ALL SYSTEMS · 99.97%
UTC --:--:--
Draft · pending legal review — not yet binding

Goable — Privacy Policy

Version: 2026-05-26 · DRAFT — pending legal review. Placeholder for the document-manager pipeline; a qualified lawyer / DPO must review.

1. Who we are

Goable ("we") provides a B2B suitability-scoring API. For most processing we act as a processor on behalf of our customers (tenants), who are the controllers of their end users' data. For our own customer accounts + research dataset we act as a controller.

2. What we process

  • Account data (controller): tenant contact email, plan, billing identifiers (Stripe customer id), API key metadata.
  • Request data (processor): coordinates, activity, time window, and — for the decision endpoint — a pseudonym (SHA-256 hash, never raw PII) plus optional non-identifying profile attributes.
  • Outcomes: operator-reported activity outcomes linked by session id.
  • Audit logs: per-score records (inputs, verdict, provider chain) for reliability + research eligibility.

We do not collect end-user names, emails, or precise device identifiers.

3. Legal bases (GDPR)

Contract (providing the Service), legitimate interests (security, abuse prevention, service improvement), consent (research contribution), and legal obligation (billing, retention).

4. The research dataset

Where a tenant opts in (research_consent), eligible records are aggregated

  • anonymised (k≥10 per cell, ~1km grid, 90-day publication lag) before any release under CC BY 4.0. Aggregates are anonymous (GDPR Recital 26) and not subject to erasure.

5. Sharing

  • Sub-processors: hosting, Postgres, Redis, payment (Stripe), email, LLM (Anthropic, for the optional intelligence endpoints — request content is sent for explanation generation). A current list is available on request.
  • We do not sell personal data.

6. Retention

Account + billing data: for the relationship + legal retention. Request + audit data: per the tenant's configuration + research eligibility. Magic-link tokens + ephemeral data: minutes/hours.

7. Your rights

Access, rectification, erasure, restriction, portability, objection. For decision-endpoint pseudonyms we provide programmatic erasure: DELETE /v1/decision/user-data/:pseudonym (GDPR Art. 17) — anonymises audit rows + hard-deletes behavioural models, returning a receipt.

8. International transfers

Where data is processed outside the EEA, we rely on appropriate safeguards (SCCs). [To be finalised per hosting region in legal review.]

9. Security

SHA-256-hashed API keys, scrypt-hashed ops passwords, TLS in transit, tenant-scoped access controls, audit logging.

10. Changes

Material changes are emailed to the tenant contact and require re-acceptance.

Contact / DPO: privacy@goable.io