Privacy Policy

Goodeye Labs, Inc. ("Goodeye," "we," "us," or "our") is a Delaware corporation that operates Goodeye, an outcome-aligned AI workflow registry and optimizer. Goodeye turns a stated business outcome into a deployed AI workflow (a markdown runbook) together with verifiers, which are automated checks that run on an agent's output.

This Privacy Policy applies to all of the ways you interact with Goodeye, including the public web catalog at goodeye.dev, our Model Context Protocol (MCP) server, our REST API, and our command-line interface (CLI).

Goodeye is designed to be used by both people and AI agents. An AI agent may connect to Goodeye and act on your behalf, including by creating, fetching, and running workflows and verifiers. When an agent acts on your behalf, the data it submits through your account or credentials is treated as your data under this Policy, and you are responsible for the instructions you give that agent.

If you do not agree with this Policy, please do not use Goodeye. Where we act as a processor or service provider for content you submit on behalf of others, the controller or business that engaged you remains responsible for providing notice to, and obtaining any rights from, the individuals whose data is included in that content.

If you have entered into a separate written agreement with us, such as a data processing agreement, that agreement controls how we handle the data it covers to the extent its terms conflict with this Policy.

We collect the following categories of information when you use Goodeye:

Account information

• Your email address, which you provide when you create an account or sign in.
• An optional display name.
• API keys issued by Goodeye. We store only a hashed form and an identifier for each key, never the plaintext secret. The full secret is shown to you once at the time of creation and is not recoverable afterward. Goodeye does not ask for, receive, or store your own keys for third-party AI providers.

Content you submit

• Private workflow bodies, which are the markdown runbooks you author or fork.
• Verifier definitions, including the criteria and any examples that describe how a verifier should judge an output.
• Image URLs you provide for verifiers that judge images. The URL, and the image it points to, are processed so the verifier can evaluate the image.
• Other text and parameters you submit when you run a workflow or a verifier, and the outputs that workflows and verifiers produce.

Public content

• Public template content. When you publish a template, the workflow body and metadata you publish become publicly available.
• Your chosen public handle, which is the public identity attributed to content you publish.

Usage, metering, and collaboration data

• Usage and metering events that record when workflows and verifiers run and the associated resource use, so that we can operate, secure, and bill the service.
• Teams and membership information, including team names, members, and the roles assigned to collaborators on shared workflows.

Automatically collected data

• Technical and usage data that is generated automatically when you interact with Goodeye, such as IP address, device and browser characteristics, request metadata, timestamps, and the pages or endpoints you access.
• Analytics data collected through our analytics provider to help us understand how the service is used and to improve it.

Payment information (future)

We do not collect payment information today. If and when we launch paid checkout, payment information will be collected and processed by a third-party payment processor, and we will update this Policy before that processing begins.

We use the information described above to operate, secure, support, improve, and develop our products and services. In particular, we use it for the following purposes:

• To operate, maintain, and secure Goodeye, including authenticating users, provisioning API keys, preventing fraud and abuse, and protecting the integrity of the service.
• To run workflows and verifiers that you or an agent acting on your behalf invoke, which includes sending content to third-party AI providers as described in the section on third-party AI providers and the server-side data flow.
• To meter usage and to bill for it, and to provide you with records of your usage.
• To provide support and to communicate with you about your account, security and service notices, and changes to our terms or policies.
• To improve and develop our products and services.
• To comply with applicable law and to respond to lawful requests, and to establish, exercise, or defend legal claims.

We may create and use aggregated and de-identified data, and may share it with third parties, for any lawful purpose, including building analytics, benchmarks, and derived datasets. We do not attempt to re-identify data we have de-identified.

Where the law requires a legal basis for processing, we rely on the performance of our contract with you to provide the service, on our legitimate interests in operating and improving Goodeye and preventing abuse, on your consent where we ask for it (for example for certain analytics cookies), and on compliance with legal obligations.

This section describes the most important way Goodeye handles your content, and it differs from products that run AI calls using your own provider keys.

To run workflows and verifiers, Goodeye makes AI calls on your behalf using our own accounts with third-party AI providers. This means that content you submit, including workflow bodies, verifier definitions and examples, the inputs and outputs of a run, and image URLs you provide (and the images they reference), is sent from our servers to those AI providers so they can process it and return a result. Because we use our own provider accounts, you do not need to supply, and we do not collect, your own AI provider keys.

The AI content providers we use are OpenAI, Anthropic, and Perplexity. Which provider receives a given request depends on the workflow or verifier being run.

When you provide an image URL to a verifier that judges images, that URL is sent to the relevant AI provider, and the provider retrieves and processes the image at that URL in order to evaluate it. Do not submit URLs that point to content you are not authorized to share.

These AI providers do not train their models on content we submit through their commercial application programming interfaces. They may retain or review that content for a limited period to detect abuse and to comply with law. Their handling of submitted content is governed by their own terms and privacy commitments and by our agreements with them.

We engage trusted third-party companies, called subprocessors, to help us provide Goodeye, including our AI content providers, hosting, identity, and analytics. Our Subprocessors page lists the current set; we post changes there and notify account holders by email about material changes, such as adding a new subprocessor that processes account or content data. We require our subprocessors, by contract, to protect the data we share with them.

