Privacy Policy

How Godtool collects, uses, stores, and shares information across the hosted service, website, and app.

Last updated April 14, 2026

This Privacy Policy explains how Godtool, a product operated by Isaac Dyor ("Godtool," "we," "our," or "us"), handles information when you use our website, hosted cloud service, desktop application, command-line tools, and related APIs and support channels (collectively, the "Services").

Godtool offers both local-first software and hosted cloud features. If you use the local desktop or CLI product without connecting to Godtool Cloud, much of your configuration may remain on your device. If you use Godtool Cloud, we process and store the information described below so we can authenticate users, manage organizations, connect integrations, enforce policies, meter usage, and operate the service.

For purposes of this Privacy Policy, the person responsible for the Services is Isaac Dyor, 2452 Green St, San Francisco, CA 94123.

1. Information We Collect

Account and profile information

When you sign in, we receive account information from our authentication provider, including your name, email address, avatar or profile picture URL, account ID, session identifiers, and organization membership information.

Workspace and service configuration

We collect and store information needed to provide the Services, such as:

  • organization and workspace names;
  • membership and role information;
  • source and integration metadata;
  • tool catalogs, schemas, policies, and related configuration;
  • secret metadata and connection settings; and
  • billing plan, seat, and execution-usage records.

Credentials, secrets, and connected-service data

If you connect third-party tools or APIs, you may provide API keys, OAuth tokens, secrets, endpoint URLs, and related configuration. We process that information to authenticate requests and operate your configured integrations. We may also process content that passes through those integrations when you instruct Godtool to make a call, run code, or execute a workflow.

Website inputs and support communications

If you submit a URL to our website's API detection tool, contact us by email, or otherwise communicate with us, we collect the information you provide in order to respond and improve the Services.

Usage, device, and diagnostic information

We automatically collect technical information such as IP address, browser and device data, request metadata, session cookies, product interactions, operational logs, crash reports, traces, and other diagnostics needed to secure, maintain, and improve the Services.

Payment and subscription information

If you subscribe to a paid plan, we and our billing providers process subscription status, plan selections, usage counters, invoices, and limited payment-related metadata. Our payment partners, not Godtool, generally handle full payment card details.

2. How We Use Information

We use the information we collect to:

  • provide, operate, secure, and support the Services;
  • authenticate users and maintain sessions;
  • create and manage organizations, memberships, and permissions;
  • connect to third-party integrations and execute user-requested actions;
  • store and retrieve tool catalogs, policies, secrets, and workspace settings;
  • meter usage, manage subscriptions, and administer billing;
  • monitor performance, debug issues, prevent abuse, and investigate incidents;
  • communicate with you about the Services, updates, and support requests; and
  • comply with legal obligations and enforce our agreements.

3. Legal Bases for Processing

If data protection laws such as the GDPR or UK GDPR apply, we generally process personal data because it is necessary to perform our contract with you, because we have legitimate interests in operating and securing the Services, because we must comply with legal obligations, or because you have given consent where consent is required.

4. How We Share Information

We may share information in the following circumstances:

  • with service providers that help us run the Services, including hosting, authentication, billing, logging, analytics, error monitoring, and customer-support vendors;
  • with third-party integrations, APIs, and tools when you direct Godtool to connect to or act on those services;
  • with your organization administrators and authorized teammates, consistent with your workspace permissions;
  • in connection with a merger, financing, acquisition, reorganization, or sale of assets; and
  • when required to comply with law, protect rights or safety, investigate misuse, or enforce our terms.

Based on our current hosted implementation, our processors or infrastructure providers may include WorkOS (authentication, organization management, and vault-backed secret workflows), Autumn (billing and subscription tooling), Axiom (operational telemetry when enabled), Sentry (error monitoring when enabled), and cloud hosting and database providers such as Cloudflare and PlanetScale. Our providers may change over time as the Services evolve.

5. Cookies and Similar Technologies

We use cookies and similar technologies for essential functions such as authentication, session continuity, and security. For example, Godtool Cloud currently uses an HTTP-only session cookie to keep users signed in. We may also use cookies or comparable storage for preference, security, performance, or diagnostic purposes.

6. Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain your account and organization, meet contractual commitments, resolve disputes, enforce agreements, and comply with legal obligations. Retention periods vary based on the type of information, the sensitivity of the data, and whether the information is needed for security, billing, tax, audit, or backup purposes.

Some data may remain in backups or logs for a limited period after deletion. Session cookies may persist until they expire or are cleared. If you need deletion assistance, contact us using the information below.

7. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, and alteration. Those measures include access controls, secret-management workflows, encrypted transport, and monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8. International Data Transfers

We and our service providers may process information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

9. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, or limit certain processing of your personal information, or to object to processing. You may also have the right to appeal a denial of your request.

You can also manage certain information directly in the product, such as organizations, memberships, sources, secrets, policies, and integrations. To exercise privacy rights or request account deletion, email support@godtool.dev.

We do not sell personal information for money, and we do not use personal information for cross-context behavioral advertising as part of the current product implementation.

10. California Privacy Notice

If you are a California resident, this section supplements the rest of this Privacy Policy. Depending on our obligations under California law, we may collect the following categories of personal information: identifiers; customer records; commercial or billing information; internet or network activity; geolocation inferred from IP address; professional or employment-related information you choose to provide; and sensitive personal information such as account credentials or authentication data.

We collect this information from you, your devices, your organization, our service providers, and third-party integrations you connect. We use it for the business and commercial purposes described in this Privacy Policy, including account administration, workspace management, service delivery, security, debugging, analytics, and billing.

California residents may have rights to know, access, correct, or delete certain personal information and to limit certain uses of sensitive personal information, subject to exceptions. To submit a request, contact support@godtool.dev.

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and revise the "Last updated" date above. Your continued use of the Services after an update becomes effective means the updated policy will apply going forward.

12. Contact

Questions or requests about this Privacy Policy can be sent to Isaac Dyor at support@godtool.dev.

Isaac Dyor
2452 Green St
San Francisco, CA 94123