Goal AI
Terms of Use and Privacy Notice
Effective Date: August 12, 2025
Introduction
These Terms of Use and Privacy Notice together form a single agreement that governs access to and use of Goal AI’s websites, applications, and related services. The agreement refers to these collectively as the “Service.” By accessing or using the Service, you acknowledge that you have read and understood this agreement and that you agree to be bound by it. If your employer or another organization with which you are affiliated has entered into a separate written agreement with Goal AI, that agreement will control to the extent it conflicts with this document.
Goal AI provides a standalone platform that enables employees to create and join small wellbeing groups. The purpose of the Service is to support employee wellbeing, productivity, and social connection through employee‑led groups and simple weekly activities. The Service uses artificial intelligence for a limited set of features. AI is used to generate group names, descriptions, and activity ideas based on user inputs. Users do not interact with AI through a chat interface.
If you do not agree to this agreement, you must not use the Service.
Terms of Use
1. Eligibility and Access
Use of the Service is limited to individuals who are at least eighteen years of age and who are authorized by their employer or sponsoring organization to access the Service. You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account.
2. Roles and Group Features
All users are members by default. A user who chooses to start a group is designated as the leader of that specific group. Leaders may define the group name and summary, select or update weekly activities, and close or archive the group. Members and leaders otherwise have the same capabilities within the Service.
3. User Content and Ownership
You retain ownership of the information and content that you submit to the Service. You grant Goal AI a limited, non‑exclusive license to host, process, and display your content only as necessary to operate and provide the Service, to comply with law, and to perform support, security, and maintenance functions. Goal AI owns the Service, including its software, designs, documentation, and machine‑generated content that is produced by the platform, except that Goal AI does not claim ownership in your input.
4. Acceptable Use
You agree not to use the Service in any unlawful or abusive manner. Prohibited conduct includes harassment, threats, hateful or discriminatory content, sexually explicit or violent content, doxxing, impersonation, infringement of the rights of others, distribution of malware, automated scraping or data harvesting that is not permitted by the Service, attempts to bypass or undermine security, and any activity that interferes with the operation of the Service.
5. AI Features and Limitations
The Service uses artificial intelligence to generate group names, descriptions, and activities based on user‑provided onboarding inputs and group context. AI outputs may be inaccurate or incomplete and should be reviewed for appropriateness by users before use. The Service does not provide medical or legal advice and is not a crisis or emergency service. In an emergency, users should contact local emergency services or their employer’s designated resources.
6. Third‑Party Services
The Service may interoperate with or incorporate third‑party services for hosting, analytics, messaging, logging, or similar functions. Those third parties act as service providers under contract and are required to protect personal information and to use it only for the provision of their services to Goal AI.
7. Beta or Preview Features
Goal AI may offer features that are identified as beta, preview, or experimental. Such features are provided on an as‑is basis and may be modified or discontinued at any time.
8. Suspension and Termination
Goal AI may suspend or terminate a user’s access to the Service if there is a violation of this agreement, a security or operational risk, a request by the sponsoring employer, or as required by law. You may stop using the Service at any time. Goal AI may retain limited records as described in the Privacy Notice.
9. Disclaimers
To the fullest extent permitted by law, the Service is provided on an as‑is and as‑available basis. Goal AI disclaims all warranties that are not expressly stated in this agreement, including implied warranties of merchantability, fitness for a particular purpose, and non‑infringement. Goal AI does not warrant that the Service will be uninterrupted, error‑free, or free of harmful components. Goal AI does not guarantee any particular outcome from the use of the Service. A user’s use of the Service and implementation of any information or suggestions provided by the Service is at the user's own risk.
10. Limitation of Liability
To the fullest extent permitted by law, Goal AI will not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or relating to the Service or this agreement. Goal AI’s total aggregate liability to you for all claims of any kind arising out of or relating to the Service or this agreement will not exceed one hundred dollars. If your employer has a separate written agreement with Goal AI, the liability terms in that agreement will govern the relationship between Goal AI and the employer.
11. Indemnification
You agree to indemnify and hold harmless Goal AI and its officers, directors, employees, and agents from and against any third‑party claims, liabilities, damages, losses, and expenses, including but not limited to reasonable attorneys’ fees and other litigation expenses, arising from your unlawful use of the Service or your posting of content that violates this agreement or the rights of others.
