Skip to content

    Privacy Policy

    Last Updated: August 22, 2025

    Introduction

    This Privacy Policy explains how Goldilocks AI, Inc. (“Goldilocks AI,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes Personal Information in connection with our Service. It does not apply to the Personal Information of our employees or contractors.

    1. What is Goldilocks AI?

    Goldilocks AI provides a people search engine designed to help our customers find and learn about professionals (our “Service”). We gather publicly available information and licensed data about individuals (“Profiles”) to create a comprehensive database for our users.

    2. Information We Collect

    2.1. Information in the Goldilocks AI Contributor Database

    We collect Personal Information to build and maintain our database of Profiles. This information is sourced from:

    • Publicly Available Sources: We crawl the web to find publicly accessible information about individuals.
    • Our Contributors: We work with data contributors who provide us with information they have collected.
    • Our Customers: Customers may provide us with information about individuals when they use our Service.

    The information we collect may include:

    • Name, email address, social media profiles.
    • Employment history, including past and present employers and job titles.
    • Educational background.
    • Location (country and city).
    • Contact information, including business email and phone numbers.

    2.2. Information We Collect from You

    When you interact with our Website or Service, we may collect the following information:

    • Account Information: When you create an account, you provide us with your name, email, password, and contact details.
    • Submitted Data: You may provide us with data to use our Service, which may contain Personal Information.
    • Billing Information: We collect payment information when you purchase our services.
    • Communications: If you contact us, we will collect any information you provide in your communications.
    • Website Usage: We automatically collect information about your device and how you interact with our Website (e.g., IP address, browser type, pages viewed) through cookies and similar technologies. For more details, see our Cookie Policy section.

    3. How We Use Information

    We use the information we collect for the following purposes:

    • To Provide the Service: We use information from our database to operate, maintain, and provide the features of our Service to our customers.
    • To Improve the Service: We analyse usage information to understand trends and improve our Service and develop new features.
    • To Communicate with You: We use your contact information to send you service-related announcements, invoices, and other important information.
    • For Security: We use information to enhance the security of our Service by detecting and preventing fraud or abuse.
    • For Legal Compliance: We may use information to comply with legal obligations, such as responding to lawful requests from public authorities.

    4. How We Share Information

    We may share information under the following circumstances:

    • With Our Customers: Our core business is providing Profiles from our database to our customers.
    • With Service Providers: We share information with third-party vendors (e.g., payment processors, cloud hosting providers) who perform services on our behalf.
    • For Legal Reasons: We may disclose information if required by law or in response to a legal process.
    • In Business Transfers: If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.

    5. Your Data Rights and Choices

    You have certain rights regarding your Personal Information. You can:

    • Access or Remove Your Profile: If you have a Profile in our database, you can request to access, correct, or remove it by contacting us.
    • Opt-Out of Communications: You can opt out of receiving promotional emails from us by following the unsubscribe instructions in those emails.
    • Manage Cookies: You can control cookies through your browser settings and our cookie consent tool.

    To exercise these rights, please contact us at chris@goldi.ai.

    6. Data Security

    We implement appropriate technical and organisational measures to protect Personal Information from unauthorised access, use, or disclosure. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information.

    7. Data Retention

    We retain Personal Information for as long as necessary to provide our Service, comply with legal obligations, and resolve disputes. Our goal is to minimise data usage, keeping only what is essential. In accordance with processing grounds, we will implement appropriate and timely actions to delete the data.

    Personal Information data will be kept for a maximum of three years, or as long as it is required, and/or as long as we are legally obligated to retain it. We may take steps to delete it before the three-year period ends. Alternatively, once there is no longer a legal or business need for your data, we may choose to delete or anonymise it entirely.

    8. International Data Transfers

    We are based in the UK, and your information may be processed in the UK as well as in other countries where our service providers, partners, or customers are located. Where we transfer Personal Information outside of the UK or the European Economic Area (EEA), we ensure that such transfers are subject to appropriate safeguards as required by applicable Data Protection Laws.

