Sign in Register

Privacy Policy

Last Updated: February 27, 2026

This Privacy Policy ("Policy") describes how GoodSign Limited, a company incorporated under New Zealand law ("HeyGopher," "Company," "we," "us," or "our"), collects, uses, processes, and protects personal information when you use our business management platform, including our website at https://heygopher.ai and all related services (collectively, the "Service").

We are committed to protecting your privacy and handling your personal information responsibly and in compliance with applicable data protection laws, including the New Zealand Privacy Act 2020, the European Union General Data Protection Regulation (GDPR), and other relevant privacy legislation.

BY USING OUR SERVICE, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS POLICY.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

  • Create and manage your HeyGopher account
  • Create invoices, track time, manage projects, or record expenses
  • Add clients, contacts, or team members
  • Contact our customer support team
  • Subscribe to our newsletters or promotional communications

This information may include:

  • Full name and contact details (email address, phone number, postal address)
  • Account credentials (username, password)
  • Professional information (job title, company name)
  • Client and contact information you enter into the platform
  • Invoice, project, time entry, and expense data
  • Payment and billing information
  • Communication preferences and settings

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Technical information (IP address, browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, time spent on Service)
  • Performance metrics (load times, error reports)
  • Location data (approximate geographic location based on IP address)
  • Session information (login times, session duration)

1.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (Stripe) for transaction processing
  • Identity verification services for account authentication
  • Business partners and integrations you authorize

2. How We Use Your Information

2.1 Service Provision

  • Creating and maintaining your user account
  • Processing invoices, time tracking, project management, and expenses
  • Storing and managing your business data securely
  • Providing customer support and technical assistance
  • Enabling collaboration features between team members

2.2 Service Improvement

  • Analyzing usage patterns to enhance user experience
  • Developing new features and functionality
  • Optimizing Service performance and reliability
  • Customizing content and recommendations

2.3 Communication

  • Sending transactional notifications and service updates
  • Providing customer support and responding to inquiries
  • Delivering marketing communications (with your consent)
  • Notifying you of important changes to our Service or policies

2.4 Legal and Security

  • Complying with legal obligations and regulatory requirements
  • Protecting against fraud, abuse, and security threats
  • Enforcing our Terms of Service and other agreements
  • Resolving disputes and investigating complaints

3. Legal Basis for Processing

3.1 Contractual Necessity

Processing necessary to perform our contract with you and provide the Service you requested.

3.2 Legitimate Interests

Processing necessary for our legitimate business interests, including service improvement, security and fraud prevention, and administrative purposes.

3.3 Legal Compliance

Processing required to comply with applicable laws, regulations, and legal obligations.

3.4 Consent

Processing based on your explicit consent, which you may withdraw at any time.

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in:

  • Cloud infrastructure and data storage
  • Payment processing and billing (Stripe)
  • Customer support and communication
  • Analytics and performance monitoring (Plausible Analytics)
  • Email delivery (Mailgun)

4.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process, court orders, or government requests
  • Protect our rights, property, and safety
  • Investigate potential violations of our Terms of Service
  • Prevent fraud, abuse, or illegal activities

4.3 Business Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to appropriate privacy protections.

5. Data Retention

5.1 Retention Periods

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

5.2 Account Deletion

When you close your account, we will deactivate your access and delete or anonymize your personal information within a reasonable timeframe, retaining only what is required by law or legitimate business interests.

6. Data Security and Protection

6.1 Security Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Incident response and recovery procedures

6.2 Security Limitations

While we implement robust security measures, no system is completely secure. You acknowledge that internet transmission carries inherent risks and you should take appropriate precautions to protect your account.

7. International Data Transfers

As a global service, we may transfer your information to countries outside your residence. For transfers to countries without adequate data protection, we implement standard contractual clauses and appropriate safeguards.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage. For detailed information, please see our Cookie Policy.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Restriction: Request limitation of processing activities
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@heygopher.ai.

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

11. California Privacy Rights (CCPA)

California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination for exercising privacy rights. We do not sell personal information.

12. European Union Privacy Rights (GDPR)

For EU residents, we comply with the General Data Protection Regulation, including lawful basis for all processing activities, data protection by design and default, and privacy impact assessments where required. EU residents may lodge complaints with their local data protection supervisory authority.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will investigate and contain the incident, notify relevant authorities within 72 hours, inform affected individuals without undue delay, and provide guidance on protective measures.

14. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes through email notification, prominent notice on our website, or in-app notifications. The "Last Updated" date above will be revised accordingly.

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy, please contact us:

GoodSign Limited
Privacy Officer
2 Stuart Street, Ponsonby
Auckland 1011, New Zealand

Email: privacy@heygopher.ai
Data Protection Officer: John Ballinger
Email: dpo@heygopher.ai