Goonova
AboutBlog
Get the app

Privacy Policy

Last updated: May 22, 2026

This Privacy Policy (this "Privacy Policy") describes and governs the manner in which Northwind Jack Co., Ltd., a company incorporated under the laws of Thailand ("we", "us", "our" or the "Company"), the operator of the Goonova mobile application, collects, uses, maintains and discloses information about you when you use our mobile application and other online services (the "Services").

Please read this Privacy Policy carefully before you start to use the Services. By accessing and/or using the Services, you accept and agree to be bound and abide by this Privacy Policy, and our Terms of Service (the "Terms of Service") incorporated herein by reference and to comply with all applicable laws, rules and regulations (collectively, "Applicable Law"). If you do not want to agree to this Privacy Policy, and the Terms of Service, you must not access or use the Services.

Personal Information We Collect

We may collect personal information from you in a variety of ways, including the following key categories and types of personal information:

  • Contact information and profile data: Display name, birth year, selected avatar, public friend ID, and Apple ID or Google account identifier used for authentication, as well as any information you choose to include in your profile.

  • Onboarding and wellness data: Information you provide during onboarding and ongoing use of the Services, including how you heard about Goonova, your current approach to wellness, pornography usage patterns, current and target session frequency, post-session emotional states, and your primary wellness goal.

  • Session data: Session logs you create, including date, time, duration, stroke count, strokes-per-minute averages and peaks, an overall session score, separate energy / mindfulness / satisfaction sub-scores, per-session pornography usage, and any free-text notes you choose to add. Sessions may also include biometric time-series data (see "Biometric Data" below).

  • Biometric data: See "Apple Watch, Garmin & Biometric Data" below.

  • Payment and transactional data: Information about any transaction you conduct using our Services, including subscription and purchase history. We do not have access to payment card numbers; our payment processors (Apple App Store via RevenueCat) collect and process that information under their own agreements and privacy policies.

  • AI Coaching Insights output: The most recent AI-generated coaching report we produce for your account (see "AI Coaching Insights & Third-Party AI Partners" below).

  • IP address and inferred country: When you access the Services, we receive your IP address (as a normal part of any network request) and store it on your authenticated session record. We infer your country or general region from this IP address to understand which countries our users come from. We do not collect precise GPS or device location data.

  • Inferences: We may make inferences based on the information we collect.

Not Protected Health Information Under HIPAA

The Company is not a "covered entity" or "business associate" as defined under the U.S. Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The health-adjacent information you provide through the Services (including session data and Biometric Data such as heart rate from connected devices) is not protected health information ("PHI") subject to HIPAA protections, and is governed solely by this Privacy Policy and applicable data-protection laws (such as Thailand's PDPA and applicable U.S. state privacy laws). You should not use the Services to store or transmit information that you believe requires HIPAA-level protection.

Apple Watch, Garmin & Biometric Data

With your permission, our companion watch apps collect certain biometric and activity information about you during sessions and stream it back to Goonova. This information may include heart rate samples, motion data, and derived metrics such as strokes per minute. The biometric information you permit us to access in connection with the Services is collectively referred to as "Biometric Data." See "Where Your Information Is Stored" below for information regarding where your Biometric Data is stored.

Apple Watch. Our Apple Watch app uses Apple HealthKit on the watch to read your live heart rate during an active session and to record the session as a workout in Apple Health, and uses Apple's Core Motion APIs to detect strokes from the watch's motion sensors. The relevant Apple permissions ("Goonova reads your heart rate during sessions to track workout intensity," "Goonova saves workout sessions to Apple Health," and "Goonova uses motion data to track your stroke rate during sessions") are requested the first time you start an Apple Watch session, and you may revoke them at any time from the Apple Health app or Settings on your iPhone or watch. Live heart rate and motion samples are streamed from the watch to your iPhone using Apple's WatchConnectivity framework. We do not read any other categories of data from Apple HealthKit, and we do not write any data other than the workout record for the session you just completed.

