Privacy Policy

guidedby is a workflow coaching service. To coach you, we record information about how you use your computer — which apps you switch between, window titles, brief clipboard content, accessibility-tree text from foreground apps, and patterns of typing and clicking. This data is captured locally, encrypted on your machine, scrubbed for credentials and personal information before upload, stored in row-level-secured databases, and analyzed to produce coaching recommendations. We never sell your data, never use it to train AI models, and never share it except as required by law.

The Service collects four buckets of data.

2.1 Account information

When you create an account or join the waitlist, we collect your email address, an optional note you provide, and basic timezone information. If you sign in with Google, we receive your email address and the unique identifier issued by Google.

2.2 Workflow capture data

The desktop application captures the following events while it is running and not paused:

• The name of the active application and the window title.
• For supported applications, accessibility-tree text labels (e.g. the text on a button or input field) of the foreground window. This is used to recognize what kind of work you're doing — not to keystroke-log.
• Short clipboard content (when you copy or paste), used to identify tools and content that flow between apps.
• Aggregate signals about typing and clicking volume — not the individual keystrokes or click coordinates beyond the active app context.
• Idle / active state, derived from input activity.
• For browsers, the URL of the active tab — with sensitive query parameters stripped before storage.

2.3 Service operation data

Standard product telemetry: device identifiers we issue, successful and failed upload counts, software version, error traces (with personal information scrubbed), and aggregate page-view analytics. Session replay (where used) masks all inputs and respects the do-not-track convention.

2.4 Cookies and similar technologies

The website uses a small number of cookies and equivalent local-storage entries:

• Strictly necessary — authentication session cookies set by Supabase Auth so you stay signed in, and a short-lived invite-code cookie used during sign-in.
• Analytics — PostHog cookies that record aggregate page views and (in some sessions) masked session replay. These help us understand product usage; they do not record captured workflow data.

You can clear or block cookies through your browser settings; if you block strictly necessary cookies, you will not be able to sign in.

• No screenshots, screen recordings, audio, video, or camera input.
• No raw keystrokes — only that typing happened, and rough volume.
• No data from applications you've added to your excluded apps list — capture is dropped at the source.
• No data while you have capture paused from the menu-bar tray.

Captured events are written to a local SQLCipher-encrypted database on your machine, with the encryption key stored in your operating system's secure credential store (Keychain on macOS, Credential Manager on Windows). Events are uploaded over HTTPS to our ingest API in batches.

On the server, events are scrubbed for credentials, API keys, JWTs, and email patterns, then written to Supabase-hosted Postgres (a managed Postgres service running on AWS infrastructure). All tables are protected with Row-Level Security so that only your authenticated session and our analysis pipeline can read your rows. Data is encrypted at rest and in transit.

Retention.We retain captured workflow events for as long as your account is active, so the Service can produce ongoing coaching. Recommendations and daily summaries persist for the life of your account so you can reference them. Account information is retained until you delete your account. Operational logs and analytics are retained per the relevant sub-processor's defaults (typically 30–90 days). You can delete your data at any time (Section 8).

After deletion. When you delete your account, we hard-delete your captured events, recommendations, and profile data from our active databases. Backup copies and point-in-time recovery snapshots roll off within 30 days. Some limited data may be retained longer where required by law, anonymized aggregates do not identify you and may be kept indefinitely for product analytics.

We use the data we collect to:

• Generate your daily timeline and coaching recommendations.
• Send your daily coaching email and product communications.
• Operate, secure, and improve the Service (including diagnosing errors and rate-limiting abuse).
• Comply with legal obligations.

We do notsell your data, share it with advertisers, or use it to train AI models — our own or anyone else's. Data sent to our AI inference provider is used to generate your coaching in real time and is not used by them to train their models, per the API terms we contractually rely on.

We use a small number of sub-processors to operate the Service. Each is bound by their own privacy commitments and data processing terms. All operate primarily in the United States.

• Supabase — managed Postgres, authentication, file storage. Hosts your account and capture data.
• Modal — sandboxed serverless compute that runs the analysis pipeline.
• Anthropic— receives scrubbed timeline data to generate coaching recommendations. Anthropic's API terms, which we contractually rely on, do not permit training on data submitted through their API.
• Vercel — hosts the web application and serverless API routes.
• Resend — sends your daily coaching emails and waitlist communications.
• Sentry — error monitoring, with PII scrubbing applied to every event.
• PostHog — product analytics (page views, session replay with input masking). No captured workflow data is sent here.
• Apple & Microsoft — code signing and notarization of the desktop app.

We protect your data with multiple layers: SQLCipher encryption on the local database, Apple Developer ID code-signing and Hardened Runtime on the desktop app, transport encryption (TLS), credential and PII scrubbing at upload time, encryption at rest in Supabase, and Row-Level Security on every table. We sign and notarize every desktop release with Apple and Microsoft so that the OS can verify the binary's integrity.

No system is perfectly secure. If we discover a breach affecting your data, we will notify affected users without undue delay and as required by applicable law.

You can exercise the following at any time:

• Access — see what we have. The dashboard shows your timeline; on request we will provide a full export of your account and capture data within 30 days.
• Correct — update your account information from Settings.
• Delete — delete your account from Settings and we hard-delete your captured events, recommendations, and profile data, with backup tails purged within 30 days.
• Restrict — exclude specific applications, or pause capture entirely, at any time.
• Object — opt out of analytics or marketing emails by emailing us.

Depending on where you live in the United States, you may have additional rights under state privacy laws (such as the CCPA in California — see Section 9). To exercise any right, contact us at support@guidedby.ai.

This section applies to California residents and supplements the rest of this Policy. Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, you have the rights to know, delete, correct, and limit certain processing of your personal information.

Categories of personal information we collect

• Identifiers — email address, account ID, device identifier, IP address.
• Internet or other electronic network activity — captured workflow events (active application, window titles, accessibility-tree text, browser URLs with sensitive query parameters stripped, clipboard snippets, idle/active state) and product telemetry.
• Inferences — coaching recommendations and user-profile observations derived from the above.
• Commercial information — none collected at this time (the Service is free during beta).

Sources, purposes, and recipients

We collect this information directly from you (account fields) and from the desktop application running on your device (workflow capture, telemetry). We use it to operate the Service described in Section 5. We disclose it to the sub-processors listed in Section 6 for the purpose of operating the Service.

Sale and sharing

We do not sell or share your personal information as those terms are defined under the CCPA, and we have not done so in the preceding 12 months. We do not knowingly sell or share personal information of anyone under 16.

Direct-marketing disclosure

We do not share your personal information with third parties for their direct marketing purposes (Cal. Civ. Code §1798.83).

Exercising your CCPA rights

To make a verifiable consumer request, email support@guidedby.ai from the address on your account. We will respond within 45 days. We do not discriminate against users for exercising their CCPA rights.

The Service is not directed to children under 16, and we do not knowingly collect data from children. If you believe a child has given us data, contact us and we will delete it.

We are based in the United States and offer the Service only to residents of the United States. Our sub-processors operate primarily in the U.S. but may host or process limited operational data (such as logs) in other jurisdictions. By using the Service, you acknowledge that your information will be processed in the United States.

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-product notice. The effective date at the top reflects the latest revision.

Questions, concerns, or rights requests: support@guidedby.ai.