Privacy Policy

GoAuto.ai, operated by Westpoint Capital OÜ (Estonia), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (pulse.goauto.ai) and services.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is designed to comply with global privacy regulations including GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable data protection laws.

For information about how we use cookies, please see our Cookie Policy.

2.1 Personal Information

We collect information you provide directly to us, including:

• Account Information: Name, email address, password, business information, company details
• Payment Information: Billing address, payment method details (processed securely through Stripe)
• Profile Information: Company name, phone number, timezone, preferences, and settings
• Communication Data: Messages you send through our platform, support conversations, and responses received
• Team Member Information: Names and email addresses of team members you invite

2.2 Contact Data

We collect contact information that you upload or create in our platform:

• Phone numbers of your contacts
• Names (first name, last name) and email addresses of your contacts
• Tags and segmentation data
• Custom fields and attributes
• Opt-in/opt-out status and dates
• Contact interaction history

2.3 Campaign and Message Data

We collect data related to your marketing activities:

• SMS and email campaign content
• Campaign performance metrics (opens, clicks, replies)
• Automation workflows and triggers
• AI-generated content from Copilot features
• Email tracking data (opens, clicks, bounces)
• URL shortening data and click tracking

2.4 Integration Data

When you connect third-party services, we may collect:

• Email Providers (Gmail/Outlook): Email metadata, conversation threads, OAuth tokens
• E-commerce (Shopify): Store information, product data, discount codes
• CRM (HubSpot): Contact synchronization data, deal information
• Messaging (Twilio/SignalWire): Phone numbers, messaging logs

2.5 Usage Information

We automatically collect certain information about your use of our Service:

• Log data (IP address, browser type, pages visited, time spent)
• Device information (device type, operating system, device identifiers)
• Usage patterns and feature interactions
• API usage and rate limit data
• Admin action logs (for admin panel activities)

2.6 Technical Information

We collect technical information to improve our Service:

• Cookies and similar tracking technologies
• Error logs and performance data
• API usage and integration data
• Browser and application diagnostics

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our marketing automation platform
• Account Management: To create and manage your account, process payments, and provide customer support
• Communication: To send you service-related emails, updates, and marketing communications (with your consent)
• Personalization: To customize your experience and provide AI-powered recommendations
• Analytics: To analyze usage patterns and improve our Service
• Security: To detect and prevent fraud, abuse, and security threats
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Research: To conduct research and development to improve our Service
• Integration: To facilitate connections with third-party services you authorize

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Service under our Terms of Service
• Legitimate Interests: Processing for our legitimate business interests (security, fraud prevention, service improvement)
• Legal Compliance: Processing necessary to comply with legal obligations
• Consent: Processing based on your explicit consent (marketing communications, optional features)
• Vital Interests: Processing necessary to protect vital interests (rare circumstances)

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Twilio/SignalWire: For SMS delivery and messaging services
• ElasticEmail/Resend: For email delivery services
• Stripe: For payment processing and billing
• Vercel: For hosting and infrastructure
• Turso: For database services
• OpenAI: For AI-powered features (anonymized data only)
• Google Analytics: For usage analytics
• Vercel Blob Storage: For file attachments

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests from law enforcement
• Court orders or subpoenas
• Government investigations
• Protection of our rights and safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5.5 Aggregated Information

We may share aggregated, anonymized information that cannot identify you personally.

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest using industry-standard protocols
• Access Controls: Strict access controls, authentication mechanisms, and role-based permissions
• Regular Audits: Regular security assessments and vulnerability testing
• Employee Training: Security training for all employees with data access
• Incident Response: Documented procedures for responding to security incidents
• Data Minimization: We only collect data necessary for service provision
• Secure Development: Security-by-design principles in our development process

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our Service
• Maintain business records

Specific Retention Periods:

• Account Data: Retained while your account is active and for 30 days after deletion
• Contact Data: Retained as long as you maintain the contact in your account
• Campaign Data: Retained for 2 years for analytics purposes
• Support Conversations: Retained for 2 years for quality and training
• Financial Records: Retained for 7 years as required by law
• Usage Data: Retained for 1 year for analytics
• Legal Compliance: Some data may be retained longer to comply with legal obligations

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information
• Portability: Receive your data in a portable format
• Restriction: Request restriction of processing
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw previously given consent

8.2 GDPR Rights (EEA Residents)

• Right to be informed about data collection
• Right to lodge a complaint with supervisory authorities
• Right to object to automated decision-making
• Right to data portability in machine-readable format

8.3 CCPA Rights (California Residents)

• Right to know what personal information is collected
• Right to know if information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, please contact us at support@goauto.ai. We will respond to your request within 30 days (or as required by applicable law).

We use cookies and similar tracking technologies to enhance your experience:

9.1 Types of Cookies

• Essential Cookies: Required for basic functionality (authentication, security)
• Performance Cookies: Help us understand how visitors interact with our Service
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Used for usage analytics and service improvement
• Marketing Cookies: Used for advertising and marketing purposes (with consent)

9.2 Third-Party Cookies

We may use third-party services that place cookies on your device:

• Google Analytics for website analytics
• Stripe for payment processing
• Vercel for performance monitoring
• NextAuth for authentication

9.3 Cookie Management

You can control cookies through:

• Browser settings to block or delete cookies
• Our cookie consent banner (where required by law)
• Third-party opt-out tools

Note: Disabling certain cookies may affect Service functionality.

Your information may be transferred to and processed in countries other than your own:

• Our servers are primarily located in the United States
• Service providers may be located in different countries
• We ensure appropriate safeguards are in place for international transfers
• For EEA residents, we use Standard Contractual Clauses or other approved mechanisms
• We comply with applicable data protection laws for cross-border transfers

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@goauto.ai.

Upon verification, we will promptly delete such information from our records.

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.

Third-party services integrated with our platform have their own privacy policies:

• Twilio/SignalWire (SMS services)
• Shopify (e-commerce integration)
• HubSpot (CRM integration)
• Gmail/Outlook (email integration)
• Stripe (payment processing)
• OpenAI (AI services)

We encourage you to review the privacy policies of any third-party services you use through our platform.

For privacy-related inquiries, you can contact our Data Protection Officer:

EU residents may also contact their local data protection authority for complaints or inquiries.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date at the top
• Sending you an email notification (for material changes)
• Displaying a notice in our Service

Your continued use of our Service after any changes constitutes acceptance of the updated Privacy Policy.

We recommend reviewing this Privacy Policy periodically for any changes.

Data Processing Agreement (DPA)

For business customers who act as Data Controllers (processing Personal Data of their own customers/leads), we provide a comprehensive Data Processing Agreement that complies with GDPR Article 28.

View our Data Processing Agreement →

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Strong encryption for all data in transit and at rest
• Access controls and security measures

For detailed information about where your data is stored and our sub-processors, see our Data Locations Documentation.

If you have any questions about this Privacy Policy or our data practices, please contact us:

For data protection inquiries, EU residents may also contact their local data protection authority.