Garmin. A Garmin Connect IQ watch app is in development and not yet released. When available, it will run directly on your Garmin device, will collect the same categories of session metrics as the Apple Watch app (heart rate, motion-derived strokes per minute, duration, timestamps), and will send those metrics directly to Goonova during a session. This integration is not a connection to the Garmin Connect cloud service; we do not request OAuth access to your Garmin Connect account and we do not import data from it.

For App Store nutrition-label purposes, the "Health" and "Fitness" data types we declare reflect the heart rate and session/activity metrics we receive from your Apple Watch (and, in the future, from a Garmin device running our Connect IQ app).

How We Collect Your Personal Information

We collect personal information from the following sources:

  • Directly. We collect personal information directly from you. When you register for the Services via Apple Sign-In or Google Sign-In, submit information through the app, or otherwise communicate with us or our support personnel, you may provide us with information, for example, your display name and birth year. We also collect Biometric Data about you by importing information from a connected Apple Watch (see above). By providing us with this information or allowing us access to your Apple Watch data, you consent to your information being collected, used, disclosed, processed and stored by us in accordance with this Privacy Policy.

  • From connected devices. We collect Biometric Data about you during sessions via the Goonova Apple Watch app, and (in the future, once released) via the Goonova Garmin Connect IQ watch app. Imported Biometric Data is processed in real-time during sessions to provide session metrics, persisted on the resulting session record, and (only if you have provided the separate, optional AI-processing consent at sign-up or in Privacy & Friends) is also processed through our third-party cloud hosting and large language model partners to deliver AI Coaching Insights. By providing us with this information or allowing us access to your watch's sensor data, you consent to your information being collected, used, disclosed, processed, and stored by us in accordance with this Privacy Policy.

  • From analytics and diagnostics services. We collect usage information through PostHog, our product-analytics provider, both inside the Goonova mobile application and on our public website at goonova.com. Across both surfaces, PostHog records anonymized session replays of your navigation to help us reproduce bugs and improve the user experience, along with crash and exception events. Text inputs in form fields are masked at capture time on both the mobile app and the website.

    In the mobile app, PostHog additionally records app open / lifecycle events, screen views, and in-app touch / tap interactions ("autocapture"). Screens and components that display sensitive information (including heart rate, session scores (energy / mindfulness / satisfaction / overall), strokes-per-minute, the per-session pornography-usage flag, share cards, and leaderboard stroke counts) are wrapped with a privacy mask that hides their content from the replay. Other on-screen content (general navigation, generic UI chrome) may appear in those replays. You may opt out of all PostHog capture (including session replays) inside the mobile app at any time via the "Share Product Analytics" toggle in Privacy & Friends, which stops further PostHog capture on your device.

    On the website, PostHog additionally records page views and page-leave events; click / tap autocapture is disabled on the website, so individual interactions outside of explicit page navigation are not captured. The website only displays public marketing, legal, and community-invite pages and does not display the sensitive in-app categories listed above, so the in-app privacy mask wrapper is not required there. Because the website does not require an account, there is no in-page analytics toggle; you can prevent PostHog capture on the website by using your browser's tracker-blocking or cookie controls, or by clearing cookies for the goonova.com domain.

    PostHog acts as our data processor under contract: replay data is accessed only by our engineering team for diagnostic and product-improvement purposes, is never used for advertising or marketing, is not sold, and is not shared with third parties for use-based data mining or profiling. Separately, we use Sentry to collect crash-and-performance diagnostic data so that we can fix problems with the app; Sentry session replays are recorded only when an error occurs (no random sampling of healthy sessions), the user context attached to Sentry events is gated on the same "Share Product Analytics" toggle, and the same privacy-mask wrapper applies to those replays as well.

Where Your Information Is Stored

  • Personal information and user-generated data. Profile data (such as display name, birth year, and authentication identifiers) and user-generated data (such as session logs, goals, and wellness preferences) are stored using secure third-party cloud hosting providers so that this information can sync across devices and support your use of the Services.

