Privacy Policy

1. Introduction

This Privacy Policy describes how GoldenRetriever (the “App”), a macOS desktop application produced by Do Your Bit Ltd (Company No. 813003), collects, processes, and protects your personal data. GoldenRetriever indexes local files, generates embedding vectors, and provides AI-powered search and Q&A capabilities.

This policy applies to all users, including those in the European Union, EEA, United Kingdom, United States, and California.

2. The Shape of the System

Three places where data lives, so the rest of this policy makes sense:

• On your Mac. Your original files stay where you put them — GoldenRetriever never copies or uploads them to our servers. The local SQLite chunk database and the local Qdrant vector index both sit under ~/Library/Application Support/KnowledgeEngine/. Qdrant runs as a bundled binary launched by the app, not as a Docker container or a cloud service.
• Your chosen AI provider. To run AI features, the relevant content of your files (extracted text, and for some file types — PDF, image, iWork, RTF, HTML, audio, video — the original bytes inline) is transmitted directly from your Mac to your chosen AI provider's API using your own API key. By default that provider is Google's Gemini API. The Company does not act as an intermediary for this traffic and does not see your file content.
• Our billing backend. A Symfony API hosted on Hetzner Cloud in Nuremberg, Germany, handles account and subscription state, Stripe webhook processing, and app-update metadata. It does not process the content of your files.

3. What We Collect

Account Data

Email address, subscription tier, billing cycle, and account timestamps.

File Content & Embeddings

The App reads the files you choose to index (PDFs, documents, images, audio, video, iWork, Office, plain text, Markdown, RTF, HTML, CSV, JSON, XML) directly from your Mac. To generate embedding vectors the App sends content to Google's Gemini API on your own API key. Depending on the file type, that content is either extracted text or the original file bytes encoded inline. The resulting embedding vectors are stored on your Mac in the bundled local Qdrant index. Vectors are not transmitted to the Company.

Search & Q&A Data

When you search, your query is embedded via the Gemini API on your own key. When you ask a question, retrieved chunks of file content and your question are sent to your selected Q&A provider — by default Google's Gemini, optionally OpenAI, Anthropic, a local Ollama model, or any OpenAI-compatible endpoint you configure. Whose terms govern retention is the chosen provider's.

Payment Data

Payment information is processed by Stripe. We do not store full card details. Stripe retains payment records per tax law requirements (typically 7 years).

Device & Diagnostic Data

macOS version, app version, install identifier, and crash reports for troubleshooting purposes (collected via Sentry and TelemetryDeck). Beta builds may collect additional diagnostic data.

4. How We Use Your Data

5. Where Your Data Lives

On your Mac: Original files (untouched, in place). The local Qdrant vector index and SQLite chunk database under ~/Library/Application Support/KnowledgeEngine/. The local SQLite database is currently stored unencrypted; an at-rest encryption option (SQLCipher) is implemented in code and on the roadmap to be enabled in shipping builds for paid tiers — until then, rely on macOS FileVault and account-level access controls.

Your AI provider (default Google Gemini): File content is transmitted transiently from your Mac to your chosen provider's API using your own key. Retention, training-use, and regional processing are governed by that provider's terms — for Google's Gemini API, that means Google Cloud Terms (consumer or Workspace as applicable to your account). The Company does not retain copies.

Our billing backend (Hetzner Nuremberg): Account state, subscription metadata, and Stripe webhook records sit on infrastructure in the European Union. The backend does not process file content.

Stripe: Payment and billing data is processed and stored by Stripe under their Data Processing Agreement.

6. Third-Party Processors

• Google (Gemini API) — embedding, transcription, media description, and (when selected) Q&A. Subject to Google Cloud Terms applicable to the account that owns your API key.
• OpenAI / Anthropic — Q&A only, and only if you select them as your provider in app settings. Subject to those providers' terms on your own account.
• Ollama or any OpenAI-compatible endpoint — Q&A only, and only if you point GoldenRetriever at it. May be local-only with no third-party processor involved.
• Stripe — payment processing and subscription management. GDPR-compliant via DPA and SCCs.
• Hetzner Cloud (Nuremberg) — hosts our billing backend within the EU.
• Postmark — transactional email delivery for magic links and account communications.
• Sentry & TelemetryDeck — crash reporting and diagnostic telemetry.
• Qdrant — bundled vector database running locally on your device (no cloud transfer).

7. International Data Transfers

Our billing backend and account data sit within the European Union (Hetzner Nuremberg). Stripe may process payment data in the United States; transfers rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework. The regional processing location for your AI traffic depends on which provider you choose and which region their account is set to — by default, Google's Gemini API consumer endpoint is operated in the United States.

8. Your Rights

EU/EEA Residents (GDPR)

You have the right to access, rectify, erase, restrict processing, port your data, object to processing, and withdraw consent at any time. Exercise these rights in-app via Settings → Privacy, or by emailing our Data Protection Officer.

UK Residents (UK GDPR)

Same rights as GDPR, plus the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

California Residents (CCPA/CPRA)

You have the right to know what data we collect, request deletion, opt out of sale/sharing (we do not sell your data), correct inaccuracies, and not be discriminated against for exercising your rights. We respond within 45 calendar days.

9. Data Retention

While your account is active, we retain your account data on the billing backend. Indexed files, chunk metadata, and embedding vectors live only on your Mac and are deleted by uninstalling the app or clearing the data directory. Diagnostic telemetry is retained for up to 2 years in pseudonymised form. Upon account deletion, we immediately delete account credentials and subscription data; payment records may be retained by Stripe for up to 7 years per tax law.

10. Data Breach Notification

If we discover a breach affecting your personal data, we will notify you and relevant authorities within 72 hours, including details of the breach, affected data, likely consequences, and mitigation measures taken. The Company is not in a position to notify you of breaches affecting your AI provider's infrastructure — for that, refer to the provider's incident-response process.

11. Children's Privacy

GoldenRetriever is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Cookies & Tracking

GoldenRetriever is a native macOS desktop application and does not use cookies, web beacons, pixels, or other persistent tracking technologies. The marketing website at goldenretriever.ai uses Google Tag Manager for analytics — see that site's cookie banner for choices.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via in-app notification and email. By continuing to use GoldenRetriever after an update, you accept the revised policy.

14. Contact

For privacy questions or to exercise your rights, contact us at [email protected].