Legal
Privacy Policy
Effective date: June 1, 2026 · Last updated: June 1, 2026
The short version: We collect only what we need to run the service. We do not sell your data. We do not share it with third parties except the essential service providers listed below. You can request deletion of your data at any time.
1. Who We Are
Guided is operated by Groundwork ("we," "us," or "our"), accessible at guided.gwork.tech. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Guided service.
If you have questions about this policy, contact us at hello@gwork.tech.
2. What Information We Collect
| Category |
What we collect |
Why |
| Account |
Email address |
Authentication and communication |
| Conversations |
Messages you send to John, AI responses |
Provide the service, maintain context |
| Build flows |
Your saved build plans and step completions |
Flow replay, sharing, account history |
| Payment |
Billing status, subscription tier (via Stripe — we never store card numbers) |
Manage subscription access |
| Usage |
Number of sessions used, feature usage |
Enforce plan limits, improve product |
| Technical |
Session cookie (httponly, secure), server logs |
Authentication, security, debugging |
We do not collect: your real name (unless you provide it in conversation), phone number, physical address, or any information beyond what is listed above.
3. How We Use Your Information
We use the information we collect to:
- Provide the service: Authenticate you, load your conversation history, deliver John's AI guidance, save and retrieve your build flows
- Improve the guidance: Understand common use cases, improve John's responses and platform knowledge (using aggregated, anonymized patterns — not linked to individuals)
- Send transactional emails: Sign-in codes, build recap emails, subscription confirmations, and important service updates. We do not send marketing emails without your explicit opt-in.
- Enforce plan limits: Track session usage to correctly gate features by subscription tier
- Maintain security: Detect and prevent abuse, fraudulent accounts, and unauthorized access
4. What We Do NOT Do
We do not sell your data. Ever. To anyone. Full stop.
- We do not sell, rent, or trade your personal information to any third party
- We do not use your conversation content for advertising targeting
- We do not share your data with data brokers
- We do not use your data to train AI models without explicit consent
- We do not share your email with marketing lists
5. Third-Party Service Providers
To run Guided, we share limited data with these essential service providers under contractual data protection obligations:
| Provider |
Purpose |
Data shared |
| Stripe |
Payment processing and subscription management |
Email, billing info (card details held by Stripe, not us) |
| Anthropic |
AI language model powering John's responses |
Conversation messages (processed per Anthropic's API terms) |
| SendGrid |
Transactional email delivery (sign-in codes, recaps) |
Email address, email content |
Each of these providers has their own privacy policies and security practices. We share only the minimum data necessary for each provider to fulfill their function.
6. Cookies and Session Storage
We use a single session cookie for authentication:
- Cookie name:
guided_session
- Purpose: Keeps you signed in between page loads
- Type: HTTP-only (not accessible to JavaScript), Secure (HTTPS only), SameSite=Lax
- Duration: 7 days from sign-in, or until you sign out
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use Google Analytics or any behavioral tracking tools.
7. Data Retention
- Conversation history: Retained for 12 months from the date of each message
- Build flows: Retained until you request deletion or close your account
- Account data: Retained as long as your account exists
- Session cookies: Expire after 7 days or on sign-out
- Server logs: Retained for up to 30 days for security and debugging purposes
- On account deletion: All personal data (email, conversations, flows) is permanently deleted within 30 days of your request
8. Your Rights and Controls
You have the following rights with respect to your personal data:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and all associated data
- Portability: Request an export of your conversation history and build flows in JSON format
- Objection: Object to specific uses of your data
To exercise any of these rights, email us at hello@gwork.tech. We will respond within 30 days.
9. GDPR (EU Residents)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Our legal basis for processing your data is (a) contract performance — to deliver the service you've signed up for — and (b) legitimate interests — to improve the service and prevent abuse
- You have the right to lodge a complaint with your local data protection authority
- You may request that we restrict processing of your data while a complaint is pending
- We do not transfer your data outside the EEA except to the service providers listed in Section 5, each of which operates under appropriate safeguards (Standard Contractual Clauses or adequacy decisions)
To contact our data protection point of contact, email hello@gwork.tech with the subject line "GDPR Request."
10. CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you
- Right to Delete: You may request deletion of your personal information (subject to certain exceptions)
- Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply — but we want to be clear that we do not sell data
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To submit a CCPA request, email hello@gwork.tech with the subject line "CCPA Request."
11. Children's Privacy
Guided is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly.
If you believe we may have information from or about a child under 13, please contact us at hello@gwork.tech.
12. Security
We take reasonable technical and organizational measures to protect your data, including:
- HTTPS encryption for all data in transit
- HTTP-only, secure session cookies
- No storage of payment card data (handled entirely by Stripe)
- Access controls limiting who can view user data
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email (if you have an account) or by posting a notice on the website. The "last updated" date at the top of this page reflects the most recent revision.
Your continued use of Guided after the effective date of the revised policy constitutes your acceptance of the changes.
14. Contact Us
For any privacy-related questions, requests, or concerns:
We will respond to all privacy inquiries within 30 days.