Where we act as a processor or service provider that handles personal data on behalf of an organization, that organization can enter into a data processing agreement with us that governs how we handle that data, including breach notification, subprocessor approval, and deletion. To request one, or to discuss other enterprise or custom terms, contact us at hello@goodeyelabs.com.

You can browse the public catalog and run published templates without an account. Running a published template can trigger metered AI use, so we still need to account for and protect that activity.

For callers who are not signed in, we meter activity using a hashed form of your IP address. We treat this hashed value as pseudonymous personal data: it is derived from personal data and is used to distinguish callers, but on its own it does not directly identify you. We use it to meter usage, enforce fair-use limits, and prevent abuse of the service. We do not attempt to re-identify the individuals behind a hashed IP address, and we do not combine it with other data in order to do so.

Goodeye lets you publish a workflow as a template so that others can find and use it. When you publish a template, the content you publish becomes public.

• A published template is a fixed public copy of a workflow at the version you published. Each published version is kept as its own permanent record.
• Your chosen handle is your public identity and is attributed to the templates you publish. Do not put information into a handle, a template, or its metadata that you do not want to be public.
• Publishing is optional. Your private workflows are not made public unless and until you publish them as a template.

Goodeye supports teams and the sharing of private workflows with other users.

• A team has an owner and members. Team owners and members can see team membership and the workflows shared with the team, according to the roles assigned to them.
• When you share a workflow, you grant collaborators a role such as view, edit, admin, or owner. The role determines what a collaborator can see and do, including reading or modifying the workflow body.
• Information you place in a shared workflow or a team becomes visible to the people who have access to it. Share only with people you trust, and remove access when it is no longer needed.

Verifiers make automated judgments about your submitted content, such as whether an agent's output meets a stated criterion. These are judgments about that content, not decisions that evaluate, score, or profile you as a consumer. You must not submit sensitive or regulated personal data: we do not knowingly process special categories of personal data, Goodeye is not designed to handle protected health information, and we do not offer or enter into a business associate agreement under the U.S. Health Insurance Portability and Accountability Act (HIPAA).

We retain personal data for as long as it is needed for the purposes described in this Policy.

• Account information, workflows, verifiers, teams, and related records are retained while your account is active and for as long as needed to provide the service.
• Usage and metering events are retained as needed to operate, secure, and bill for the service and to meet our legal and accounting obligations.
• When you delete content or close your account, we delete or de-identify the associated personal data within a reasonable period, except where we must retain it to comply with law, resolve disputes, prevent abuse, or enforce our agreements.

Content sent to our AI providers is retained under those providers' own API data policies; see our Subprocessors page.

We keep secure backups for resilience and disaster recovery. Data may persist in encrypted backups for a limited period after it is deleted from our active systems, after which it is overwritten or expires on our normal backup cycle.

We use technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction.

• We encrypt data in transit and at rest.
• We store API key secrets only as hashes, so the plaintext secret cannot be read from our systems.
• We limit access to personal data to people who need it to operate the service, and we apply authentication and access controls.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Protect your account by keeping your credentials and API keys confidential, and notify us promptly if you believe your account or a key has been compromised.

If we become aware of a breach of security that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to personal data, we will notify affected users and the relevant supervisory authorities as and when required by applicable law, and within the timeframes the law requires. We will describe the nature of the incident and the steps we are taking in response.

Goodeye is operated from the United States, and we process and store data there. If you use Goodeye from outside the United States, your information will be transferred to and processed in the United States and in other countries where our subprocessors operate, which may have data protection laws that differ from those in your country.

For transfers of personal data from the European Economic Area, the United Kingdom, and Switzerland, including the transfer to our AI providers needed to run workflows and verifiers, we rely on the Standard Contractual Clauses and/or the EU-US Data Privacy Framework, as applicable (plus the UK Addendum or Swiss equivalent). For other international transfers, we rely on appropriate safeguards or, where applicable, your consent.

Depending on where you live, you may have rights over your personal data, including the rights to access it, to correct it, to delete it, to receive a portable copy of it, to restrict or object to certain processing, and to withdraw consent where processing is based on consent (for residents of the European Economic Area and the United Kingdom, the full set of rights under the General Data Protection Regulation and the UK General Data Protection Regulation).

We do not yet offer a self-serve tool to export or delete your data. To exercise any of these rights, email us at hello@goodeyelabs.com and describe your request. We may need to verify your identity before we act. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA/CPRA).

• We do not sell or share (as those terms are defined under the CCPA) the personal information in your content. We do not share personal information for cross-context behavioral advertising.
• The third parties that process personal information for us, including our AI providers, are contractually bound as service providers and may use the information only to perform services for us.
• Subject to the CCPA/CPRA, you have the right to know what personal information we collect and how we use and disclose it, the right to request deletion, the right to correct inaccurate personal information, and the right not to receive discriminatory treatment for exercising your rights.

To exercise these rights, email us at hello@goodeyelabs.com. You may use an authorized agent to make a request on your behalf, subject to our verification of the request.

Goodeye is for adults. You may use Goodeye only if you are at least 18 years old, or the age of majority in the place where you live if that age is higher.

Goodeye is not directed to children, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at hello@goodeyelabs.com so we can delete it.

We may update this Privacy Policy from time to time. When we do, we will post the updated version with a revised effective date at the top. For material changes, we will also notify account holders by email. Your continued use of Goodeye after an update takes effect means you accept the updated Policy.

If you have any questions about this Policy or our handling of your personal data, contact us at hello@goodeyelabs.com.