top of page

Data, security & privacy with Gooey.AI

Trust and privacy are paramount to us at Inc, the makers of Gooey.AI.  Given we aggregate services from a wide variety of AI providers and services, we strive to only include services that live up to our standards of privacy and trust, so that customers using Gooey.AI services can confidently be compliant in an auditable fashion. 

Our commitments

Ownership: You own and control your data

  • We do not train on your data. By default, we employ services that also do not train on your data and will explicitly call out if this is ever not the case. Importantly, this includes all of our LLM providers (OpenAI, Anthropic, Microsoft, Google and Mistral). 

  • You own your inputs and outputs (where allowed by law).

Data Retention: You control what is retained

  • By default, we retain the history of your calls to Gooey.AI, enabling you to view your activity, audit billing, revert to previous workflow versions, aggregate analytics and aid system monitoring and maintenance. 

  • We offer Enterprise customers a Zero Data Retention (ZDR) feature, whereby Gooey becomes a transient processor and does not retain any of your inputs or outputs on our servers, only storing that an API call was made at a given time, by your account, how many tokens were consumed and how much you were charged. 


Security: Comprehensive compliance

  • Data encryption in transit and at rest available via Enterprise plans. 

Chains of Trust
Like most of human innovation and knowledge, we build on the shoulders of giants. Hence, for most API and web calls on Gooey.AI, we utilize underlying services and packages whose data retention and security policies impact your calls as well.

Here’s a typical flow when you use the 

  1. You call the API, passing your API key and your inputs. These could contain anything including, the PPI data of your customers, such as their name, email and/or location. 

  2. We store the fact you’ve created a new Gooey AI workflow run in our database, along with your inputs and LLM settings. 

  3. Depending on which Language model you select, the workflow calls the underlying LLM API. 

  4. Gooey.AI gets back the response from the LLM service. 

  5. Gooey stores the response in its internal database

  6. Gooey returns the API response back to your client.

  7. Optional: If the API parameter "settings.retention_policy" is set to "delete", Gooey will delete the state information of the run, thereby immediately deleting your input parameters and any generated response data from our servers. Note that meta-data such as the time of your call, your API key and credit consumption will be retained, but all PII data will be permanently deleted from Gooey.AI servers


Is my data used for training purposes at OpenAI, Microsoft, Anthropic or Google?

No. Gooey.AI uses the enterprise API calls (linked to below) for OpenAI, Microsoft, Anthropic and Google, which explicitly state that data we send with our API requests will not be used for LLM training purposes. 


Does Gooey.AI / have a Data Processing Addendum (DPA) with OpenAI? 

Yes! You can review the DPA agreement between OpenAI LLC and Inc here and better understand OpenAI’s trust and security policies here:


Are my runs available to Gooey users?

Only Saved runs that you explicitly set to Public are available for viewing (and forking) by other users of Gooey. Note that only the single shared Saved Run is public - not the API calls that use it.


Authorized Gooey staff can see your private runs and may do so for debugging purposes, customer service or unauthorized content-related investigations. Gooey staff are all bound by non-disclosure agreements, though enterprise customers can opt for a Zero Retention Policy and/or delete all run data immediately after their creation as well by setting the retainForHistory flag to false. Doing so implies that you must save any Gooey API responses immediately after receiving them, given that content is not stored on our servers. 


What’s your privacy policy and terms for Gooey users?

Our full Privacy Policy can be found at, along with our terms.


How do you protect Gooey.AI’s servers and data?

We host our orchestration servers and databases on Azure and Google via their enterprise cloud offerings. We restrict access to the servers and our database to authorized personnel, all of whom have signed non-disclosure agreements and must secure their own machines and access via 2 factor authentication.. We do offer cyber-related incident insurance as part of our Enterprise plans.  


Do you have SOC 2 compliance?

As of May 2024, we are in the process of securing SOC2 Type 2 compliance, in conjunction with our auditing partner, Scrut Automation Inc ( 

Downstream Data Retention Policies

These are the privacy policies that govern Gooey.AI usage of your data when you run their respective models through our service.

Open AI API Enterprise Policy

Screen Shot 2024-05-24 at 2.26.46 PM.png
Screen Shot 2024-05-24 at 2.31.14 PM.png
Screen Shot 2024-05-24 at 2.33.23 PM.png

Anthropic / Claude Data Retention Policy & FAQ

Screen Shot 2024-05-24 at 2.36.30 PM.png / Gooey.AI Privacy Policy

Your privacy is important to us. It is Inc's policy to respect your privacy regarding any information we may collect from you across our websites, and, and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. In order to make Dara function, we do upload and process your data to our servers with the DNS addresses

We don’t share any personally identifying information publicly or with third-parties, except when required to by law or when required to verify your email or phone number.

​Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services. syncs your phonebook contacts to enable invites, but only when you choose the "Add From Contacts" option. syncs your File information to enable File sharing, but only when you choose to share Files with other users.

We use tools that record actions and steps taken by users only to help improve the user interface and interaction on the app across all devices.

General Data Protection Regulation (GDPR)

We, Inc. are the data controller of your Personal Information. Inc is a company located outside of the European Union

All our users, including those in the European Economic Area (EEA) and the UK, have the following rights:

  1. Right to access: the right to request certain information about, access to and a copy of the Personal Information about you that we are holding.

  2. Right to rectification: the right to have your Personal Information rectified if it is inaccurate or incomplete;

  3. Right to erasure ”right to be forgotten”: where the processing of your information is based on your consent, the right to withdraw that consent and the right to request that we delete or erase your Personal Information from our systems.

  4. Right to restriction of use of your information: the right to stop us from using your Personal Information or limit the way in which we can use it;

  5. Right to data portability: the right to request that we return any information you have provided in a structured, commonly used, and machine-readable format, or that we send it directly to another company, where technically feasible; and

  6. Right to object: the right to object to our use of your Personal Information including where we use it for our legitimate interests e.g. for listing in our directory of other creatives (with your consent).

Legal Basis for Processing

We process your personal data on the ground that such processing is necessary to further our legitimate interests including:​

(1) providing effective and innovative creative connection service to our users; and
(2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services), unless those interests are overridden by your interest or fundamental rights and freedoms that require protections of personal data.

Acceptance of this Policy

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us at

Contact Information

We welcome your comments or questions about this Policy. You may contact us at


This policy is effective as of 17 Jan 2021. Updated May 21, 2024.

bottom of page