Privacy Policy

1. Introduction

Guidely ("Company," "we," "us," or "our") operates the Guidely website, Chrome extension, web dashboard, and related services (collectively, "the Service"). This Privacy Policy explains how we collect, use, process, store, share, and protect your personal data. This policy applies to all users of the Service, regardless of location or method of access. By using the Service, you acknowledge that you have read, understood, and consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: full name, email address, and password (or third-party authentication tokens via Google OAuth) when you create an account
• Profile information: display name, avatar, organization name, and role within your workspace
• Guide content: step titles, descriptions, configurations, edits, and any text you input into guides
• Payment information: billing name, billing address, and payment card details processed by our third-party payment processor. We do not directly store full payment card numbers on our servers
• Communications: messages sent to our support team, feedback submissions, and survey responses
• AI interactions: all queries, prompts, and messages you submit to the AI chat feature

2.2 Information Collected Automatically

• Usage data: features used, guides created, guides completed, guides skipped, pages visited within the Service, buttons clicked, session duration, and interaction patterns
• Device information: browser type and version, operating system, screen resolution, device type, language settings, and time zone
• Log data: IP address, access times, referring URLs, exit pages, crash reports, and error logs
• Analytics data: we use PostHog for product analytics, which collects anonymized usage events, session recordings (web dashboard only, not on third-party sites), and feature flag evaluations

2.3 Chrome Extension Data

Our Chrome extension requires broad host permissions to function on any website. You expressly acknowledge and consent to the following data collection during active use:

• During recording: click positions and coordinates, element metadata (HTML tag, visible text, ARIA attributes, CSS selectors, element IDs, class names), element fingerprints (20+ signals including structural position, parent context, neighboring elements, visual properties, and semantic attributes), screenshots of the visible browser tab at each step, and page URLs of every page visited during the session
• During guide playback: DOM element queries to locate and highlight target elements, page URL verification, and completion/interaction events
• During AI chat: visible page content (headings, navigation elements, buttons, form fields, links, and structural elements) sent to our AI service. This may include text content visible on the page at the time of the query
• During AI guide generation: comprehensive DOM scanning of the current page, including element hierarchy, interactive elements, text content, and page structure

We do not passively monitor your browsing activity, collect general browsing history, or track you across websites when Guidely features are not actively in use. However, you acknowledge that during active use of any Guidely feature, substantial page data is collected, processed, and transmitted to our servers and third-party services.

2.4 Information from Third Parties

• Google OAuth: if you sign in via Google, we receive your name, email address, and profile picture from Google
• Team invitations: if someone invites you to a workspace, we receive your email address from the inviting user

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

• Contract performance: processing necessary to provide the Service you have requested (account management, guide creation, playback)
• Legitimate interests: analytics, fraud prevention, security, service improvement, and direct marketing to existing customers
• Consent: where required, such as for non-essential cookies and certain data transfers
• Legal obligation: processing necessary to comply with applicable laws and regulations

4. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, maintain, and improve the Service
• Record user interactions and generate AI-powered interactive guides
• Store and deliver guide configurations, screenshots, and associated data
• Provide analytics on guide completion, team progress, and usage patterns
• Process payments and manage subscriptions
• Send transactional communications (account confirmation, password resets, security alerts, billing notifications)
• Send promotional communications (you may opt out at any time)
• Improve and develop new features, products, and services
• Detect, prevent, and investigate fraud, abuse, security incidents, and technical issues
• Generate aggregated, anonymized, or de-identified data for analytics, benchmarking, and research purposes
• Comply with legal obligations, enforce our Terms of Service, and protect our rights
• Personalize your experience and provide tailored content

5. Data Sharing and Third Parties

We do not sell your personal data to third parties. However, we may share your information in the following circumstances:

• Service providers and subprocessors: we share data with third parties that help us operate the Service, including:
  • Vercel — web application hosting and CDN
  • Supabase — database, authentication, and file storage
  • Anthropic — AI processing for guide generation and chat
  • PostHog — product analytics and session recording
  • Payment processors — subscription and billing management
• Workspace members: guides, completion data, and limited profile information are shared with members of your workspace as part of the Service's core functionality
• Legal compliance: when required by law, legal process, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, safety, or property, or the rights, safety, or property of others
• Business transfers: in connection with a merger, acquisition, reorganization, bankruptcy, sale of assets, or similar transaction. Your data may be transferred to the acquiring entity, and you will be notified of any such transfer
• Aggregated and anonymized data: we may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for any purpose including research, industry analysis, and marketing
• With your consent: in other cases where we have obtained your explicit consent