  • Biometric Data. Imported Biometric Data (such as heart rate and motion data from your Apple Watch) is processed in real-time during sessions to calculate session metrics. Both the aggregate metrics derived from the session (such as average and peak heart rate) and the underlying biometric time-series for that session (a per-session list of heart rate and motion samples) are stored alongside the session record so that you can review and visualize the session later. This data may be transmitted in pseudonymized form (with your directly identifying account fields removed) to our third-party cloud hosting and large language model partners to generate AI Coaching Insights, as described below.

  • AI Coaching Insights. AI Coaching Insights are an optional, opt-in feature that runs on the separate AI-processing consent you provide at sign-up (via a dedicated AI-Coaching consent prompt that is not bundled with Terms of Service or Privacy Policy acceptance) or that you toggle on later in Privacy & Friends. With that consent, certain pseudonymized session data (with directly identifying account fields removed) is transmitted through our third-party cloud hosting and large language model partners in order to generate AI-powered responses and coaching. Only the minimum relevant information necessary to generate a response is transmitted. Once such data is processed through those partners, it is subject to their systems and safeguards. You may withdraw your consent at any time from the Privacy & Friends settings; withdrawal only pauses the Insight tab and does not end your access to the Services or affect your subscription.

  • Photos. Session summary cards that you choose to save are stored locally on your device's photo library. We do not upload or store these images on our servers.

To provide the Services, we store and process your personal data on secure cloud servers. By using the Services or otherwise providing information to us, you understand and consent to having any personal information transferred to and processed on our servers. Your data may be transferred to and processed in countries other than Thailand, including the United States. You understand that such countries may not provide the same level of data protections as the laws in your country. In certain circumstances, law enforcement or regulatory agencies, courts or security authorities may be entitled to access your personal information.

How We Use Collected Information

We may collect and use your personal information for the following purposes:

  • To provide the Services. We use personal data and your imported Biometric Data referenced above for purposes of providing our Services, including session tracking, goal monitoring, and social features.

  • To perform analysis. We may use your session data and Biometric Data to benefit you and improve the insights we provide with our Services. When feasible, we do this using data that has been processed to protect your privacy.

  • To provide and improve customer service. We use your information to answer your questions and respond to your requests and inquiries, notify you of changes to the Services and improve and maintain functionality of our Services.

  • For analytical purposes. We may also use your activity on our Services in an anonymized and aggregate way in order to improve our Services. We may also use your information to protect the Company, our Services, and to prevent fraud, theft and misconduct.

  • Restrictions. We do not use Biometric Data or session data for advertising or marketing purposes.

To Whom We Share Your Personal Information

  • With service providers. We share information with vendors and contractors who help us provide, maintain, and improve the Services, such as cloud hosting providers, technology partners, analytics providers, and subscription management services. If you opt in to AI Coaching Insights, we share certain pseudonymized session data with our third-party cloud hosting and large language model partners to generate that opt-in feature. Except as described above (e.g., for cloud storage to support your use of the Services, or for AI processing if you opt in), we do not share your Biometric Data or session data with third parties. When shared, data is limited to what is reasonably necessary to provide the feature or service, and, where possible, is anonymized or de-identified.

  • With other users (at your direction). If you enable social features in your Privacy & Friends settings, certain information (such as your display name, session counts, online status, or session history) may be visible to other Goonova users you have connected with, according to your privacy settings.

  • With third parties at your direction or to support transactions. We may share your information with third parties with your consent or as requested by you, or in connection with a transaction you engage in through the Services.

  • As required by law. We may share your information with the appropriate authorities if we believe disclosure is in accordance with, or required by, any applicable law, including lawful requests by public authorities to meet national security or law enforcement requirements.

  • In corporate transactions. In the event of a financing, reorganization, merger, or sale of the Company, we may transfer your personal information to the relevant third parties involved in the transaction. Any such recipients will be required to protect your information under a nondisclosure agreement or comparable confidentiality obligation.

