Gobi is built on the belief that intelligence should work with you, never against you. Privacy is not a feature layered on later; it is a foundational design constraint.

Our core commitments:

• You own your data. You control what is captured, how it is used, and when it is deleted.
• Human agency first. Gobi assists, but never exploits, surveils, or monetizes personal context.
• No data selling. We do not sell personal data, period.
• No model training on personal data. Your data is never used to train or fine‑tune foundation models.
• Data minimization by default. Raw inputs are processed transiently and discarded whenever possible.
• Security by design. Encryption, access controls, and architectural separation are core to Gobi OS.

This policy applies to:

• Gobi OS (including Gobi Desktop and future OS variants)
• Gobi eyewear and sensors (camera, microphones, IMU, and related components)
• Companion mobile or desktop applications
• Gobi websites and user dashboards

We collect information only to operate, secure, and improve the Services. The type of data collected depends on how you use Gobi.

1. Account & Administrative Information
Collected to create and manage your account:

• Name, email address, and authentication credentials
• Account settings and preferences
• Device pairing and configuration metadata
• Billing and payment information (processed by third‑party payment providers; Gobi does not store full payment details)
  
  

2. User‑Generated Context Data (Private by Default)
Depending on enabled features, Gobi may process contextual inputs you generate or approve, including:

• Text inputs, notes, or prompts
• Task lists, reminders, and workflows generated within Gobi OS
• User‑approved contextual summaries or derived outputs

Privacy Model:

• Raw inputs are processed only to deliver the requested functionality.
• Stored data is limited to what is necessary for continuity, personalization, or user‑initiated recall.
• Access to this data is restricted to authenticated sessions and authorized systems.
  
  

3. Eyewear & Sensor Data (Ephemeral Processing)
When using Gobi eyewear or other sensor‑enabled devices, the following may be captured temporarily:

• Camera input (images or short video frames)
• Audio input (voice or ambient sound)
• Motion and orientation data (IMU)

Critical safeguards:

• No continuous recording by default. Sensor activation is limited to explicit features or user‑defined modes.
• Immediate disposal of raw data. Raw images, audio, and sensor streams are processed transiently and deleted immediately after semantic extraction.
• Derived data only. When applicable, only high‑level, non‑raw representations (e.g., text summaries or signals) may be retained, and only within your account context.

Gobi does not operate as a surveillance system and does not retain raw audiovisual recordings.

4. Technical & Usage Data
Collected to ensure reliability, security, and performance:

• Device type, OS version, and app version
• Crash reports and error logs
• High‑level feature usage metrics
• Security and fraud‑prevention signals

This data does not include raw sensor content or personal context.

5. Optional Analytics (Opt‑In)
If you explicitly opt in, we may collect de‑identified analytics to improve product performance:

• Aggregated feature usage
• Latency and reliability metrics
• Non‑content interaction signals

We never collect raw camera, audio, or personal context data for analytics.

We use collected information solely to:

• Operate and maintain Gobi OS and connected devices
• Generate context‑aware assistance and task suggestions
• Synchronize data across your approved devices
• Improve reliability, safety, and usability
• Provide customer support and account services
• Comply with legal obligations

We do not use personal data for advertising, profiling, or behavioral marketing.

Gobi uses machine learning and large language models to deliver contextual intelligence.
Key constraints:

• No training on user data. Personal data is never used to train or fine‑tune models.
• Purpose‑limited processing. Data is processed only to fulfill user‑requested or user‑approved functions.
• Minimal disclosure. Only the smallest necessary data fragments are shared with AI systems.

When third‑party AI providers are used:

• Data is transmitted under enterprise agreements prohibiting retention and training.
• Requests are scoped, transient, and purpose‑bound.

When you connect a Google account to Gobi (for example, your personal Google

Workspace, or a Google Drive folder you bind to a Gobi space), Gobi accesses

Google user data on your behalf through Google APIs — including Gmail,

Calendar, Drive, Google Docs, Sheets, Slides, Contacts, and Tasks. This

section describes how Gobi handles that data.

​

Limited Use compliance

​

Gobi's use and transfer of information received from Google APIs to any other

app will adhere to the

[Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy),

including the Limited Use requirements.

​

In particular:

​

- Google user data is accessed only at the moment you make a request to your

  Gobi assistant and is used solely to fulfill that specific request (for

  example, summarizing emails you asked the assistant to summarize, scheduling

  an event you asked it to schedule, editing a document you asked it to edit).

- We do **not** use Google user data for advertising.

- We do **not** sell Google user data.

- We do **not** use Google user data to develop, improve, or train generalized

  or non-personalized artificial-intelligence or machine-learning models.

  Where AI is used to provide a user-facing feature, processing is performed

  under enterprise agreements that prohibit retention and training on customer

  data, and the data is used only to deliver the requested feature to you.

- We do **not** transfer Google user data to third parties except:

  (a) as necessary to provide or improve user-facing features that are

  prominent in the Gobi user interface;

  (b) to comply with applicable law; or

  (c) as part of a merger, acquisition, or sale of assets with notice to

  users.

- No humans at Gobi read your Google user data except:

  (a) with your explicit consent for specific items;

  (b) when strictly necessary for security purposes such as investigating

  abuse;

  (c) to comply with applicable law; or

  (d) in aggregated and anonymized form for internal operations.

​

Restricted scopes

​

Gobi requests the Gmail (`gmail.modify`) and Drive (`drive.readonly`)

restricted scopes solely to deliver the user-facing assistant features

described above (reading and summarizing email, drafting and sending replies,

organizing mail; finding and reading your existing Drive files for reference).

​

Gobi does **not** request `https://mail.google.com/` and never permanently

deletes mail. Drive access is **read-only**; the app cannot modify, move, or

delete your existing Drive files. Files Gobi itself creates are managed under

the separate `drive.file` scope.

​

Revoking access

​

You can disconnect Google from Gobi at any time in the app

(**Account → Agent settings → Disconnect Google**). You can also revoke

Gobi's access at any time at

[myaccount.google.com/permissions](https://myaccount.google.com/permissions).

Gobi does not sell personal data.
We may share limited information only with:

• Service providers (cloud hosting, infrastructure, payments) under strict confidentiality and security obligations
• Security partners for fraud prevention and abuse detection (metadata only)
• Legal authorities when required by valid legal process

All sharing is minimized, encrypted where applicable, and restricted to operational necessity.

Our retention principles:

• Raw sensor data: Deleted immediately after processing
• Derived or stored data: Retained only while your account is active or until you delete it
• Account deletion: Upon request, all associated data is permanently deleted within a defined purge window

You can delete data or request full account deletion through your account settings or by contacting us.

Gobi employs industry‑standard safeguards, including:

• Encryption in transit and at rest
• Strong access controls and authentication
• Segmented systems and least‑privilege design
• Continuous monitoring and security audits

No system is perfectly secure, but we design Gobi to minimize risk and blast radius by default.

Depending on your jurisdiction, you may have the right to:

• Access your data
• Correct inaccurate information
• Export your data
• Delete your data or account
• Withdraw consent for optional processing

Requests can be made via your account dashboard or by contacting us directly.