Legal

Privacy Policy

Last updated: 22 April 2026

The short version

  • We only collect what we need to operate the service.
  • We never sell your personal data to anyone.
  • Tool results are anonymous unless you are signed in.
  • You can delete your account and all data at any time.
  • We use HTTPS and industry-standard security practices.

1. Overview

Good.You ("we", "us", "our") operates the website at good.you and related subdomains. This Privacy Policy describes how we collect, use, store, and share information when you use our services. It applies to all visitors, registered users, and newsletter subscribers.

By using Good.You, you agree to the collection and use of information in accordance with this policy. If you disagree, please do not use the service.

2. Data We Collect

Data Type What We Collect Required?
Account data Email address, display name (from Google OAuth) Only if you register
Tool inputs Values you enter into calculators and assessments Anonymous by default
Tool results Calculated outputs stored to your account Only if signed in
Saved content Article bookmarks linked to your account Only if signed in
Newsletter Email address, subscription status Only if subscribed
Feedback Message content, optional email address Only if submitted
Server logs IP address, browser type, pages visited, timestamp Automatic — all visitors
Cookies Session token, CSRF protection, preference flags Essential for functionality

We do not collect payment information (we offer no paid services), biometric data, or health data beyond what you voluntarily enter into our wellness tools.

3. How We Use Your Data

Service operation

Authenticating your account, saving your tool results, and delivering the newsletter you subscribed to.

Service improvement

Aggregate, anonymised usage data helps us understand which content and tools are most useful.

Communication

If you contact us or submit feedback, we use your email solely to respond to your message.

Security

Server logs are used to detect abuse, spam, and unauthorised access attempts. Logs are purged after 90 days.

Legal compliance

We may retain and share data where required by law or to protect our legal rights.

4. Cookies

We use cookies to operate the site. See our Cookie Policy for full details. In summary:

  • Essential: Session and CSRF cookies required for login and form security. Cannot be disabled.
  • Analytics: Privacy-respecting visit statistics. No cross-site tracking or fingerprinting.
  • Third-party: If advertising is shown, those providers operate under their own cookie policies.

5. Third Parties

We use a small number of third-party services to operate Good.You. We do not sell your data to any third party.

Service Purpose Data shared
Google OAuth Sign-in authentication Email address, display name
Hosting provider Server infrastructure Server logs (IP, timestamp)
Email service Transactional & newsletter emails Subscriber email addresses
Analytics Aggregate traffic analysis (privacy-respecting) Anonymised page views

6. Your Rights

Depending on your location, you may have rights under GDPR (EU/UK), CCPA (California), or other applicable laws. In all cases, we honour the following:

Access

Request a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete data linked to your account.

Erasure

Delete your account and all associated data at any time from your account settings.

Portability

Request your data in a machine-readable format (CSV or JSON).

Objection

Opt out of any non-essential data processing, including analytics.

Withdraw consent

Unsubscribe from the newsletter at any time, no questions asked.

To exercise any of these rights, contact us at our contact page or delete your account directly from Account Settings.

7. Data Retention

  • Account data is retained for as long as your account is active, then deleted within 30 days of account deletion.
  • Server logs are purged after 90 days.
  • Newsletter subscriber records are deleted within 30 days of unsubscription.
  • Feedback messages may be retained for up to 2 years for quality improvement purposes, with personal identifiers removed.

8. Security

We use industry-standard measures to protect your data, including:

  • HTTPS encryption on all pages and API endpoints.
  • CSRF protection on all forms.
  • Hashed session tokens — we never store plain-text passwords (login is via Google OAuth).
  • Rate limiting on authentication and sensitive endpoints.
  • Regular security reviews of dependencies.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take all reasonable precautions.

9. Children's Privacy

Good.You is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly. If you believe a child has provided us with their data, please contact us immediately.

10. Changes to This Policy

We may update this policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Good.You — Privacy Enquiries

Use our contact form and select "Privacy / Data Request" as the category.

We respond to all privacy enquiries within 5 business days.

Terms of Use → Cookie Policy → Contact Us →