How We Share Your Information

  • With your consent. We may disclose or share your information with your consent. We may obtain your consent in writing; online, through "click-through" agreements; when you accept the terms of use; orally, either in person or on the phone; or by other means.

  • In a business transfer. We may disclose or share your information as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.

  • To non-affiliated third parties. We may disclose or share your information with certain non-affiliated third parties for a variety of business purposes, including but not limited to facilitate your access and use of our Services. Those third parties may include, but may not be limited to internet service providers and other related professionals, data analytics providers, operating systems and platforms, and service providers who provide us a service.

  • For legal process and protection. We may disclose or share your information to satisfy any law, regulation, legal process, governmental request, or where we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:

    • Protect our rights or interests, property or safety or that of others;
    • In connection with claims, disputes, or litigation (in court or elsewhere); and
    • Protect users of our Services from fraudulent, abusive, or unlawful use of such Services.

AI Coaching Insights & Third-Party AI Partners

AI Coaching Insights is an optional, opt-in feature that uses generative AI to produce a short coaching report from patterns in your recent session data, displayed inside the Insight tab. It sits alongside the core Goonova experience rather than on top of it: the rest of the app works fully without it, and pausing the feature pauses only the Insight tab. Declining AI processing at sign-up, or withdrawing your consent later, has no effect on your subscription or your access to any other part of the Services.

How it works. When you open the Insight tab, we send a pseudonymized snapshot of your recent session data to our third-party cloud hosting and large language model partners. The provider returns a single coaching report consisting of a short read, a few highlighted wins, a few watch-outs, a tip, an optional goal note, and an optional anomaly note. We store the most recent report on our servers (one per account) so you can view it in the app. There is no multi-turn chat history; each time the report is regenerated it overwrites the previous one. The specific cloud hosting provider and underlying model are selected by us and may change over time as we evaluate other options; material changes to this Privacy Policy are governed by the "Changes to this Privacy Policy" section below. Your session data is not used to train the underlying AI models.

What we send. For each session included in the request, we send: date and weekday, start time, duration, the four session scores (energy, mindfulness, satisfaction, and an overall score), whether the session involved pornography, whether the session was tracked via a watch, average strokes-per-minute, average heart rate, and the free-text notes you wrote on the session (if any). We do not send your display name, email, birth year, friend ID, or any directly identifying account information. Because the notes field is sent verbatim, you should avoid writing directly identifying information about yourself or other people in your session notes.

Consent. Because AI Coaching Insights involves processing of session and health-related data, we obtain your express consent at sign-up via a separate, dedicated AI-consent prompt that is not bundled with your acceptance of these Terms of Service and Privacy Policy. You may decline this AI prompt at sign-up and still create a Goonova account; the rest of the Services (session logging, statistics, community, and Apple Watch sync) work without AI Coaching Insights.

Withdrawal of consent. You may withdraw your consent at any time from the "Share Data with AI Provider" toggle in Privacy & Friends. Withdrawal only pauses the AI Coaching Insights feature (the Insight tab). The rest of the Services, including any active subscription, continues to function. The Insight tab displays a "paused" empty state where you can re-grant consent in one tap to receive personalized coaching again. Please note, however, that any information previously shared with our cloud hosting and large language model partners may already have been transmitted to and stored within their systems, and withdrawing consent will not retroactively delete that past information held by those partners; see "How Long We Keep Your Information" for retention details, and contact us at support@goonova.com to request deletion.

Please note that AI Coaching Insights generates responses based on your inputs and session data, and those responses may be inaccurate, incomplete, or inconsistent. AI Coaching Insights does not provide medical advice and should never be relied upon as a substitute for professional medical care, diagnosis, or treatment. You should always consult a qualified physician or other licensed healthcare provider with any questions you may have regarding your health, medical conditions, or wellness decisions.

