GoPath AI. (“GoPath,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and integrity of personal data entrusted to us.

This Privacy Policy explains how we collect, use, disclose, safeguard, and process information when you access or use our websites, applications, software, integrations, templates, APIs, communications, and related services (collectively, the “Platform”).

It also outlines your rights and choices regarding your information.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with this Policy, you must discontinue use of the Platform immediately.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

• Visitors to our websites
• Customers and account holders
• End users submitting information through GoPath-powered forms
• Business partners
• Vendors
• Event participants
• Job applicants
• Individuals who communicate with us

This Policy applies regardless of how the Platform is accessed, including desktop, mobile devices, APIs, or third-party integrations.

2. Company Information

Legal Entity: GoPath AI.
Registered Address: 45 Randall Avenue, Milton Keynes.
Privacy Contact: builtwithlove@getgopath.com

Where required by law, GoPath acts as either a Data Controller or a Data Processor, depending on the nature of the data and the relationship with the user.

3. Our Privacy Principles

GoPath designs its systems around the following core principles:

• Data minimization
• Purpose limitation
• Security by design
• Transparency
• Accountability
• User control
• Lawful processing

We do not sell personal data.

We do not engage in undisclosed surveillance.

We do not monetize user data through advertising marketplaces.

4. Roles and Responsibilities

When GoPath is the Data Controller

We act as the controller when we determine the purposes and means of processing, such as:

• Managing accounts
• Billing
• Security monitoring
• Marketing communications
• Platform analytics

When GoPath is the Data Processor

When customers use GoPath to collect data from third parties, the customer typically acts as the controller, and GoPath processes data strictly on documented instructions.

Our Data Processing Agreement governs these relationships.

5. Information We Collect

A. Information You Provide Directly

This may include:

• Name
• Email address
• Phone number
• Company name
• Job title
• Billing details
• Payment information
• Login credentials
• Support inquiries
• Uploaded files
• Form submissions
• Communications

Providing certain information is necessary for us to deliver services.

B. Information Collected Automatically

When you use the Platform, we may collect:

• IP address
• Device identifiers
• Browser type
• Operating system
• Session data
• Referring URLs
• Interaction logs
• Crash reports
• Approximate location

This data helps maintain performance, security, and reliability.

C. Customer-Controlled Data

Customers may collect data using GoPath forms, including sensitive categories depending on their configuration.

GoPath does not control the types of fields customers create.

Customers are responsible for ensuring lawful collection.

D. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain sessions
• Prevent fraud
• Remember preferences
• Analyze usage
• Improve functionality

You may disable cookies through browser settings, though certain features may not function properly.

6. Sensitive Personal Data

We do not intentionally collect sensitive personal data unless customers configure the Platform to do so.

Sensitive data may include:

• Government identification numbers
• Financial information
• Health-related data
• Biometric identifiers

Customers must ensure they have a lawful basis before collecting such information.

GoPath applies heightened safeguards where sensitive data is detected.

7. Lawful Bases for Processing

Depending on jurisdiction, we rely on one or more of the following:

• Contractual necessity
• Legal obligations
• Legitimate interests
• Consent
• Vital interests
• Public interest

Where consent is required, it may be withdrawn at any time.

8. How We Use Information

We use data to:

• Provide and operate the Platform
• Authenticate users
• Process transactions
• Deliver customer support
• Detect fraud
• Maintain security
• Improve services
• Develop features
• Conduct analytics
• Send service notifications
• Comply with legal requirements

We limit processing to what is reasonably necessary.

9. Automated Decision-Making

GoPath does not engage in fully automated decision-making that produces legal or similarly significant effects on individuals.

We may use automated tools for:

• Fraud detection
• Abuse prevention
• Performance optimization

Human oversight is applied where appropriate.

10. Data Sharing and Disclosure

We may share information with:

Service Providers

Including infrastructure providers, payment processors, analytics vendors, and support platforms.

All vendors undergo security and contractual review.

Legal Authorities

When required to comply with law, court orders, or governmental requests.

Business Transfers

In connection with mergers, acquisitions, financing, or asset sales.

Safety and Rights Protection

To prevent harm, fraud, or violations of our Terms.

We do not sell personal data to third parties.

11. International Data Transfers

GoPath may process data in multiple jurisdictions.

Where required, we implement safeguards such as:

• Standard Contractual Clauses
• Data transfer agreements
• Vendor risk reviews

By using the Platform, you acknowledge that data may be transferred internationally.

