Privacy Policy
Last updated: May 20, 2025
Gobii Inc.
455 Market St, Ste 1940
PMB 790239
San Francisco, California 94105, USA
1. Scope
This Privacy Policy explains how Gobii Inc. ("Gobii," "we," "us," or "our") collects, uses, and shares information when you:
- visit
gobii.aior any sub-domain we operate; - create or use an account;
- call our API or dashboard to run browser-automation / AI-agent tasks; or
- otherwise interact with us (for example, by contacting support).
It applies worldwide, but is written under U.S. law and designed to satisfy key obligations under the EU General Data Protection Regulation ("GDPR"), the California Consumer Privacy Rights Act ("CPRA"), and emerging 2025 state privacy laws.
2. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, email, password hash, billing address, payment-method tokens | Provided by you |
| Content & Instructions | Scripts, prompts, URLs, or other material you submit to the Service; any data an agent collects at your direction | Provided by you |
| Usage & Log Data | IP address, user-agent, timestamps, API call parameters, error traces, resource consumption metrics | Collected automatically |
| Device / Analytics Data | Cookies or similar IDs, page views, referrers, click-streams | Collected automatically / third-party analytics |
| Support Data | Messages, attachments, call recordings | Provided by you |
We do not intentionally ingest personal information that your agents scrape unless you direct the agent to send it back to our servers. You are the controller of that downstream data.
3. How We Use Information
- Provide & operate the Service (set up accounts, run automations, bill usage).
- Maintain security (fraud detection, abuse prevention, auditing).
- Improve & develop new features (aggregated analytics, error logging, model tuning).
- Communicate with you (transactional emails, product updates; marketing only with consent).
- Comply with law and enforce our Terms of Service.
Legal bases under the GDPR: contract performance, legitimate interests, consent (where required), and legal obligation.
4. Sharing & Disclosure
| With… | Purpose |
|---|---|
| Service Providers | Cloud hosting, payment processors, analytics, customer-support tools (bound by contract). |
| Third-party Websites You Automate | We transmit your agent's requests and receive any responses solely at your direction. |
| Legal / Compliance | Court orders, law-enforcement requests, or to exercise / defend legal claims. |
| Business Transfers | Part of a merger, acquisition, or asset sale (notice will be given). |
| With Consent | Any other sharing you explicitly authorize. |
We do not "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined by the CPRA.
5. Cookies & Tracking
We use first-party cookies and comparable technologies for essential operations and analytics. Your browser settings, our cookie banner, or industry tools (e.g., the Global Privacy Control) let you manage non-essential cookies. We do not respond to legacy "Do Not Track" signals.
6. International Data Transfers
We host data primarily in the United States. If you are in the EEA/UK or another region with data-transfer restrictions, we rely on standard contractual clauses or other legally approved mechanisms.
7. Data Retention
- Account & billing records — kept while your account is active and for up to 7 years thereafter.
- Automation logs — typically 30 days, unless needed longer for security, debugging, or legal reasons.
- Support tickets — retained as long as necessary to resolve the issue and maintain an accurate support history.
When retention ends, data is deleted or anonymised.
8. Security
We employ industry-standard technical and organisational measures: encryption in transit, segmented VPC networks, least-privilege access controls, routine penetration testing, and incident-response procedures. No system is 100 % secure, and you use the Service at your own risk.
9. Your Rights & Choices
9.1 GDPR / UK Data-Protection Rights
You may: access; rectify; erase; port; restrict; object to processing; and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.
9.2 California & U.S. State Rights
Under the CPRA and similar state laws you have the right to know, delete, correct, opt-out, and limit use of sensitive data (where applicable). We will not discriminate against you for exercising these rights.
9.3 Exercising Your Rights
Email privacy@gobii.com or use the privacy controls in your dashboard. We will verify your identity before fulfilling requests.
10. Children's Privacy
Gobii is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn we have done so, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date. Continued use after changes means you accept the revised Policy.
12. Contact Us
Gobii Inc.
455 Market St, Ste 1940, PMB 790239
San Francisco, California 94105, USA
Email: privacy@gobii.com