Privacy Policy

Last Updated: February 20, 2026

1. Purpose and Scope

At GAINWRK ("we," "us," or "our"), we respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Visit or interact with our website at gainwrk.com (the "Site");
• Interact with our AI Agent chat widget deployed on our Site or on the websites of our business clients ("Client Sites");
• Subscribe to or use any of our software-as-a-service products and services (collectively, the "Services"); or
• Communicate with us via email, phone, or other channels.

This policy applies to all users regardless of location. If you are a resident of the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or California, additional rights and provisions may apply to you as described in this policy.

2. Information We Collect

2.1 Information You Provide Voluntarily

We collect information that you voluntarily provide when you interact with our Services, including:

• Personal Contact Information: Name, email address, mailing address, and phone number.
• Business Information: Company name, industry type, website URL, and your role in your company.
• Payment Information: If you purchase our Services, we collect data necessary to process your payment (handled by secure third-party payment processors). We do not store full credit card numbers on our servers.
• AI Agent Conversation Data: When you interact with our AI Agent chat widget — whether on our Site or on a Client Site — the AI Agent may collect your name, email address, phone number, and any other information you voluntarily share during the conversation. The content of your chat messages is also collected and stored.
• Support and Communication Data: Information you provide when contacting us for support or inquiries.

2.2 Information Collected Automatically

When you use our Services or visit our Site, we may automatically collect certain information from your device, including:

• Device Data: Operating system type and version, browser type and version, screen resolution, and unique device identifiers.
• Usage Data: Pages viewed, links clicked, time spent on pages, navigation paths, referring URLs, and session timestamps.
• Network Data: IP address and approximate geolocation derived from your IP address.

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies (such as session identifiers and local storage) to operate and improve our Services, remember your preferences, and understand usage patterns. Our AI Agent widget uses session identifiers to maintain conversation continuity. We do not use cross-site tracking cookies in our widget. You can control cookie preferences through your browser settings.

2.4 Information from Third-Party Sources

We may receive information about you from third-party sources such as website analytics providers, payment processors, and publicly available business directories, which we may combine with information we collect directly from you.

3. How We Use Your Information

We use the information we collect for the following legitimate business purposes:

• Providing and Managing Our Services: To operate and deliver our AI Agent widget, lead notification system, and related services to our business clients.
• Lead Notifications: When you interact with our AI Agent on a Client Site and provide your contact information, that information is shared with the applicable business client so they can follow up with you directly. This is the core purpose of our AI Agent service.
• Communication: To send you administrative information, such as account confirmations, invoices, security alerts, and changes to our terms or policies.
• SMS and Email Notifications: To send lead alerts and service updates to our business clients via SMS text messages and email.
• Improving Our Services: To understand how our Services are used, diagnose technical problems, and develop new features and functionality.
• Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, or other harmful activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. How Our AI Agent Works

Our AI Agent is a conversational chat widget that is deployed on Client Sites (and on our own Site). It is designed to engage website visitors in helpful conversation and, when appropriate, collect contact information so the business owner can follow up directly.

• AI-Powered Conversations: The AI Agent uses third-party large language model (LLM) technology to generate conversational responses. Your chat messages are sent to our servers and processed through our AI system. We contractually require our LLM providers to not use your data for training or improving their models.
• Data Sharing with Business Clients: Contact information and qualifying details you provide during a conversation with the AI Agent on a Client Site are shared with that specific business client for the purpose of follow-up communication. The business client is responsible for their own handling of your information in accordance with their own privacy practices.
• Conversation Storage: Chat transcripts are stored on our servers for service delivery, quality assurance, and to enable our business clients to review lead interactions.
• No Cross-Site Tracking: The AI Agent does not track your activity across different websites. Each widget session is isolated to the site on which the conversation occurs.

5. SMS Privacy Policy

We value your privacy and the security of your data. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

You may opt out of receiving SMS text messages from us at any time by replying STOP to any message you receive from us. After you send "STOP," we will send you a confirmation message. After this, you will no longer receive SMS messages from us. If you need assistance, reply HELP to any message or contact us using the information below.

Message and data rates may apply depending on your mobile carrier plan. Message frequency varies based on account activity. Carriers (such as T-Mobile, AT&T, and Verizon) are not liable for delayed or undelivered messages.

6. Disclosure of Your Information

We may share your information with the following categories of recipients:

• Business Clients: As described in Section 4, contact information collected by the AI Agent on a Client Site is shared with that business client for lead follow-up purposes.
• Service Providers: Third-party vendors who perform services on our behalf, such as data hosting (Supabase), AI/LLM processing (Google), email delivery (Zoho), SMS delivery (Twilio), and payment processing. These providers are contractually obligated to protect your information and may not use it for their own purposes.
• Professional Advisors: Lawyers, auditors, and insurers in the course of the professional services they render to us.
• Legal and Compliance: When required to comply with applicable laws, lawful requests, and legal processes; to protect our rights, privacy, safety, or property (or that of our users or the public); and to enforce our terms and policies.
• Business Transfers: In connection with a merger, acquisition, reorganization, sale, or other disposition of all or any portion of our business or assets.

As stated in Section 5, we do not share your mobile phone number or SMS consent data with third parties for their own marketing purposes.

7. Third-Party AI Providers

Our AI Agent uses third-party large language model technology to power conversational responses. When you interact with the AI Agent, your messages are processed through these third-party AI services. We contractually require these providers to:

• Not use your data to train or improve their AI models;
• Not retain your data beyond what is necessary for processing your request (typically no more than 30 days for abuse monitoring); and
• Maintain appropriate security measures to protect your data.

AI-generated responses may contain inaccuracies. You should not rely on AI Agent responses as professional, legal, financial, or medical advice.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to satisfy legal, accounting, or reporting requirements. Specifically:

• Chat Transcripts: Retained for as long as the associated business client maintains an active account with us, plus a reasonable wind-down period.
• Lead Contact Information: Retained for as long as needed by the business client and in accordance with our data retention schedules.
• Account Information: Retained for the duration of the customer relationship and as required by law.
• Payment Records: Retained as required by tax and accounting regulations.

When personal information is no longer needed, we securely delete or anonymize it.

9. International Data Transfers

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may not have equivalent privacy and data protection laws. We will protect your personal data in accordance with this Privacy Policy wherever it is processed.

10. Data Security

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), secure database access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

• Right to Access: You can request copies of your personal data that we hold.
• Right to Rectification: You can request that we correct any information you believe is inaccurate or incomplete.
• Right to Deletion: You can request that we erase your personal data under certain conditions.
• Right to Restrict Processing: You can request that we restrict the processing of your personal data under certain conditions.
• Right to Object: You can object to our processing of your personal data where we rely on legitimate interests.
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
• Right to Withdraw Consent: Where we process your data based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

To exercise any of these rights, please contact us using the information in Section 15 below.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising as defined by the CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at [email protected] or by mail at the address below. We may need to verify your identity before processing your request.

13. Children's Privacy

Our Services are not intended for use by anyone under the age of 16. We do not knowingly collect personal information from anyone under the age of 16. If you are under 16, please do not provide any information to us through our Services. If we become aware that we have collected personal data from someone under 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian and believe that a child under 16 has provided us with personal information, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we make material changes, we will update the "Last Updated" date at the top of this page and take appropriate measures to inform you, consistent with the significance of the changes. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions, comments, or concerns about this Privacy Policy or our data practices, or if you would like to exercise your privacy rights, please contact us at:

GAINWRK Compliance Team
Email: [email protected]
Phone: 1-877-600-7179
Address: 517 Pearse Rd. Swansea, MA 02777

By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.