[
POLICIES
]
©2025
Privacy policy
Effective Date: May 27, 2025
Last Updated: September 9, 2025
This Privacy Policy explains how Stealthy Good AI, LLC ("Stealthy Good," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the Stealthy Good app and our website (together, the "Services"). This is our primary Privacy Policy and includes app‑specific terms for email integrations and automation workflows.
1) Scope & Roles
Who this covers. Site visitors, prospects, customers and their representatives, and individuals who use the app.
Controller vs. processor. For Site visitors and our own business contacts, Stealthy Good acts as a controller. For “Customer Content” you connect to the app (e.g., emails and related data from your accounts), we act as your processor/service provider and handle data strictly under your instructions and our agreement (and DPA, if applicable).
2) Definitions (plain English)
Personal Information: Info that identifies or can reasonably be linked to a person/household.
Customer Content: Data you or your company provide or instruct us to process via the app (e.g., selected mailboxes, drafts, metadata).
Services Data: Operational/diagnostic data about how the app and Services are accessed and used (e.g., device and event logs).
3) Information We Collect
A. Personal Information
Email Address: Used to authenticate your account and enable email operations.
Name: For account identification and personalization.
OAuth Credentials: We store OAuth tokens to access your email services with your explicit consent.
B. Email Data (App‑specific)
Email Content: Accessed only to generate drafts, suggestions, and automations you configure.
Email Metadata: Headers, timestamps, sender/recipient information.
Draft Emails: Drafts you create with the app may be stored until you delete them.
C. Automatically Collected (Services Data)
Device/usage information (e.g., IP, browser/OS, pages or screens viewed, timestamps, referral URLs), cookies/related tech, and performance/diagnostic logs.
D. From Third Parties
Identity/SSO providers (if used), payment/billing providers, lead enrichment/marketing partners (for our B2B operations), and publicly available sources.
4) How We Use Information
Provide & secure the app/Services, authenticate users, and operate the features you configure.
Email Management (App‑specific): Send emails on your behalf through supported automation platforms; create and manage drafts; analyze selected emails to provide suggestions and insights; and run automated sequences/responses you enable.
Product improvement & analytics (excluding Customer Content for model training—see AI/ML section).
Security & abuse prevention, compliance with law, and enforcement of terms.
B2B marketing for our Services (opt‑out any time).
AI‑specific disclosures. We use Customer Content only to deliver the app features you request and to maintain or improve the security and reliability of the Services. We do not use Customer Content to train foundation models or for advertising profiles. We may use de‑identified or aggregated data for analytics that cannot reasonably identify you.
5) Data Processing Location & Platforms
Where processing happens. By design, email content processing occurs within your chosen workflow automation platform (e.g., n8n, Zapier, Make, Microsoft Power Automate) and within our app’s runtime necessary to deliver your configured actions. The app does not persist email content beyond what’s needed to execute your request unless you save a draft.
Platform separation. Each integration maintains separate security protocols. Cross‑platform data sharing happens only with your explicit direction.
6) AI/ML Model Training (Google “Limited Use”)
When we access Google Workspace APIs (e.g., Gmail) via OAuth, we comply with Google’s API Services User Data Policy, including Limited Use requirements. We do not use data obtained through Google Workspace APIs to develop, improve, or train generalized AI/ML models. Your email data is used exclusively to: (i) provide services to you, (ii) generate suggestions, and (iii) automate workflows you configure.
7) Legal Bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: contract (to provide the app), legitimate interests (e.g., security, product operations, B2B marketing), consent (where required, such as non‑essential cookies), and legal obligation. You can withdraw consent at any time.
8) Data Sharing & Disclosure
We do not sell personal information as defined under California law. If we ever use ad‑tech/analytics that qualify as “sharing” or “targeted advertising,” you will be able to opt‑out (we honor GPC where required).
We may share information with:
Vendors/Processors (hosting, cloud/data infrastructure, analytics, email/SMS, CRM, customer support) under contracts limiting use to our purposes.
Your chosen automation platforms (n8n, Zapier, Make, Microsoft Power Automate, etc.) to deliver features you configure.
Professional advisors under confidentiality, or authorities when required by law or to protect rights/safety.