Protection of sexual-wellness information. Because Goonova is a sexual-wellness application, your session data may relate to sexual or reproductive health. We do not use this data, your Biometric Data, or any AI Coaching Insights inputs or outputs for advertising or marketing purposes, and we only share it with our third-party cloud hosting and large language model partners to the extent strictly necessary to deliver the AI Coaching Insights feature you have opted in to. You may withdraw that consent at any time from the "Share Data with AI Provider" toggle in Privacy & Friends.

We Do Not Sell Your Personal Information

Goonova does not sell your personal information for money. The third-party companies we engage to run the Services (cloud hosting, infrastructure, subscription processing, and similar back-end vendors) act on our behalf as processors; they handle data only to deliver the Services to you, not as buyers of your data.

If you choose to turn on AI Coaching Insights, we additionally hand a pseudonymized snapshot of your session data to the cloud hosting and large language model partners that power that feature, so they can produce your coaching report. That handoff happens only because you asked for the feature, only to deliver it to you, and you can stop it at any time by switching off the "Share Data with AI Provider" toggle in Privacy & Friends. Under California's Consumer Privacy Act (as amended) and similar state laws, this kind of handoff can be classified as "sharing" of personal information; the toggle is how you opt out of that "sharing." Regardless of where the toggle is set, we do not run cross-context behavioral advertising and we do not sell your personal information for money.

Your session data, Biometric Data, and any inputs or outputs of AI Coaching Insights are never used for advertising or marketing.

Third-Party Links and Websites

Our Services may contain links or other content from the websites and services of our partners, suppliers, and other third parties (collectively, the "Third-Party Services"). We do not control the content or links that appear on these Third-Party Services and are not responsible for the practices employed by such Third-Party Services. In addition, these Third-Party Services may have their own privacy policies and customer service policies. Browsing and interacting on any of these Third-Party Services are subject to such Third-Party Services' own terms and policies.

Your Choices

You have certain choices on how we treat your personal information, described below:

  • Modifications to personal information. You may review and request modifications to your personal information by editing your profile directly within the app or by contacting us at support@goonova.com. Please note that we will retain data for as long as it is reasonably necessary to fulfill the purpose for which it has been collected or as required or permitted by applicable law.

  • In-app privacy controls. Goonova provides granular privacy controls that allow you to manage your data sharing preferences, including: 24-hour stroke count visibility to friends (on/off), leaderboard participation (on/off), allow friend requests (on/off), Share Data with AI Provider (on/off), and Share Analytics (on/off, controlling whether anonymous usage events are sent to our analytics provider). These controls can be accessed and modified at any time in the Privacy & Friends section of your account settings.

  • AI Coaching Insights. AI Coaching Insights runs on the separate, optional consent you provide at sign-up (or accept later) for our third-party cloud hosting and large language model partners, as described in "AI Coaching Insights & Third-Party AI Partners" above. You may withdraw your consent at any time by turning off the "Share Data with AI Provider" toggle in Privacy & Friends. Withdrawal only pauses the Insight tab; the rest of the Services, including any active subscription, continues to function. You may re-grant consent in one tap to restore personalized coaching. Please note, however, that any information previously shared with those partners may already have been transmitted to and stored within their systems, and withdrawing consent may not delete or retract that past information held by them; see "How Long We Keep Your Information" for retention details, and contact us at support@goonova.com to request deletion.

  • Marketing communications. You can opt out of promotional marketing communications by contacting us at support@goonova.com or by using any unsubscribe link included in the message. If you opt out, we may still send you non-promotional communications, such as those about your account, subscriptions, security, or our ongoing business.

  • Tracking technology and cookies. Where we use web-based tracking technologies on our marketing site (such as analytics SDKs and cookies), most web browsers are set by default to accept cookies. You can usually set your browser to remove or reject cookies. On a mobile device, you may turn off part or all of app-level tracking through your device settings (for example, by enabling "Limit Ad Tracking" on iOS). Note that disabling certain tracking technologies may affect the availability or functionality of portions of the Services.

