Your privacy matters. Here is exactly how we handle your data — plainly and transparently — in compliance with GDPR, CCPA/CPRA, and applicable U.S. state privacy laws.
We never sell your personal information to any third party, ever.
Your individual data is never shared with outside companies or services.
Usage statistics are anonymized and aggregated — never tied to you personally.
When you visit our website or sign up for early access to AccGPT, we may collect the following categories of personal information. The table below uses CCPA-defined categories for transparency:
| CCPA Category | Examples | Collected? | Source |
|---|---|---|---|
| Identifiers | Name, email address | Yes | Provided by you (waitlist signup) |
| Internet / Network Activity | Browser type, OS, referring URL, pages visited | Yes | Automatically, via server logs |
| Geolocation | Country / region (derived from IP) | Aggregate only | Automatically, anonymized immediately |
| Financial / Payment Data | Credit card, billing information | No | N/A |
| Sensitive Personal Information | SSN, health data, biometric, government ID | No | N/A |
| Behavioral Profiles / Inferences | Ad targeting profiles, behavioral data | No | N/A |
We collect the minimum necessary. We do not collect sensitive personal information, financial data, government IDs, or behavioral profiles. Collection is limited strictly to what is needed to operate our service and communicate with you.
Any personal information you provide is used exclusively for the following purposes:
Communications: To send you product announcements, launch notifications, and updates you requested by joining our waitlist, and to respond to any support inquiries you contact us about.
Service delivery: To administer your access to AccGPT once the product is available and provide the functionality you request.
Product improvement: To analyze aggregated, anonymized usage patterns so we can improve the product. This analysis is never tied to your individual identity.
We do not use your personal information for advertising profiling, behavioral targeting, automated decision-making with legal effects, or any purpose unrelated to delivering AccGPT to you.
Under the EU General Data Protection Regulation (GDPR), we must identify a lawful basis for each type of processing we perform. Our lawful bases are as follows:
| Processing Activity | Lawful Basis | Explanation |
|---|---|---|
| Sending waitlist and product update emails | Consent — Art. 6(1)(a) | You actively submitted your email to receive updates. You may withdraw consent at any time. |
| Responding to support / contact inquiries | Legitimate Interests — Art. 6(1)(f) | We have a legitimate interest in responding to people who contact us directly. |
| Server logs and security monitoring | Legitimate Interests — Art. 6(1)(f) | We have a legitimate interest in maintaining the security and stability of our systems. |
| Compliance with legal obligations | Legal Obligation — Art. 6(1)(c) | Where disclosure is required by a court order, subpoena, or applicable regulation. |
Right to withdraw consent. Where processing is based on your consent (e.g., receiving our emails), you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing. To withdraw, use the unsubscribe link in any email or contact us to be removed.
AccGPT does not sell, rent, lease, or otherwise transfer your personal information to any third party for any consideration — monetary or otherwise. This applies to data brokers, advertising networks, analytics companies, and any other outside organization.
This commitment also covers "sharing" as defined under the CCPA/CPRA — we do not share personal information with third parties for cross-context behavioral advertising purposes.
This is an absolute commitment. We will never sell your personal information to third parties. No exceptions, no fine print, no "partners" who receive your data in exchange for services. Your information belongs to you.
We do not share your individual personal information with third parties for commercial purposes. We do not provide your name, email address, usage patterns, or any other personally identifiable information to external companies, organizations, or individuals.
The only narrow exceptions where disclosure may occur are:
(1) Legal compliance: To comply with a valid legal obligation such as a court order, subpoena, or applicable law — and only to the minimum extent required.
(2) Safety: To protect the rights, property, or safety of AccGPT, our users, or the public, as required or permitted by applicable law.
(3) Service providers: We may use limited third-party service providers (such as email delivery services) solely to operate our waitlist. These providers are contractually prohibited from using your data for any other purpose, must maintain appropriate security standards, and receive only the minimum data strictly necessary.
No commercial data sharing. We do not integrate advertising SDKs, sell leads, or participate in data-sharing arrangements with marketing or analytics vendors that would expose your personal identity.
We may compile and analyze aggregated, anonymized data about how users interact with our website and products. This type of data cannot be used to identify any individual person. Examples include total visitor counts, feature usage frequency across all users, and general geographic distribution by region or country.
Aggregated data helps us understand how AccGPT is being used so we can improve the product. This information may occasionally be referenced in public communications — for example, noting that thousands of developers use a particular feature — but it will never reveal or imply anything about any individual user.
Aggregated data ≠ personal data. When we report on usage, we are talking about the entire user base as a whole. Your individual activity, identity, and behavior are never extracted or reported separately.
We retain personal information only for as long as necessary for the purposes described in this policy, or as required by law. Our specific retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Waitlist name & email address | Until you unsubscribe, or 24 months from last engagement — whichever comes first | To fulfill the communication purpose you consented to |
| Support / contact emails | 3 years from date of inquiry | To maintain a record of correspondence and resolve follow-up issues |
| Server / access logs | 90 days | Security monitoring and abuse prevention |
| Anonymized / aggregated analytics | Indefinite | Non-personal data used for product improvement |
Upon expiration of the applicable retention period, personal information will be securely deleted or irreversibly anonymized. You may request deletion at any time — see Your Rights below.