12. Data Retention

We retain data only as long as necessary for:

• Service delivery
• Legal compliance
• Dispute resolution
• Security enforcement

When no longer required, data is securely deleted or anonymized.

Backup copies may persist temporarily.

13. Security Measures

GoPath employs layered security practices, including:

• Encryption in transit
• Logical access controls
• Multi-factor authentication
• Continuous monitoring
• Security testing
• Incident response procedures
• Vendor security reviews

No system is perfectly secure, but we continuously improve safeguards.

Users share responsibility for protecting credentials.

14. Data Breach Notification

In the event of a confirmed breach affecting personal data, GoPath will:

• Investigate promptly
• Mitigate risks
• Notify affected parties where legally required
• Cooperate with regulators

15. Your Privacy Rights

Depending on jurisdiction, you may have the right to:

• Access your data
• Correct inaccuracies
• Request deletion
• Restrict processing
• Object to processing
• Request portability
• Withdraw consent

Requests may be submitted to privacy@getgopath.com

We may verify identity before fulfilling requests.

16. California Privacy Rights

California residents may have rights under the CCPA/CPRA, including the right to know, delete, and correct personal data.

GoPath does not sell personal information.

17. European Privacy Rights

Individuals in the EEA and UK may lodge complaints with supervisory authorities.

We encourage you to contact us first to resolve concerns.

18. Children’s Privacy

The Platform is not intended for individuals under thirteen (13), or higher minimum ages where required by law.

We do not knowingly collect children’s data.

If discovered, it will be deleted.

19. Third-Party Links

Our Platform may contain links to external websites.

We are not responsible for their privacy practices.

20. Privacy by Design

Privacy considerations are embedded into product development through:

• Access controls
• Data minimization
• Purpose limitation
• Secure defaults

21. Artificial Intelligence and Data Use

GoPath may use aggregated and de-identified data to improve platform intelligence and automation capabilities.

We do not train models on identifiable customer data without authorization.

22. Marketing Communications

You may opt out of promotional messages at any time.

Operational communications will still be sent when necessary.

23. Do Not Track Signals

The Platform does not currently respond to browser “Do Not Track” signals due to inconsistent standards.

24. Changes to This Privacy Policy

We may update this Policy periodically.

Material changes will be communicated through appropriate channels.

Continued use constitutes acceptance.

25. User Control Over Data

At GoPath, you always remain in control of your data.

We design our Platform to ensure that individuals and organizations retain visibility, authority, and decision-making power over the information they submit, upload, or manage within GoPath.

Subject to applicable law, you may request to:

• Modify your personal data
• Obtain a copy of your data
• Restrict certain processing activities
• Request deletion
• Transfer your data to another provider
  
  

Instructions for exercising these rights are described within this Privacy Policy.

Please note that refusing to provide certain data, or requesting its deletion, may limit our ability to deliver some Platform features.

26. Who Can Access Your Data

Access to personal data is restricted strictly on a need-to-know basis.

Only authorized GoPath personnel whose responsibilities require access are permitted to handle personal data.

These individuals are bound by:

• Confidentiality obligations
• Internal privacy policies
• Security training
• Access control protocols
  
  

Additionally, GoPath engages carefully vetted suppliers and service providers, including but not limited to:

• Cloud hosting providers
• Infrastructure vendors
• Security platforms
• Analytics providers
• Customer support tools
• Payment processors
  
  

All such parties are contractually required to:

• Maintain confidentiality
• Implement appropriate safeguards
• Process data solely under GoPath’s instructions
• Execute binding data processing agreements
  
  

We do not permit vendors to use personal data for their own commercial purposes.

27. Technical and Organizational Security Measures

GoPath maintains comprehensive technical and organizational safeguards designed to protect personal data against:

• Unauthorized access
• Accidental loss
• Alteration
• Disclosure
• Destruction
  
  

Our security program includes administrative, physical, and technical controls aligned with modern industry practices.

These measures include:

• Hardened infrastructure environments
• Secure server architecture
• Access segmentation
• Internal governance procedures
• Responsible infrastructure management
• Continuous system oversight
  
  

Where applicable, personal data may be stored on high-security servers located within trusted jurisdictions that maintain strong data protection standards.

GoPath processes data in compliance with applicable privacy regulations and utilizes modern security tooling to protect platform integrity.

28. Internal Confidentiality Procedures

We maintain internal procedures to ensure the confidentiality and responsible management of our IT infrastructure.

