← Back to homePrivacy Policy

Avery Privacy Policy

Version 1.0 — Effective July 15, 2026

This Privacy Policy explains how GoodGist Inc. ("GoodGist," "we," "us," or "our") — together with our affiliates and subsidiaries, including Researchfin LLC and Researchfin India Private Limited — collects, uses, and shares information in connection with Avery (also branded "Avery.Software"): the Avery desktop application, the Avery local service, the avery.software website, and related software and services (collectively, the "Service").

Our contact details: GoodGist Inc., 1825 S Grant St, Suite 200, San Mateo, CA 94402, USA — legal@avery.software (privacy and legal) — support@avery.software (support).

By using the Service, you acknowledge this Privacy Policy. It is incorporated into the Avery Terms of Use. If you do not agree, do not use the Service.

1. The Short Version

  • Avery is local-first. Your agents, workflows, run history, files, connection credentials, and taught knowledge are stored on your own device, in per-user encrypted storage. We do not have access to that data and cannot read it.
  • What reaches our servers is limited: your account identity and license, billing, limited device and telemetry data (telemetry is optional and can be turned off), update checks, and whatever you choose to send us (for example a support email).
  • When your agents use AI model providers or other third-party services (email, search, messaging, hosting, and so on), your content flows from your device directly to those providers under your own accounts and their own privacy policies — not through us.
  • We do not sell your personal information, and we do not use the contents of your local workspace to train AI models.

The rest of this policy is the detail behind that summary.

2. Scope

This policy covers personal information we process when you use the Service, visit avery.software, communicate with us, or otherwise interact with GoodGist in connection with Avery. It does not cover third-party services you connect to through Avery (Section 6), which have their own policies, or data processed entirely on your device that never reaches us (Section 3).

If you use Avery under an organization's plan, your organization may control the account and the data associated with it, and its policies also apply.

3. Local-First: What Stays on Your Device

Avery is designed so that your working data lives on your own computer, not on our servers. Unless you deliberately export, share, deploy, or transmit it, the following stays local to your device and is not sent to GoodGist:

  • your agents, apps, and their configurations, workflows, and settings;
  • run history, execution logs, and files your agents read or produce;
  • documents, knowledge, and reference files you teach or upload;
  • connection credentials — API keys, OAuth tokens, and similar secrets for services you connect (stored locally in encrypted storage and/or your operating system keychain);
  • app project source code and local databases for apps you build;
  • build transcripts, chat history with the builder, and locally recorded usage and cost ledgers.

Local workspace data is encrypted at rest with per-user keys (AES-256-GCM), and each signed-in user on a device gets an isolated encrypted workspace. Because this data is on your device and encrypted with keys we do not hold, we cannot access, recover, or delete it for you. You are responsible for device security, backups, and for safeguarding any passphrase and recovery code — if you lose them, encrypted data may be permanently unrecoverable.

If you deploy an agent to another machine (for example a server you control), the deployed copy and its data live on that machine, under your control and responsibility.

4. Information We Collect

4.1 Information you provide to us:

  • Account and identity. When you sign in, we (through our central service) process your account identifiers — such as your name, email address, and account/subscription identifiers — to authenticate you, issue your license, and display your identity in the app.
  • Billing. If you purchase a paid plan, our payment processors collect your payment details. We receive transaction metadata (plan, amount, status) but do not store full payment card numbers.
  • Communications. If you contact support or legal, we receive what you send us (including your email address and any attachments).
  • Content you choose to share or publish. For example, if you submit feedback or share materials with us for troubleshooting.

4.2 Information collected automatically:

  • License and entitlement data. Sign-in status, plan tier, entitlement checks, and license issuance/renewal events.
  • Device and installation data. Install identifiers, app version, operating system and hardware characteristics relevant to running the Service, and update-check requests (which include your app version and platform).
  • Telemetry and diagnostics. Anonymous or pseudonymous usage signals and error diagnostics that help us understand reliability and improve the product. Telemetry is controlled by a switch in Settings → Privacy ("what leaves your computer") and you can turn it off at any time. Telemetry is designed not to include the contents of your agents, prompts, files, or credentials.
  • Website data. When you visit avery.software, we and our providers collect standard web logs (IP address, browser type, pages viewed, referrers) and may use cookies and similar technologies (Section 9).

