal information for as long as needed to provide the Services and for the purposes in this Policy, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. In general: your account and User Content are retained while your account is active; when you delete Content or your account, we delete or de-identify the associated personal information within 30 days, except for limited data retained in backups (overwritten on a rolling basis and retained no longer than 90 days) or as required by law. Diagnostic and log data are generally retained for up to 12 months.

12. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS), encryption at rest provided by our infrastructure providers, access controls and least-privilege practices, and authentication managed by our identity provider. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; you are responsible for keeping your credentials and devices secure.

We are exploring end-to-end encryption for certain features in the future. Unless and until a feature is expressly described in-product as end-to-end encrypted, you should not assume it is; we do not currently represent that the Services provide end-to-end encryption.

13. Your Rights & Choices

Subject to your location and applicable law, you may have rights to access, correct, delete, and port your personal information, and to object to or restrict certain processing or withdraw consent. You can exercise many of these directly in the Services:

To make a request or ask a question, contact [email protected]. We will respond within the timeframe required by applicable law and may need to verify your identity. You will not be discriminated against for exercising your rights, and you may use an authorized agent where the law allows. If you are unsatisfied, you may have the right to complain to your data-protection authority (see Sections 14–16).

14. EEA & UK (GDPR / UK GDPR)

If you are in the EEA or the UK, you have the rights described in Section 13 (access, rectification, erasure, restriction, portability, objection, and withdrawal of consent), and the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office). Our legal bases are in Section 5 and international transfers in Section 10. For any of these rights, or to reach our data-protection contact, email [email protected].

15. California (CCPA/CPRA)

This section applies to California residents. In the past 12 months, we collected the categories in Section 2, which map to these CCPA categories: identifiers; customer records; commercial information; internet or other electronic network activity; approximate geolocation; audio/visual or similar information (content you provide); and inferences. We collect it from the sources in Section 3, for the business purposes in Section 4, and disclose it to the categories of recipients in Section 7.

No sale or sharing. We do not "sell" personal information and do not "share" it for cross-context behavioral advertising, as defined under the CPRA. We do not knowingly sell or share the personal information of consumers under 16.

Sensitive personal information. To the extent your Content includes sensitive personal information, we use it only to provide the Services you request and for other purposes permitted without a right to limit; we do not use it to infer characteristics about you.

Your rights. You have the right to know/access, delete, and correct your personal information, and to be free from discrimination for exercising these rights. To exercise them, contact [email protected] or use the in-app tools. We will verify your request; authorized agents may submit requests with proper authorization. Under California's "Shine the Light" law, we do not disclose personal information to third parties for their own direct-marketing purposes.

16. China (PIPL)

If you are in mainland China, we process your personal information in accordance with the Personal Information Protection Law (PIPL), based on your consent and the other bases the PIPL permits (such as necessity to perform a contract to which you are a party). Where we rely on consent you may withdraw it, and for certain processing — including sensitive personal information and cross-border transfers — we obtain your separate consent where required.

Cross-border transfers. Providing the Services, including AI features, requires transferring your personal information outside mainland China to our servers and to model providers. Before such transfers, we will, as required, inform you of the overseas recipient's identity, contact details, processing purposes and methods, and the categories of personal information involved, obtain your separate consent, and put in place a lawful transfer mechanism (such as a security assessment, standard contract, or certification).

You have rights to access, copy, correct, delete, and port your personal information, to withdraw consent, and to request an explanation of our processing rules. Contact [email protected].

17. Other Regions

Residents of other jurisdictions (for example, other U.S. states, Brazil, Canada, and Australia) may have rights under their local laws, such as to access, correct, delete, or port personal information, or to object to certain processing. We honor applicable rights; contact [email protected] to make a request.

18. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 14 in mainland China), or, where a higher age of digital consent applies, from those below that age without appropriate parental or guardian consent. If you believe a child has provided us personal information without proper consent, contact [email protected] and we will take steps to delete it.

19. Automated Decision-Making

We do not use your personal information to make decisions producing legal or similarly significant effects about you solely by automated means without human involvement. AI Output is a tool you direct and evaluate; we do not use it to make such decisions about you.

20. Data Breach Notification

If we become aware of a personal-data breach likely to affect you, we will notify you and the relevant authorities as required by applicable law, and take steps to mitigate the incident.

21. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy with a new "last updated" date and, where appropriate, provide additional notice (such as in-app or email). Your continued use of the Services after changes take effect indicates your acknowledgment of the updated Policy, except where your consent is required by law.

22. Contact Us

For privacy questions or to exercise your rights, contact us at:

GooseMind LLC — Privacy
San Jose, California, USA
Privacy: [email protected]
General & support: [email protected]

If you are in the EEA or the UK and wish to contact us about your rights or our representative, email [email protected].

↑ Back to top