  • Ad choices. We do not currently run advertising-based monetization, do not engage in cross-context behavioral advertising, and do not share your session data or Biometric Data with advertising networks. If we use any third-party advertising or measurement technologies in the future, you may opt out via industry programs such as the Network Advertising Initiative (www.networkadvertising.org), the Digital Advertising Alliance (www.aboutads.info/choices), and AppChoices (www.aboutads.info/appchoices) for mobile apps.

  • Not providing personal information. You may choose not to provide personal information to us. However, if you do not provide personal information, we may not be able to offer you all or part of our Services.

Information Security

We use commercially reasonable security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, we cannot guarantee the complete safety of your information. It is your responsibility to keep your device and account credentials confidential.

Security Incident Notification

In the event of a security breach or unauthorized access to your personal information, we will notify you in accordance with applicable law, including Thailand's PDPA notification obligations and any applicable U.S. state breach-notification statutes. Where notification is required, we will provide it to the email address associated with your account within the timeframe mandated by applicable law. If you believe your account has been compromised, please contact us immediately at support@goonova.com.

How Long We Keep Your Information

We retain, store, and use your information for the least amount of time necessary to provide the Services, fulfill the purposes described in this Privacy Policy, and comply with applicable law. The table below summarizes the retention period for each principal category of personal data we process. Where a retention period refers to "deletion of your account," the period begins when you (or we) delete your account.

CategoryRetention period
Account and personal activity data (profile, onboarding answers, session records and their aggregate scores, post-session notes, wellness goals)Until account deletion, then deleted within 30 days
Biometric Data on session records (aggregate heart-rate / motion metrics and per-session biometric time-series)Stored alongside the session record; deleted with the session or on account deletion (within 30 days)
AI Coaching Insights report (the most recent regenerable report we store for your account)Replaced on each regeneration; deleted on AI-consent withdrawal or account deletion
Session inputs sent to our AI partners for QA / debuggingUp to 30 days on the partners' systems, then deleted
Operational and security metadata (authentication-session IP and user-agent, crash and performance diagnostics, PostHog session replays and autocaptured events, encrypted backup snapshots)Up to 90 days, then deleted or purged from backup storage
Subscription and purchase recordsUp to 7 years after the transaction, to comply with Thai tax and accounting record-keeping obligations
Anonymized, aggregated analytics and product-usage data (including IP-derived country statistics)Indefinite, for analytics and service-improvement purposes

If you delete your account, all data above (other than anonymized data and records we are legally required to keep) will be deleted within 30 days, with backup copies purged within an additional 90 days. We may retain a minimal record of the deletion event itself (such as the deleted account identifier and deletion timestamp) to honor your erasure request, prevent re-creation of a removed account, and demonstrate compliance with applicable law.

Where law requires longer retention (for example, accounting records under Thai law, or where data is the subject of a legal hold), we will retain the relevant data for the legally required period and protect it from further use beyond that purpose.

Our Services Are Not Intended For Minors

Our Services are strictly intended for users who are 18 years of age or older. Goonova is a sexual wellness application and is not directed to minors. All features of the Services are restricted to users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we obtain actual knowledge that we have collected such information from a person under 18, we will promptly delete it. If you believe we have mistakenly collected information from a person under 18, please contact us at support@goonova.com.

Thailand Personal Data Protection Act (PDPA)

Goonova processes personal data as a Data Controller under Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA").

Legal basis for processing. We process your personal data on the following legal bases under the PDPA:

  • Consent (PDPA Section 19; explicit consent under PDPA Section 26 for sensitive data): For processing of your session data and Biometric Data (including heart rate and motion data) by our third-party cloud hosting and large language model partners in order to generate AI Coaching Insights, and for processing of behavioral wellness data, we rely on your express consent, which you provide via a dedicated, separate AI-Coaching consent prompt at sign-up (and which is not bundled with Terms of Service or Privacy Policy acceptance). You may withdraw this consent at any time from the "Share Data with AI Provider" toggle in Privacy & Friends; withdrawal only pauses the Insight tab and does not end your access to the Services or affect your subscription.
  • Contract performance (PDPA Section 24(3)): To deliver the core account and Services you have requested (such as account creation, authentication, session tracking, social features you choose to enable, and subscription management).
  • Legitimate interests (PDPA Section 24(5)): For analytics, security, fraud prevention, and service improvement, balanced against your rights and interests.