12. Governing Law and Venue
This agreement is governed by the laws of the State of New York without regard to its conflict of laws rules. You agree that the state and federal courts located in New York County, New York will have exclusive jurisdiction for any dispute not subject to another agreement between Goal AI and your employer.
13. Changes to this Agreement
Goal AI may modify this agreement from time to time. The effective date at the top of this document will indicate the date of the most recent changes. For material changes, Goal AI will provide reasonable notice through the Service or by other appropriate means. Continued use of the Service after changes take effect constitutes acceptance of the updated agreement.
14. Contact
Questions about these Terms of Use may be directed to Goal AI at the contact details provided at the end of this document.
Privacy Notice
1. Scope
This Privacy Notice explains how Goal AI collects, uses, discloses, and protects personal information in connection with the Service, including websites, mobile and web applications, and interactions with Goal AI support.
2. Core Principles
Goal AI does not sell personal information. Goal AI does not share personal information for cross‑context behavioral advertising. Goal AI provides employer reporting only in aggregate and de‑identified form. Goal AI does not disclose individual messages, notes, or detailed activity trails to employers.
3. Categories of Information Collected
Goal AI collects the following categories of information, depending on how you use the Service.
First, account and identity information. This may include full name, preferred name, work email address, employee identifier, and single sign‑on identifier. You may optionally provide a telephone number and general location such as city, state, and country.
Second, onboarding and profile inputs that you choose to provide. This may include your wellbeing goal stated in your own words, your preferred approaches to achieving that goal such as increased exercise or nutrition changes, and a description of the types of group members you believe would be helpful to your success, such as career stage or responsibilities. You are not required to provide sensitive traits or demographic data. Goal AI discourages the submission of sensitive traits.
Third, group content and interactions. This may include the names and descriptions of groups you create or join, weekly activities, posts, reactions, files, and related group activity within the Service.
Fourth, device and usage information. This may include device and browser characteristics, application version, internet protocol address, event logs, and session timestamps that are generated by your device when you use the Service.
Fifth, support communications. This may include emails, support tickets, and limited transcripts of communications with Goal AI support.
Sixth, inferences that are derived from other information. This may include topic or interest groupings generated to personalize your experience and to improve the Service.
4. Purposes of Processing
Goal AI processes personal information for the following purposes.
To provide, operate, and secure the Service and its group features.
To personalize group recommendations and to generate group names, descriptions, and activity ideas based on the information you choose to provide.
To support users and administrators and to maintain and improve the Service.
To measure engagement and to produce de‑identified and aggregate analytics and employer reporting.
To detect, investigate, and prevent fraud, abuse, and security incidents.
To comply with legal obligations, to enforce terms, and to protect the rights and safety of users and others.
5. Basis for Processing
Where required by law, Goal AI relies on one or more lawful bases for processing, including performance of a contract, legitimate interests such as security and analytics, and consent for optional inputs and certain notifications. You may withdraw consent at any time. If you withdraw consent for information that is necessary to provide the Service, some features may no longer be available.
6. AI‑Related Disclosures
AI is used to generate group names, descriptions, and activity ideas. Goal AI does not use demographic or sensitive attributes to drive AI outputs. AI does not make decisions related to employment or ethics. AI outputs are grounded in structured inputs provided by users. Goal AI applies human review on a sample basis and conducts regular manual reviews to improve quality and reduce bias risk.
For AI inference, Goal AI transmits only the minimum information needed to generate the requested content. Goal AI configures requests so that personal identifiers are not included in the AI prompt. Goal AI does not permit model providers to use customer data to train publicly available foundation models. Calls to model providers are handled in a stateless manner and are configured so that providers do not retain content for their own product improvement.
Goal AI reviews AI system performance on at least a quarterly basis and tests for changes in underlying models on at least a weekly cadence. The Service provides clear indicators when AI is generating content.
7. Sharing of Information
Goal AI shares personal information with service providers that perform services on its behalf. These providers are bound by contractual obligations to protect personal information and to use it only to provide services to Goal AI.