Corporate transactions (e.g., merger or acquisition) subject to this Policy.
A Data Processing Addendum and subprocessor list are available upon request.
9) Data Retention
We retain personal information only as long as necessary or as required by law. Baselines include:
Server/security logs: ~30 days (longer if needed to investigate incidents/legal matters).
Account/contract/billing records: life of the relationship + reasonable period (often 3–7 years) for tax, audit, and compliance.
Marketing contacts: until you opt‑out or after 24 months of inactivity.
App‑specific retention.
OAuth tokens: kept only while your account/integration is active; revoked when you disconnect.
Email drafts: stored until you delete them.
Suggestions/insights: processed in real time and not stored beyond operational needs unless you explicitly save them.
10) Storage & Security
We use appropriate technical and organizational measures, including encrypted transport (TLS), access controls, role‑based permissions, and monitoring. No system is perfectly secure; please use strong, unique passwords and notify us of any suspected unauthorized activity. For OAuth flows, we implement secure OAuth 2.0 consistent with platform best practices. We follow SOC 2–aligned practices for controls and processes.
11) Cookies, Analytics & Tracking (Website)
We use cookies and similar technologies to operate the Site, remember preferences, understand usage, and—where applicable—improve marketing performance. You can manage non‑essential cookies in our banner/preferences (where available). We currently do not respond to DNT signals due to varying industry standards; where required, we honor Global Privacy Control (GPC) signals.
12) Your Rights & Controls
Depending on your location, you may have rights to access/port, correct, delete, opt‑out of sales/sharing/targeted ads, restrict/object to certain processing (EU/UK), withdraw consent, and appeal denials. To exercise rights, email privacy@stealthygood.com. We may verify identity/residency and respond in required timelines; authorized agents are permitted where allowed.
App‑specific controls.
Revoke OAuth in your Google Account settings (or equivalent for the provider). Disconnecting immediately stops app access.
You control which mailboxes/labels the app can access—adjust anytime in settings.
Data portability: contact us to export your app data (JSON/CSV); we’ll provide within 30 days.
13) International Transfers
We are U.S.-based and may process information in the U.S. and other countries. Where required, we use appropriate safeguards for cross‑border transfers (e.g., Standard Contractual Clauses) and assess local laws and practices.
14) Third‑Party Links & Integrations
The Site and app may link to or integrate with third‑party services. Their handling of information is governed by their own policies; review those before enabling.
15) Children’s Privacy
The Site and Services are not intended for children under 13 (or older minimum age where applicable). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact privacy@stealthygood.com and we will take appropriate action.
16) Data Portability (App)
To export your app data (account information, saved drafts, workflow configuration, platform integration settings), email privacy@stealthygood.com. We will provide your data in JSON or CSV format within 30 days.
17) Platform‑Specific Terms (App)
We support multiple workflow automation platforms (e.g., n8n, Zapier, Make, Microsoft Power Automate).
We only share data needed to run the actions you configure.
Each platform enforces its own security and compliance controls; you are responsible for reviewing and accepting those terms.
When using Google integrations, we follow Google OAuth 2.0 and the API Services User Data Policy (including Limited Use).
18) U.S. State Privacy Disclosures
Additional disclosures (e.g., CA/CO/CT/UT/VA) about categories, sources, purposes, and disclosures apply to the extent these laws cover your use of our Site or Services. We do not sell personal information. If any analytics/ad‑tech would be considered “sharing” or “targeted advertising,” you can opt out and we honor GPC where required. We do not use or disclose “sensitive personal information” for purposes that require a right to limit under California law.
19) Compliance Statements
We comply with (as applicable): Google API Services User Data Policy, GDPR/UK GDPR, CCPA/CPRA and similar U.S. state laws, and relevant platform‑specific requirements for supported integrations. We maintain controls aligned with SOC 2 best practices; if you require formal attestations, contact us.
20) Changes to This Policy
We may update this Policy periodically. The Effective Date above shows the latest revision. For material changes, we will post an updated Policy and, where required, provide additional notice (which may include email notice).
21) Contact Us
Stealthy Good AI, LLC
Email (privacy): privacy@stealthygood.com
Email (general support): human@stealthygood.com