Sensitive personal data. Health-related data (such as heart rate from connected devices) and behavioral wellness data is classified as sensitive personal data under PDPA Section 26. We process this data through our third-party cloud hosting and large language model partners only with your explicit consent, which you provide at sign-up by responding to the dedicated AI-Coaching consent prompt (separate from Terms of Service and Privacy Policy acceptance). You may withdraw this consent at any time from Privacy & Friends; withdrawal only pauses the Insight tab, and the rest of the Services (including any active subscription) continues to function.

Cross-border data transfers. Your data may be transferred to service providers operating outside Thailand (including the United States). We ensure such transfers are conducted under appropriate safeguards, including contractual protections consistent with PDPA requirements.

Your rights under the PDPA. If you are located in Thailand, you have the following rights:

  • Access. You can request more information about the personal data we hold about you and request a copy of such personal data.
  • Rectification. If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
  • Erasure. You can request that we erase your personal data from our systems.
  • Restriction of processing. You can ask us to restrict further processing of your personal data.
  • Data portability. You can ask for a copy of your personal data in a machine-readable format.
  • Objection. You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes.
  • Withdrawal of consent. If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. For AI Coaching Insights specifically, you may withdraw consent from the "Share Data with AI Provider" toggle in Privacy & Friends. Withdrawal only pauses the Insight tab; the rest of the Services (including any active subscription) continues to function. You may re-grant consent at any time. For other consent-based processing, withdrawal may mean we are unable to continue providing the related portions of the Services.

To exercise these rights, please contact our Data Protection Officer at support@goonova.com.

U.S. State-Specific Privacy Information

If you reside in any of the following states, you may be entitled to specific rights under applicable state data privacy laws: California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia.

  • Information: This Privacy Policy explains the categories of personal data we collect in the section titled "Personal Information We Collect," as well as the sources from which that data is obtained, described in the section "How We Collect Your Personal Information." The ways in which we use and disclose this information are described in "To Whom We Share Your Personal Information" and "How We Share Your Information."

  • Access: You can request a copy of the personal information that we hold about you.

  • Deletion: You can ask to delete personal information we have collected from you.

  • Correction: You may request that we correct or update any inaccuracies in your personal information.

  • Opt-out of sale and sharing of your personal information: You may direct us not to sell or share your personal information, or to stop processing it for purposes such as targeted advertising or profiling that produces legal or similarly significant effects. Note: we do not sell your personal information.

  • Appeal: If we deny a request you have made, you may be permitted to appeal our decision.

In addition, California law requires that we disclose, for the 12 months preceding the date of this Privacy Policy, whether we have "sold" or "shared" personal information. During that period, the Company has not sold any personal information. The Company has only disclosed personal information in the manner described in this Privacy Policy.

You have the right to exercise the choices described above without being subject to discriminatory treatment.

Exercising Your Rights (if applicable)

To exercise the rights set forth in the "U.S. State-Specific Privacy Information" section above, you can submit requests as follows:

  • To request access to, correction of, or deletion of personal information collected via your use of the Services, please email us at support@goonova.com.

  • To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional personal data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

  • You can empower an "authorized agent" to submit requests on your behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.

Please note that we are only required to honor requests to know twice in a 12-month period. We will respond to verified requests within forty-five (45) days of receipt. If we require additional time, we will notify you of the extension and the reason for the delay within the initial 45-day period, as permitted by applicable law.