These procedures govern:

• Employee access rights
• Data handling practices
• Security escalation paths
• Incident response workflows
• Vendor risk reviews

Personnel receive privacy and security training appropriate to their role.

Failure to comply with internal data protection requirements may result in disciplinary action.

29. Categories of Data Subjects

GoPath may process personal data belonging to multiple categories of individuals, including:

• Website visitors
• Customers and account holders
• Representatives of business partners
• Vendors and suppliers
• Job applicants
• Support request submitters
• Abuse reporters
• Individuals communicating with GoPath
• Event participants
• Prospective customers

This Privacy Policy applies to all such categories unless a separate notice is provided.

30. Additional Categories of Personal Data

Depending on how you interact with GoPath, we may collect additional categories of personal data, such as:

Business Relationship Data

Information exchanged during contractual discussions or partnerships, including communication records and business contact details.

Applicant Data

Information submitted during recruitment processes, which may include resumes, employment history, qualifications, and supporting documentation.

Support and Bug Reporting Data

When submitting a support request, feature suggestion, or bug report, we may process:

• Descriptions of the issue
• Attachments
• Screenshots
• Diagnostic information
• Screen recordings (optional)

Abuse Reporting Data

If you report misuse of the Platform, we may collect:

• Name
• Email address
• Form URLs
• Description of alleged abuse

This information is processed solely for investigation and platform safety.

31. Contractual and Communication Data

We may process personal data contained within agreements entered into with GoPath, including:

• Agreement metadata
• Billing references
• Transaction history
• Financial records related to services

We also process communications exchanged through:

• Email
• Phone
• Chat systems
• Website forms
• Sales interactions

Such processing supports relationship management and service delivery.

32. Direct Marketing Practices

Where permitted by law, GoPath may use contact details obtained during the provision of services to send promotional communications about similar offerings.

Processing for this purpose is based on our legitimate interest in growing our business responsibly.

For communications unrelated to existing services, we will obtain your consent where legally required.

Every marketing message includes a clear opt-out mechanism.

You may unsubscribe at any time without cost or explanation.

Operational communications will still be delivered when necessary.

33. Confidentiality of Personal Data

GoPath treats personal data as confidential information.

We do not:

• Sell personal data
• Rent personal data
• Commercially distribute personal data

Disclosure occurs only when necessary for legitimate business operations, legal compliance, or contractual execution.

If GoPath undergoes a merger, acquisition, restructuring, or asset transfer, personal data may be transferred as part of that transaction. Where required, affected individuals will be notified.

34. Legal Disclosure Obligations

In exceptional circumstances, GoPath may be legally required to disclose personal data to:

• Comply with court orders
• Respond to lawful government requests
• Meet regulatory obligations
• Enforce legal rights

Where legally permissible, we will attempt to notify affected individuals before disclosure.

35. Structured Retention Framework

While retention periods vary depending on context, GoPath generally follows structured guidelines such as:

• Business identification data: retained no longer than necessary for communications, typically not exceeding two (2) years absent a contractual relationship.
• Contractual records: retained for up to seven (7) years where required for accounting, tax, or regulatory compliance.
• Applicant data: typically retained for no longer than two (2) years after last meaningful contact unless consent is provided for extended retention.
• Support and abuse reports: retained only as long as necessary to resolve the issue.
  
  

Retention periods may be extended where legally required.

36. Responsibility for Secure Use

While GoPath implements strong safeguards, privacy protection is a shared responsibility.

Users should:

• Protect account credentials
• Avoid sharing confidential communications
• Use secure networks
• Implement appropriate internal controls

GoPath is not responsible for damages resulting from unauthorized access caused by user negligence.

37. Right to Lodge Complaints

If you believe your data has been processed unlawfully, you may lodge a complaint with a competent supervisory authority.

Where applicable, this may include the data protection authority in your jurisdiction.

We encourage individuals to contact GoPath first so we can attempt to resolve concerns promptly.

38. Governing Law for Privacy Matters

This Privacy Policy shall be governed by the laws applicable to GoPath’s principal place of business unless mandatory privacy laws require otherwise.

Courts with proper jurisdiction shall resolve disputes arising from this Policy.

39. Essential Cookies Clarification

GoPath primarily uses essential cookies necessary for the operation of the Platform.

These cookies enable core functionality such as:

• Authentication
• Navigation
• Form submissions
• Security controls
• Session continuity

Because these cookies are required for Platform functionality, disabling them may impair service availability.

Cookies do not control user behavior and are used solely to support performance and usability.

40. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

builtwithlove@getgopath.com