Goatfied

Legal

Privacy Policy

Effective June 7, 2026. This Privacy Policy describes how AIARCO Inc. collects, uses, discloses, and protects personal data when you use Goatfied products and services.

1. Who We Are

Goatfied is operated by AIARCO Inc. ("AIARCO", "Goatfied", "we", "our", "us"). This policy applies to our websites, desktop and web applications, APIs, billing surfaces, and support channels.

2. Categories of Data We Collect

  • Account and identity data: name, email address, organization name, authentication metadata, and account roles.
  • Billing data: plan, invoices, tax data, and payment references processed by payment providers (for example Stripe). We do not store full payment card numbers.
  • Usage and technical telemetry: feature events, request metadata, logs, latency, crash traces, and device/session diagnostics.
  • Workspace and model interaction data: prompts, context snippets, completions, and model routing metadata that are required to execute your requests.
  • Support and communications data: messages you send to support, legal, or security channels.

3. How We Use Data

  • To provide, maintain, and improve Goatfied services.
  • To authenticate users, prevent fraud, and secure infrastructure.
  • To process billing, subscriptions, and account lifecycle actions.
  • To support customer requests, troubleshooting, and reliability operations.
  • To comply with legal obligations and enforce our Terms of Service.

4. Legal Bases for Processing (Where Applicable)

Depending on jurisdiction, our legal bases include performance of contract, legitimate interests (such as security and service reliability), legal compliance, and consent where required.

5. Model Providers and Routing

Goatfied may route requests to first-party and third-party model providers, including OpenAI, Anthropic, xAI, and provider-routing platforms. Routing depends on selected model mode, account settings, and available provider credentials.

  • If you provide your own vendor API keys, requests may be sent under your provider account.
  • Third-party provider processing is also subject to those providers' terms and privacy policies.

6. Data Retention

We retain data only as long as necessary for service delivery, security, legal compliance, and dispute resolution. Retention windows vary by plan, feature configuration, and legal requirements.

  • Authentication, billing, and audit logs may be retained for security and compliance periods.
  • Prompt/completion retention depends on your plan and configured settings.

7. Data Sharing and Disclosure

We may disclose data to:

  • Infrastructure and model providers required to deliver the service.
  • Payment processors and fraud-prevention vendors.
  • Professional advisors and authorities when legally required or to protect rights, users, and platform safety.

We do not sell personal information for money.

8. International Data Transfers

Our services and subprocessors may process data in multiple countries. Where required, we use transfer safeguards such as standard contractual clauses and equivalent mechanisms.

9. Security Measures

  • Encryption in transit and access controls by least privilege.
  • Logging, monitoring, and abuse detection systems.
  • Incident response procedures with escalation and notification workflows.

No method of transmission or storage is 100% secure. You should also maintain secure development and key-handling practices.

10. Your Privacy Rights

Depending on jurisdiction, you may have rights to access, correction, deletion, portability, restriction, objection, and withdrawal of consent where processing is consent-based.

To exercise rights, contact privacy@goatfied.com. We may need to verify identity before fulfilling requests.

11. Cookies and Similar Technologies

We use essential session cookies and product analytics signals to keep users authenticated, secure sessions, and understand feature quality. Where required by law, we request consent for non-essential tracking.

12. Children’s Privacy

Goatfied is not directed to children under 13 (or higher age where local law applies). We do not knowingly collect personal data from children.

13. Automated Decision-Making

Model routing and suggestion systems may involve automated processing. Final engineering, deployment, legal, and compliance decisions remain with the user or organization.

14. California and U.S. State Disclosures

For residents of California and certain U.S. states, we honor rights to know, delete, correct, and opt out where applicable. We do not sell personal information and do not share personal information for cross-context behavioral advertising in a manner requiring "Do Not Sell/Share" treatment under current implementation.

15. EU/UK Disclosures

If GDPR/UK GDPR applies, AIARCO acts as controller for account and service-operation data, and may act as processor for customer-managed workspace data under customer instructions and contractual terms.

16. Changes to This Policy

We may update this policy periodically. We will post the revised version with an updated effective date and take additional notice steps when required by law.

17. Contact

Privacy and Data Protection: privacy@goatfied.com
Security Reporting: security@goatfied.com
AIARCO Inc. · 548 Market St #94306 · San Francisco, CA 94104 · USA

Privacy Policy · Goatfied