Global Privacy Control and "Do Not Track"

If your browser or a browser extension you have installed broadcasts a Global Privacy Control ("GPC") opt-out preference signal, we treat it as a valid request to opt out of any sale or sharing of your personal information for that browser, to the extent applicable U.S. state privacy laws (including California's) require us to honor it. We do not separately act on browser-level "Do Not Track" ("DNT") signals, because the industry never converged on a single DNT standard and a DNT signal therefore does not give us a reliable instruction to follow. This section is provided to satisfy the notice requirement of the California Online Privacy Protection Act ("CalOPPA"). If you want to control how websites you visit (including third-party sites you might reach through links inside the Services) track your browsing, the privacy settings inside your browser are the right place to manage that.

Information for European Economic Area Residents

If you are a resident of the European Economic Area ("EEA"), you have certain rights and protections under applicable law regarding the processing of your personal information. The term "personal information" has the meaning given to it by the European General Data Protection Regulation ("GDPR"). When we process your personal information as described in this Privacy Policy, we will only do so when we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our legitimate interests (for example, our legitimate interest in providing the Services, responding to your inquiries) or the legitimate interest of others but will depend on the type of personal data and the specific context in which we process it.

Additionally, you may have certain rights with respect to your personal data, including:

  • Access. You can request more information about the personal data we hold about you and request a copy of such personal data.

  • Rectification. If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly through the app.

  • Erasure. You can request that we erase your personal data from our systems.

  • Withdrawal of consent. If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. For AI Coaching Insights specifically, you may withdraw consent from the "Share Data with AI Provider" toggle in Privacy & Friends. Withdrawal only pauses the Insight tab; the rest of the Services (including any active subscription) continues to function. You may re-grant consent at any time. For other consent-based processing, withdrawal may mean we are unable to continue providing the related portions of the Services.

  • Portability. You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

  • Objection. You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes.

  • Restriction of processing. You can ask us to restrict further processing of your personal data.

  • Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority in the relevant EEA member state, UK or Switzerland, as applicable, where you reside.

For more information about these rights, or to submit a request, please email support@goonova.com. Please note that in some circumstances, we may be allowed to wholly or partially decline your request in accordance with applicable data protection laws (including the GDPR), but in those circumstances, we will still respond to notify you of such a decision in accordance with the timescales under such laws.

Usage and Deletion of Personal Information

You may request what personal information we have collected, used and disclosed about you as well as the identity of the third parties to which we have disclosed your personal information. You may also request deletion of your personal information. Please note that we may not delete all of your information if: (1) we need it to complete a service as requested by you or perform under a contract we have with you; (2) we need such information to repair any errors to our Services or detect data security violations; or (3) we need such information to protect against fraud or illegal activity or to comply with applicable law. Please note that if we delete your personal information, we may not be able to provide you the Services with the same functionality.

To make any request for personal information or deletion, please send an email to support@goonova.com.

Changes to this Privacy Policy

We have the discretion to update this Privacy Policy at any time. We encourage you to frequently check this page for any changes. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications. Subject to applicable law, your continued use of our Services shall be deemed an acceptance of our revised policy.

If we make material changes to this Privacy Policy, we will provide reasonable advance notice before the change becomes effective by posting an announcement in the Mobile App or on our website, by sending an email to the address associated with your account, or by another comparable method. Material changes include, but are not limited to, changes to the categories of personal data we collect, the purposes for which we use or share it, the categories of third parties with whom we share it, the cloud hosting or large language model partners we use to deliver AI Coaching Insights, or your rights or choices with respect to your personal data.

You Can Contact Us

If you have any questions about this Privacy Policy, you can email us at support@goonova.com.

Northwind Jack Co., Ltd. Operator of Goonova No. 60/18, Kanya House Village, Moo 4, Soi Changwattana-Pak Kret 25, Changwattana Road, Khlong Kluea Subdistrict, Pak Kret District, Nonthaburi 11120, Thailand

Data Protection Officer: support@goonova.com