    In particular, Goldilocks AI, Inc. (as the “data exporter”) and the relevant Licensee (as the “data importer”) enter into the EU Standard Contractual Clauses, as they apply to Module One: Transfer Controller to Controller, with effect from the commencement of the relevant transfer. These Clauses apply to any transfer (or onward transfer) from Goldilocks AI, Inc. to a Licensee where such transfer would otherwise be restricted under Data Protection Laws.

    For the purposes of these Standard Contractual Clauses:

    • Clause 17 (Governing Law) shall be deemed to be pre-populated with Ireland.
    • Annex I.A shall be deemed to include the relevant details of the Parties as set out in this Privacy Policy.
    • Annex I.B (Description of Transfer) and Annex I.C (Competent Supervisory Authority) are deemed to be pre-populated as described in Appendix 1 to this Privacy Policy.

    9. Cookie Policy and Website Analytics

    Our Website uses cookies and analytics tools to enhance functionality and understand how visitors interact with our site. A cookie is a small text file stored on your device.

    9.1. Types of Cookies and Data Collection

    • Essential Cookies: Necessary for the Website to function correctly, including session management and security features.
    • Analytics Cookies: Help us understand how visitors interact with our Website through services like Vercel Analytics.
    • Performance Cookies: Collect information about website performance, loading times, and technical issues to help us improve user experience.
    • Functional Cookies: Remember your preferences and settings to provide a personalised experience.

    9.2. Analytics and Tracking

    We use privacy-focused analytics services to understand website usage and improve our service. This includes:

    • Page Views and Navigation: Which pages you visit and how you navigate through our site
    • User Interactions: Clicks on buttons, form submissions, and engagement with interactive elements
    • Technical Information: Browser type, device type, screen resolution, and operating system
    • Performance Metrics: Page loading times, Core Web Vitals, and technical errors
    • Traffic Sources: How you found our website (search engines, direct visits, referrals)

    We do not collect personally identifiable information through our analytics. All data is aggregated and anonymised.

    9.3. Consent Management

    When you first visit our site, we will ask for your consent to use non-essential cookies and analytics via our consent banner powered by CookieYes. You can:

    • Accept or reject different categories of cookies
    • Change your preferences at any time using the cookie settings link in our footer
    • Withdraw consent, which will immediately stop all non-essential tracking

    Analytics and performance tracking only occur with your explicit consent. Essential cookies required for basic website functionality do not require consent.

    9.4. Data Retention and Privacy

    Analytics data is retained according to our data retention policies and the policies of our analytics providers:

    • Website analytics data is typically retained for 24 months
    • Performance and error data is retained for 12 months
    • All data is processed in accordance with GDPR and other applicable privacy laws
    • You can request deletion of your analytics data by contacting us

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our Website and updating the “Last Updated” date.

    11. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at:

    Goldilocks AI, Inc.
    1111B S Governors Ave #42159
    Dover, DE 19904
    chris@goldi.ai

    Appendix 1 – Annexes to the Standard Contractual Clauses

    Annex I.B – Description of Transfer

    Module One: Transfer Controller to Controller

    • Categories of data subjects: Corporate employees directly linked to technology implementations and decision making (e.g., decision makers, influencers, and users of enterprise technologies).
    • Categories of personal data transferred: Business card information (e.g., name, surname, job title, job function, business email address, social media handle(s), company address and URL, company telephone number).
    • Sensitive data transferred: Not applicable.
    • Frequency of transfer: Continuous for as long as we provide services to the relevant user or Licensee.
    • Nature of processing: Storage, analysis, and use for the purposes stated below.
    • Purpose(s) of transfer and further processing: For use by the data importer in the normal course of their business, including marketing research, market evaluations, direct marketing, and recruitment activities, subject to the data importer's own data protection and privacy policies.
    • Retention period: Personal data will be retained in line with Section 7 (Data Retention) of this Privacy Policy.

    Annex I.C – Competent Supervisory Authority

    Module One: Transfer Controller to Controller

    In accordance with Clause 13 of the Standard Contractual Clauses, the competent supervisory authority shall be:

    • Data Protection Commission, Ireland