Our website uses a minimal set of technologies that may store or access data on your device. We do not use advertising cookies, tracking pixels, or behavioral profiling tools of any kind.
| Technology | Purpose | Type | Opt-Out? |
|---|---|---|---|
| Google Fonts | Loads typefaces used on this page. Google's servers receive your IP address when fonts are fetched. | Third-party DNS request | Yes — block in browser or via content blocker |
| Server-side logs | Standard web server logging (IP address, browser, timestamp) | Strictly necessary | No — required for site operation |
| Advertising / tracking cookies | Not used | None | N/A |
No advertising cookies. We do not use cookies or tracking technologies for advertising, re-targeting, or behavioral profiling. If we add any analytics tools in the future, we will update this policy and, where required by law, seek your consent before activating them.
We take reasonable and appropriate technical and organizational measures to protect the personal information we hold from unauthorized access, disclosure, alteration, and destruction. Access to personal data is restricted to authorized personnel who need it to operate and improve the service.
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights or freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law — within 72 hours where feasible under GDPR.
In addition to this website usage Privacy Policy, we have an additional privacy policy for our AI services and API usage. Some tools on our website may use an AI to process your queries directly, and in that case, whenever you use those AI tools, our API Privacy Policy will apply.
For more information about our AI usage and API Privacy Policy, please see our API Privacy Policy page about how we collect data that is submitted through our API for AI processing.
Regardless of where you are located, you have the following rights with respect to your personal information:
We will respond to all requests within 30 days. We do not require you to justify your request. To exercise any of these rights, contact us at any time.
If you are located in the European Union or European Economic Area, the GDPR grants you additional rights beyond those listed above:
You have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA member state. A list of all EU data protection authorities is available at edpb.europa.eu. In the UK (post-Brexit), the relevant authority is the Information Commissioner's Office (ICO).
Data Controller. The data controller responsible for your personal information is: Geoffrey L. Griffith, Founder, AccGPT. Contact: contact us here. We will respond to GDPR requests within 30 days, extendable by up to 60 additional days for complex requests, with notice to you.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.
Do Not Sell or Share My Personal Information. We do not sell or share your personal information with third parties for cross-context behavioral advertising or any commercial purpose. No opt-out action is required, but you may confirm this in writing by contacting us here with the subject line "California Privacy Request."
We will verify your identity and respond within 45 days, extendable by an additional 45 days when reasonably necessary with prior notice. You may designate an authorized agent to submit a request on your behalf, provided the agent presents written authorization signed by you.
Several U.S. states have enacted comprehensive consumer privacy laws. Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with applicable privacy laws are entitled to similar rights as those described in this policy — including the rights to access, correct, delete, and opt out of the sale of personal data.
In all cases, we honor the same core principles: we do not sell your personal information, we do not share it for cross-context behavioral advertising, and we will respond to verifiable consumer requests within the timeframes required by your state's law.
If you believe your state-specific privacy rights have not been honored, you have the right to appeal our decision by contacting us here with the subject line "Privacy Rights Appeal." We will review and respond within 60 days.
One standard for everyone. Rather than applying minimum standards by jurisdiction, we apply our strongest privacy commitments — no selling, no sharing, and full rights to access and deletion — to all users regardless of location.
AccGPT is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Our product is designed for software developers and database professionals and is not appropriate for use by minors.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately. We will promptly delete such information from our records.
In jurisdictions where the age of digital consent is higher than 13 — for example, 16 in certain EU member states under GDPR Article 8 — we apply the higher applicable age threshold for residents of those jurisdictions.
AccGPT is operated from the United States. If you are located outside the United States — including in the EU or EEA — your personal information will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.
Where required by law, we ensure such transfers are protected by appropriate safeguards. For transfers from the EU/EEA to the United States, we rely on one or more of the following mechanisms:
Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses with any third-party service providers who process EU/EEA personal data in the United States, as permitted under GDPR Article 46(2)(c).
EU-U.S. Data Privacy Framework: Where applicable, we may rely on the EU-U.S. Data Privacy Framework as an additional transfer mechanism.
You may request a copy of the relevant transfer safeguards by contacting us.
All commercial email communications sent by AccGPT comply with the CAN-SPAM Act of 2003. Specifically:
Honest identification: We will never use deceptive subject lines or misleading "From" names. Every email will clearly identify AccGPT as the sender.
Physical mailing address: Every commercial email we send will include our valid physical mailing address as required by law.
Clear opt-out mechanism: Every email includes a clear and conspicuous unsubscribe link. Opt-out requests will be honored within 10 business days and at no cost to you.
No barrier to unsubscribe: We will never charge a fee, require information beyond your email address, or make you take more than a single step to unsubscribe from commercial emails.
Note that you may still receive transactional or account-related emails (e.g., access credentials or service notices) after unsubscribing from marketing communications, as these are exempt from CAN-SPAM opt-out requirements.
We may update this Privacy Policy from time to time as our product evolves or as laws change. Any material changes will be communicated to waitlist members via email and posted on this page with a revised effective date at least 30 days before taking effect where practicable.
We are committed to maintaining the core privacy principles in this policy — particularly our commitments not to sell or share your personal information — regardless of how the product grows. If a future change would materially weaken your privacy protections and requires fresh consent under GDPR or applicable law, we will seek that consent before the change takes effect.
To exercise any privacy right, submit a data deletion or access request, or ask any question about this policy, contact our data controller directly. We aim to respond within 30 days.
Data Controller: Geoffrey L. Griffith, AccGPT | Contact Us
Contact Privacy Team →