4.3 Information from other sources. We may receive information from payment processors, identity providers you use to sign in, resellers, and publicly available sources, and combine it with the above.

5. How We Use Information

We use the information described in Section 4 to:

  • provide, operate, secure, and maintain the Service, including authentication, license verification, entitlement enforcement, and software updates;
  • process payments and manage subscriptions;
  • respond to support requests and communicate with you about the Service (including service announcements and changes to terms, pricing, or features);
  • monitor, debug, and improve the Service's performance, reliability, and usability;
  • protect GoodGist, our users, and the public — including detecting, investigating, and preventing fraud, abuse, security incidents, and violations of our Terms of Use;
  • comply with legal obligations and enforce our agreements; and
  • with your consent where required, send product news and marketing (you can opt out at any time).

We do not use the contents of your local workspace (your agents, prompts, files, credentials, or outputs) to train AI models, and we do not have access to them (Section 3).

Where laws such as the GDPR apply, our legal bases are: performance of a contract (providing the Service you signed up for), legitimate interests (securing and improving the Service, preventing abuse, communicating with users), consent (where required, for example optional telemetry or marketing in some jurisdictions), and compliance with legal obligations.

6. Third Parties Your Agents Talk To (Data Flows You Direct)

Avery's purpose is to connect to services you choose. When you configure a connection, sign in to a third-party service, supply an API key, or run an agent that uses one, content flows directly from your device to that provider under your own account:

  • AI model providers. Prompts, instructions, documents, and other content processed by cloud AI models (for example Anthropic, OpenAI, Google, or xAI) are sent to that provider using your API key or your own subscription sign-in. That processing is governed by your agreement with the provider and its privacy policy — not this one. On-device models process content locally without sending it to a cloud provider.
  • Connected services. Email, calendar, messaging, spreadsheets, search, market data, browsers, and any other connector or integration you enable — including services an agent reaches at your direction — receive whatever your agent sends them and are governed by their own terms and policies.
  • Deployment and hosting targets. If you deploy an app or agent to a hosting provider (for example a cloud platform or your own server), your code and data go to that provider under your account.

GoodGist is not a party to these flows, does not receive that content, and is not responsible for how those providers handle it. Review each provider's privacy policy, and do not route personal data through a provider unless you are authorized to do so. You are responsible for the data your agents collect and process about other people — if your agents process personal data of others, you are the controller or business for that data, and you must have a lawful basis and provide any required notices.

7. How We Share Information

We share personal information only as follows — we do not sell personal information, and we do not share it for cross-context behavioral advertising:

  • Affiliates and subsidiaries. Within the GoodGist corporate group (including Researchfin LLC and Researchfin India Private Limited) to operate, support, and develop the Service, consistent with this policy.
  • Service providers. Vendors that process information for us — such as cloud infrastructure, payment processing, email delivery, analytics, and customer support tooling — bound by contract to use it only to provide their services to us.
  • Legal and safety. When we believe disclosure is required by law or legal process, or is reasonably necessary to protect the rights, property, or safety of GoodGist, our users, or the public, to enforce our agreements, or to detect and prevent fraud, abuse, or security issues.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case the successor's use remains subject to this policy or you will be notified of changes.
  • With your direction or consent. Including anything you ask us to share and the third-party flows you configure (Section 6).

8. Data Retention

We keep personal information only as long as needed for the purposes above: account and license data for as long as your account is active and as needed afterward for legal, accounting, and dispute-resolution purposes; telemetry and logs for limited operational windows; billing records as required by tax and accounting law. When no longer needed, we delete or de-identify it. Data on your own device is retained under your control — uninstalling the app or deleting your local workspace is in your hands, and run-history retention windows within the app depend on your plan and settings.

9. Cookies and Similar Technologies (Website)

The avery.software website uses cookies and similar technologies that are strictly necessary for it to function (for example sign-in sessions and security), and may use limited analytics to understand site usage. Where required by law, we request consent for non-essential cookies and honor your choices. Most browsers let you control cookies through their settings. The desktop application does not use advertising cookies.

10. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data — including encryption in transit (TLS) for communications with our services, local encryption at rest for your on-device workspace (Section 3), OS keychain storage for machine secrets, and access controls on our systems. No system is perfectly secure, and we cannot guarantee absolute security. You play a critical role: keep your device, operating system, account credentials, passphrases, and recovery codes secure, and grant your agents only the access they need. If we learn of a breach affecting your personal information, we will notify you and regulators as required by law.

11. Your Rights and Choices

All users. You can: turn telemetry off in Settings → Privacy; unsubscribe from marketing emails via the link in the email; access and update account information through your account; sign out and stop using the Service at any time; and contact legal@avery.software to request access to, correction of, or deletion of the personal information we hold about you. We will respond as required by applicable law and may need to verify your identity first. Remember that most workspace content is on your device and under your direct control (Section 3) — deleting it locally is immediate and does not require a request to us.

California residents (CCPA/CPRA). You have the right to know the categories and specific pieces of personal information we collect, use, and disclose; to delete personal information; to correct inaccurate personal information; to receive a copy in a portable format; and to not be discriminated against for exercising these rights. The categories we collect are described in Section 4 (identifiers, commercial information, internet activity, and communications); we collect them from the sources in Section 4, use them for the purposes in Section 5, and disclose them to the recipients in Section 7. We do not sell or share personal information as defined by the CCPA/CPRA, and we do not use or disclose sensitive personal information for purposes requiring a right to limit. To exercise rights, email legal@avery.software; you may use an authorized agent as permitted by law.

EEA, UK, and Switzerland (GDPR). GoodGist Inc. is the controller of the data described in Section 4. You have the rights of access, rectification, erasure, restriction, portability, and objection (including to processing based on legitimate interests), and the right to withdraw consent at any time where processing is based on consent, without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority. To exercise rights, email legal@avery.software.

India (DPDP Act). Researchfin India Private Limited supports our group's operations in India. If Indian data-protection law applies to our processing of your personal data, you may exercise your rights to access, correction, erasure, and grievance redressal by emailing legal@avery.software, and you have the right to escalate to the Data Protection Board of India as provided by law.

Other jurisdictions. Where local law grants you additional rights (for example in Canada, Australia, or Brazil), we honor them as required. Email legal@avery.software.

12. International Data Transfers

We are based in the United States, and the information described in Section 4 is processed in the United States and in other countries where we or our service providers and affiliates operate (including India). These countries may have data-protection laws different from yours. Where required, we use appropriate safeguards for cross-border transfers — such as the European Commission's Standard Contractual Clauses and equivalent mechanisms — and you may contact legal@avery.software for more information about them.

13. Children

The Service is not directed to children, and you must be at least 18 (or the age of majority where you live) to use it. We do not knowingly collect personal information from children under 13 (or the higher age local law specifies). If you believe a child has provided us personal information, contact legal@avery.software and we will delete it.

14. Third-Party Links and Services

The Service and our website may link to third-party sites and services. This policy does not apply to them, and we are not responsible for their practices. Review their policies before providing personal information.

15. Do Not Track

Some browsers send "Do Not Track" signals. Because there is no common standard, our website does not currently respond to DNT signals; where the law requires us to honor a recognized opt-out preference signal (such as the Global Privacy Control) for sales or sharing, that obligation does not arise for us because we do not sell or share personal information within the meaning of those laws.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date above and post the revised policy in the app and on the website; for material changes we will provide additional notice (for example in-app or by email). Your continued use of the Service after a revised policy takes effect constitutes acknowledgment of the revision. If we make a change that requires your consent under applicable law, we will obtain it.

17. Contact Us

Questions, requests, or complaints about privacy:

  • Email: legal@avery.software (privacy and legal) or support@avery.software (support)
  • Mail: GoodGist Inc., Attn: Privacy, 1825 S Grant St, Suite 200, San Mateo, CA 94402, USA

If you are in a jurisdiction with a data-protection authority, you may also contact your local authority, though we would appreciate the chance to address your concern first.