Privacy Policy

We collect the following categories of information:

• Google sign-in profile information. When you sign in with Google, we receive your name, email address, profile image/avatar, and Google account identifier.
• GoalLens account activity: Access code, and sign-in timestamps.
• Workspace information. Workspace names, goals, KPIs, goal-KPI links, sources, analysis results, reports, and workspace settings you create or configure.
• Uploaded evidence files. Files you upload to GoalLens, which may include CSV, XLSX, DOCX, PDF, TXT, PPTX, and other supported formats.
• Extracted and processed content. Parsed text, normalized evidence, summaries, signals, metadata, and GoalLens Map data derived from your uploaded or connected sources.
• Connected source information. If you connect Jira, we collect your Jira site URL, project key, issue type selections, sync status, issue metadata, and synced roadmap/epic-level issue data.
• Secrets and credentials. If you provide Jira API tokens or similar credentials, they are stored encrypted and are not displayed after saving.
• Usage and diagnostic data. Routes viewed, actions taken, analysis runs, upload events, errors, performance information, and browser/device metadata.

We use the information we collect to:

• Provide and operate the GoalLens MVP product.
• Authenticate users with Google.
• Manage workspaces, goals, KPIs, sources, and analysis results.
• Parse and normalize uploaded and connected evidence.
• Generate AI-assisted analysis, recommendations, alignment insights, risks, gaps, and reports.
• Improve reliability, security, debugging, and product quality.
• Control beta access and understand how the product is used.
• Prevent abuse and manage operational costs.

• GoalLens uses Google sign-in only to authenticate users and identify their account.
• We may receive your name, email address, profile picture, and Google account identifier from Google.
• We do not use Google sign-in data for advertising.
• We do not sell Google user data.
• We do not access Google Drive, Gmail, Google Calendar, or other Google Workspace data unless a future feature explicitly requests that permission.
• GoalLens' use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• GoalLens may use third-party AI and model providers to generate analysis, recommendations, and insights.
• GoalLens does not intentionally send raw secrets or credentials to AI providers.
• GoalLens aims to send normalized, compact evidence representations (GoalLens Map) rather than raw uploaded files to AI providers.
• AI-generated outputs may include summaries, recommendations, risks, gaps, and alignment analysis.
• Users should review AI-generated outputs before relying on them for decisions.

GoalLens may share data with service providers necessary to operate the product, including:

• Hosting and infrastructure providers
• Database and storage providers
• Background worker infrastructure
• AI and model providers
• Authentication providers
• Connected source APIs such as Jira, when you choose to connect them

In addition:

• We do not sell personal information.
• We do not share user data for third-party advertising.
• We may disclose information if required by law, or to protect the security, rights, or safety of GoalLens, our users, or others.

• GoalLens uses reasonable technical and organizational measures to protect information.
• Jira API tokens and connector secrets are encrypted before storage where implemented.
• Secrets are not displayed after saving.
• We aim to ensure secrets are not logged or sent to AI providers.
• No system is completely secure, and we cannot guarantee absolute security.

• We retain account, workspace, source, analysis, and activity data while your account or workspace is active.
• You may request deletion of your information (see Section 8).
• Some records may be retained as required for security, backups, debugging, legal compliance, or audit purposes.
• When you disconnect an integration (such as Jira), credentials may be deleted or invalidated. Previously synced evidence may remain in your workspace unless deleted separately.

You may request to:

• Access the information we hold about you
• Correct inaccurate information
• Delete workspace data
• Delete uploaded files or connected source data where supported
• Disconnect integrations
• Request account deletion

To submit a request, contact us at privacy@goallens.co.

GoalLens is not intended for children under the age of 13 and should not be used by children. We do not knowingly collect personal information from children under 13.

GoalLens may process data in the United States or other locations where our service providers operate. By using GoalLens, you acknowledge that your information may be transferred to and processed in countries other than your own.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. We encourage you to review this policy periodically.

If you have questions or concerns about this Privacy Policy or how we handle your information, please contact us at:

privacy@goallens.co