Goal AI shares information with the sponsoring employer only in de‑identified and aggregate form, for example participation counts and the adoption of activities across a population. Goal AI may disclose limited identifiers to the employer or its administrators solely to confirm eligibility or to resolve support requests.
Goal AI may disclose information as required by law or legal process, to protect the rights and safety of users or others, and in connection with a merger, acquisition, or other corporate transaction. Any successor entity will be required to honor this Privacy Notice with respect to information already collected.
Goal AI does not sell personal information. Goal AI does not share personal information for cross‑context behavioral advertising.
8. Cookies and Similar Technologies
The Service uses essential cookies and limited analytics to operate and understand how features are used. Cookies are small text files which are placed on your browser when you visit a website, open or click on an email, or interact with an advertisement. The in‑product experience does not use advertising cookies. Marketing websites may use analytics cookies. You can control cookies through your browser settings, although disabling certain cookies may affect functionality. The Service does not respond to Do Not Track signals.
9. Security
Goal AI uses administrative, technical, and physical safeguards that are designed to protect personal information. These include encryption in transit and at rest, role‑based access, least privilege, logging, and regular backups. Access to systems is reviewed regularly. Goal AI aligns its information security program with recognized frameworks. Hosting and core platform providers maintain independent attestations appropriate to their services. Nevertheless, transmission via the Internet is not completely secure, and Goal AI cannot guarantee absolute security of user’s personal information .
10. International Transfers
Goal AI stores and processes information in the United States and may transfer information to other locations as necessary to provide the Service. Where required, Goal AI uses appropriate transfer mechanisms such as standard contractual clauses and related measures.
11. Retention and Deletion
Goal AI retains personal information for the duration of the customer relationship and as necessary to provide the Service, comply with our legal obligations,resolve disputes, prevent fraud and enforce contracts. If an account becomes inactive, Goal AI retains personal information for twelve months unless deletion is expressly requested. The purpose of retention for inactive accounts is to support audits, preserve continuity of shared content and group history, and facilitate account reactivation.
Upon termination of a customer contract, Goal AI retains user‑specific data for thirty days and then securely purges it. Operational logs are retained for security and diagnostic purposes and are designed not to contain personal information.
You may request deletion of your account data by contacting support as described below. Goal AI will verify your identity and implement your request in accordance with applicable law and contractual commitments.
12. Your Choices and Rights
You may have rights under applicable law to access, correct, delete, or receive a copy of your personal information, to restrict or object to certain processing, and to appeal a decision concerning your request. Residents of certain United States jurisdictions have rights under state privacy laws. Residents of the European Economic Area, the United Kingdom, and Switzerland have rights under regional data protection laws (See below). Goal AI does not sell personal information and does not share personal information for cross‑context behavioral advertising, so opt‑out rights for those activities do not apply.
You may submit a privacy request, including a request to opt-out of receiving emails, by contacting Goal AI using the contact information below. Goal AI will verify your identity and respond within the time periods required by law. You may authorize an agent to act on your behalf where permitted by law.
13. Children
The Service is intended for use by adults who are at least eighteen years of age. Goal AI does not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children.
14. Subprocessors and Vendors
Goal AI uses subprocessors and vendors to support hosting, analytics, messaging, logging, and similar functions. A current list is available on request. Goal AI maintains contracts with these providers that require confidentiality, appropriate security, and processing only for the purposes of providing services to Goal AI.
15. Incident Response and Business Continuity
Goal AI maintains a written incident response plan that assigns responsibilities, defines escalation, and addresses notification to affected customers in accordance with applicable data breach laws. Goal AI conducts exercises of its plans and maintains business continuity and disaster recovery capabilities that are tested and updated on a regular cadence.
16. Information We Do Not Seek
Goal AI does not seek to collect biometric identifiers. Goal AI does not require protected health information as defined by the Health Insurance Portability and Accountability Act. Users should not upload highly confidential information to the Service.
17. California Residents
These additional rights and disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated.
Note that these rights and disclosures only apply to personal information we collect where we control the purposes and means of collection. Any questions or requests that you have relating to the processing of personal data by us on behalf of a client should be directed to the relevant client. We will support the client to the extent required by applicable law in responding to your request.