6. AI Processing

7. Data Storage and Security

Your data is stored using industry-standard practices:

• Account data and guide configurations are stored in Supabase (PostgreSQL with row-level security)
• Screenshots and media are stored in Supabase Storage with access controls
• All data is transmitted over HTTPS/TLS encryption
• We implement access controls, authentication, monitoring, and regular security reviews

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot and do not guarantee absolute security. You acknowledge and accept the inherent risks of transmitting data over the internet. In the event of a data breach, we shall not be liable for any damages arising from unauthorized access to your data, except to the extent required by applicable law. See our Security page for more details.

8. Data Retention

We retain your data according to the following schedule:

• Account data: retained for as long as your account is active, plus 30 days after deletion
• Guide data (screenshots, configurations, analytics): retained for the duration of your account. Deleted guides are removed within 30 days
• AI interaction logs: retained for up to 12 months for debugging and abuse prevention
• Analytics data: retained for up to 24 months in anonymized form
• Billing records: retained for up to 7 years as required by tax and financial regulations
• Server logs: retained for up to 90 days

When you delete your account, all personally identifiable data is removed within 30 days, except where longer retention is required by law, necessary to resolve disputes, or needed to enforce our agreements. Aggregated and anonymized data derived from your usage may be retained indefinitely.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data (subject to legal retention requirements)
• Portability: request your data in a structured, commonly used, machine-readable format
• Restriction: request that we restrict processing of your data in certain circumstances
• Objection: object to processing based on legitimate interests or for direct marketing
• Withdraw consent: where processing is based on consent, withdraw it at any time (without affecting the lawfulness of prior processing)
• Non-discrimination: we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at privacy@useguidely.com. We will respond within 30 days (or as required by applicable law). We may require verification of your identity before processing your request. We reserve the right to deny requests that are unreasonable, repetitive, or technically impractical.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: you may request the categories and specific pieces of personal information we have collected, the sources of collection, the purposes, and the categories of third parties with whom we share it
• Right to Delete: you may request deletion of your personal information, subject to certain exceptions
• Right to Correct: you may request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: we do not sell or share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information: you may limit the use and disclosure of sensitive personal information

To exercise these rights, contact us at privacy@useguidely.com. We will not discriminate against you for exercising your CCPA/CPRA rights.

11. Cookies and Local Storage

The Service uses essential cookies for authentication and session management, and analytics cookies for product improvement. The Chrome extension uses chrome.storage.local (not cookies) for recording state, preferences, and cached data. For full details about the cookies and similar technologies we use, please see our Cookie Policy. By using the Service, you consent to our use of cookies as described in the Cookie Policy.

12. Children's Privacy

The Service is intended for use by individuals who are at least 18 years of age. We do not knowingly collect, use, or disclose personal data from anyone under 18 years of age. If we become aware that we have collected data from a minor, we will take prompt steps to delete it. If you believe a minor has provided us with personal data, please contact us immediately at privacy@useguidely.com.

13. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate, including but not limited to countries that may not provide the same level of data protection as your home country. By using the Service, you explicitly and irrevocably consent to the transfer, processing, and storage of your data in the United States and other jurisdictions. We will take commercially reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, but we cannot guarantee that foreign jurisdictions will provide equivalent data protection to your home jurisdiction.

14. Automated Decision-Making

The Service uses AI and automated processing to generate guide content, provide contextual assistance, and deliver analytics. These automated processes do not make legally binding decisions about you. However, AI-generated content is used in employee training contexts, and you acknowledge that such content should always be reviewed by a human before distribution. If you have concerns about automated processing, contact us at privacy@useguidely.com.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law. Notification will be provided without undue delay and, where feasible, within 72 hours of becoming aware of the breach. However, we shall not be liable for any damages arising from a data breach beyond what is required by applicable law, and our total liability in connection with any data breach is subject to the limitations set forth in our Terms of Service.

16. Changes to This Policy

We may update this Privacy Policy at any time, at our sole discretion. Changes become effective immediately upon posting the updated policy. We will update the "Last updated" date at the top of this page. For material changes, we may provide additional notice via email or an in-app notification, but we are not obligated to do so. It is your sole responsibility to review this policy periodically. Your continued use of the Service after any changes constitutes your irrevocable acceptance of the updated policy. If you do not agree to the updated policy, your only remedy is to discontinue use of the Service and delete your account.

17. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

If you are located in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.