Privacy Policy

Get Started
Legal & Compliance

Privacy Policy

Last updated: June 24, 2026

1. Information We Collect

At Goaly, we respect your privacy and are committed to protecting the financial and personal data you share with us. To deliver our gamified tracking, calendar, and AI bookkeeping services, we collect several types of information:

A. Account Information

When you register, we collect your name, email address, password, and phone number. Your phone number is utilized solely for securing your account via Two-Factor Authentication (2FA).

B. Financial Logs & Bookkeeping Data

To operate your income calendar, we collect and store the revenue amounts, transaction dates, expense records, gig types (e.g., rideshare, design contract), and write-off notes you enter.

C. Receipt Images & Invoices (Vision OCR)

If you upload receipt images or invoices to the AI scanner, we temporarily process and store these images to extract text, totals, merchants, and tax categories.

D. AI Chat Logs

We store conversational interactions and text queries you submit to the AI Co-Pilot Advisor to maintain chat context and provide real-time financial assistance.

2. How We Use Your Information

We use the information we collect to operate, improve, and personalize our Services. Specifically, we use your data to:

  • Create and maintain your income calendar, ledger dashboards, and tax write-off trackers.
  • Execute receipt scanning via Vision AI to automate expense logging.
  • Analyze chat history to deliver contextual, real-time coaching from the AI Co-Pilot Advisor.
  • Manage and calculate Accountability Stakes, track your weekly targets, and manage the Goaly Points (GP) pool.
  • Send security notifications, 2FA verification codes, and support communications.
  • Refine and train our proprietary financial parsing algorithms and LLMs. **Note:** Any data used for model training is thoroughly anonymized, stripped of personally identifiable information (PII), and aggregated. We do not train models on raw, identifiable customer bank logs or receipt images.

3. Data Sharing & Disclosure

We hold your financial confidentiality in the highest regard. **We do not sell, rent, or trade your personal or financial information to third parties under any circumstances.**

We only share your information with trusted third-party service providers (subprocessors) that perform essential services for us, including:

  • Cloud Infrastructure: Secure hosting and database management (e.g., Supabase, Prisma, secure cloud nodes).
  • AI and OCR Partners: Secure artificial intelligence engines (e.g., Google Gemini API) to process receipt text and power the conversational Co-Pilot.
  • Payment Processors: Secure gateways to manage subscriptions and renewals.
  • Communication Tools: Services to transmit Email 2FA codes (e.g., SMTP relays).

We may also disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4. Data Security & Retention

Goaly employs advanced security protocols to keep your data safe. We use industry-standard Transport Layer Security (TLS) encryption for all data in transit. In our databases, sensitive fields (such as phone numbers and transaction particulars) are protected using robust AES-256 equivalent encryption at rest.

We restrict access to personal information to Goaly employees, contractors, and agents who need to know that information to process it, all of whom are subject to strict confidentiality agreements.

Data Retention: We retain your personal and financial data as long as your account remains active. If you choose to delete your account, we will purge all associated records from our active databases within thirty (30) days, except where retention is required to comply with regulatory, tax, or legal obligations.

5. Your Rights (GDPR / CCPA)

Depending on your geographical location (such as the European Economic Area under GDPR or California under the CCPA), you possess specific rights regarding your personal information, including:

  • The Right to Access: You can request a copy of all personal and financial data we hold about you.
  • The Right to Rectification: You can correct any inaccurate or incomplete information directly inside your settings dashboard.
  • The Right to Erasure (Deletion): You can request that we delete your account and wipe all associated ledger logs, receipt images, and credentials.
  • The Right to Data Portability: You can request an export of your transaction history in a structured, machine-readable format (such as CSV).

To exercise any of these rights, please contact our data compliance officer at support@goaly.tech. We will verify your identity before processing any request.

6. Cookies & Tracking Technologies

We use cookies and equivalent browser storage mechanisms (such as LocalStorage) to deliver a seamless, premium user experience. We use:

  • Authentication Tokens: To keep you logged in securely as you navigate our dashboards.
  • Preferences: To remember configurations such as your dark/emerald color theme (stored in LocalStorage as goaly-theme).
  • Translation Session: To coordinate language overlays when using the Google Translate Widget.

You can configure your browser to block or delete cookies, but doing so may cause certain parts of our dashboards or auth parameters to malfunction.

7. Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy or how we handle your bookkeeping records, please do not hesitate to contact us:

Email: support@goaly.tech

Office: Goaly Legal & Compliance Dept.

Website: goaly.tech