Notice at Collection
At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:
● For the categories of personal information we have collected in the past 12 months, see the Categories of Information Collected section above.
● For the categories of sources from which personal information is collected, see the Categories of Information We Collect section above.
● For the specific business and commercial purposes for collecting and using personal information, see the Purposes of Processing section above.
● For the categories of third parties to whom information is disclosed, see the Sharing ofInformation section above.
● For the criteria used to determine the period of time information will be retained, see the Retention and Deletion section above.
We do not sell your personal information as that term is traditionally understood. However, some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents. For details on your rights regarding sales and shares, please see the Right to Opt-Out of Sales and Shares section below.
Rights to Know, Correct, and Delete
You have the following rights under the CPRA:
● The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
● The right to correct inaccurate personal information that we maintain about you.
● The right to delete personal information we have collected from you.
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
Right to Opt-Out of Sales and Shares
To the extent we sell or share your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your personal information. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the Your Choices and Rights section above.
Authorized Agent
You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
Shine the Light
Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclose such information. To make a request, please write to us at the email or postal address set out in the Contact Us section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
18. Other States with Comprehensive Data Privacy Laws
These additional rights and disclosures apply only to residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Tennessee, Texas, Utah, and Virginia. Those states have all adopted comprehensive data privacy laws. In addition, Maryland and Rhode Island have adopted comprehensive data protection laws that will go into effect in 2025 and 2026, and Maine, Michigan, Nevada, New York, Vermont and Washington have adopted consumer privacy laws. Terms used below have the meaning ascribed to them in the Colorado Privacy Act, the Connecticut Data Privacy Act , the Delaware Personal Data Privacy Act, the Indiana Consumer Data Protection Act, the Iowa Consumer Data Protection Act, the Kentucky Consumer Data Act, the Minnesota Consumer Data Privacy Act, the Montana Consumer Data Privacy Act, the Nebraska Data Privacy Act, the New Jersey Data Privacy Act, the New Hampshire Privacy Act, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act , and the Virginia Consumer Data Protection Act, as applicable.
Note that these rights and disclosures only apply to personal data we collect where we control the purposes and means of collection. Any questions or requests that users have relating to the processing of personal data by us should be directed to the user’s employer. We will support the employer to the extent required by applicable law in responding to a user’s request.
You may have the following rights under applicable state law:
● To confirm whether or not we are processing your personal data
● To access your personal data
● To correct inaccuracies in your personal data
● To delete your personal data
● To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
To exercise any of these rights, please follow the instructions for data subject requests in the Your Choices and Rights section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Right to Opt-Out of Sales and Targeted Advertising
You also may have the right to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the Your Choices and Rights section above.
Authorized Agent
You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
Appeals
If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at support@goal.ai and specifying your wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:
● For Colorado residents, to the Colorado AG at https://coag.gov/file-complaint/
● For Connecticut residents, to the Connecticut AG at https://www.dir.ct.gov/ag/complaint/
● For Virginia residents, to the AG at https://www.oag.state.va.us/consumercomplaintform
Nevada
If you are a Nevada consumer, you have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the Your Choices and Rights section above.
19. European Economic Area, Switzerland, and United Kingdom
These additional disclosures and rights apply only to individuals located in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). Terms have the meaning ascribed to them in the General Data Protection Regulation (“GDPR”), the Data Protection Act 2019 (United Kingdom) and the Federal Act on Data Protection (Switzerland).
Roles
Goal AI acts as a controller with respect to personal data collected as you interact with our Service. Any questions or requests that you have relating to the processing of personal data by us should be directed to us.
Lawful Basis for Processing
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate or suitable safeguards, such as standard contractual clauses.
Data Subject Requests
You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, please follow the instructions for data subject requests in the Your Choices and Rights section above. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. For details on our retention practices for personal data, see the Retention and Deletion section above.
You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.
20. Changes to this Privacy Notice
Goal AI may modify this Privacy Notice from time to time. The effective date at the top of this document reflects the date of the most recent changes. For material changes, Goal AI will provide reasonable notice through the Service or by other appropriate means. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Notice.
21. Contact Information
You may contact Goal AI regarding privacy or data protection matters at the following e-mail address: support@goal.ai.