Thank you for your interest in this Privacy Policy, and welcome to the goahead platform (our "Platform" or "Services"). This Privacy Policy applies to your use of the goahead Platform, whether accessed online (app.gohead.io, try.goahead.io) or through our macOS or Windows applications. It sets out the basis on which we will process any Personal Data we collect about you as a user of our Platform and services.
This policy explains how we protect your privacy and outlines your rights regarding our use of your Personal Data. Please note that this Platform Privacy Policy is separate from our Website Privacy Policy, which governs your use of our general website only.
A "data controller" is a person or organisation who alone or jointly determines the purposes for which and the manner in which any personal data is, or is likely to be, processed. In this sense, goahead LLC of 300 Delaware Ave Ste 210 #229 Wilmington, DE 19801 ("goahead", "we", "us", or "our") is the data controller.
If you have any questions about cookies or about data protection at goahead in general, please email us using hello [at] goahead.io.
We process the Personal Data involved in your use of our Services ("Service Data") in order to provide those services. We recognize that you own your Service Data. We provide you with complete control of your Service Data by giving you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data.
Where we process Service Data on your behalf (in other words, as a Data Processor), we will process the Service Data in accordance with your instructions and will only use it for the purposes agreed upon between you and us. Access by our employees to your data is restricted to specific individuals on a need-to-know basis and is logged and audited. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards.
When you use our Services to create surveys, we may also process the Personal Data of your end users (i.e., Survey Participants). The specific Personal Data we process depends on how you configure our Services and the requests your end users submit. In this sense, you have full control over the Personal Data that is processed by us. The Platform provides features that allow surveys to be fully anonymous, discrete, or self-destructive, giving you further control over how end user data is handled.
If you provide us with Personal Data relating to a third party (such as your end users), you agree that you have obtained all necessary and appropriate consents and that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
In this context, and in accordance with applicable data privacy laws, we act as your Data Processor. Some jurisdictions may require you to disclose your use of our Services and goahead as your processor in your own privacy policy and/or data processing agreement as applicable.
We collect different types of Personal Data depending on whether you are a Survey Creator or a Survey Participant.
For our Survey Creators:
Account Information: When you register for an account, we collect mandatory data such as your name, company name, email address, telephone number, and your selected password. Your data entry is encrypted to protect it from third parties. We will hold this data as long as you maintain your account with us. The legal basis for this processing is the fulfilment of our contract with you.
Login Credentials: When you log in, we process your email address and password to authenticate you. We also offer a convenient login via Google, which will provide us with your profile information for authentication. The legal basis is the fulfilment of a contract.
Payment Information: If you purchase a monthly plan or use a pay-as-you-go option, your payment data is processed directly by our payment service provider, Stripe. We have no access to any payment data you submit. The legal basis is the establishment and implementation of the contract.
Support Ticket Information: If you create a support ticket, we will request Personal Data in accordance with your request, which may include your name, email address, and other order-related data you voluntarily provide. We process this data for the purpose of handling your ticket. Our employees will also have access to data that you knowingly share with us for technical support. The legal basis is our obligation to fulfill the contract and/or our legitimate interest in processing your support request.
Survey Content: We process the validation surveys you create, including the questions and logic you design.
For Survey Participants:
Survey Responses: We collect the responses you provide to the validation surveys you participate in.
Demographic & Technical Data: To match you with the correct surveys, we may collect demographic information such as age, location, gender, and education level. When you use our platform, we may also automatically collect technical information, including your Internet Protocol (IP) address, operating system, and browser type.
It is necessary to transmit your Personal Data to operate our Platform.
Internal Access: Access to your Personal Data within goahead is granted only to authorised employees who require it to perform their jobs.
External Service Providers: We use several third-party service providers (processors) to host our application and store data. Your data is shared with them only to the extent necessary to provide our services. Our key providers include:
International Transfers: To provide our services, we may transfer your Personal Data to our service providers located in various countries. We use contractual arrangements, such as data processing agreements and standard contractual clauses, to ensure your Personal Data is protected. We take all reasonable measures to protect the Personal Data we transfer.
Data in transit is encrypted. Our platform uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. We have also implemented numerous technical and organizational security measures to ensure the most complete protection of Personal Data processed through our Platform.
We will delete your Personal Data when it is no longer necessary for the purposes for which we had collected it. In some instances, legal or regulatory requirements may require us to retain data for a specified period, and in such cases we will retain your Personal Data for that specified period. We may also need to retain data for longer periods in relation to legal disputes.
Privacy rights
You can exercise the following rights:
Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, or withdraw your consent, please do so by contacting us.
Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
What we do not do
Complaints
For concerns regarding our processing of Personal Data, you may complain with the Delaware Attorney General's office. For users elsewhere in the United States, privacy oversight involves a combination of state and federal laws, and you may complain with the relevant district attorney or attorney general office in your state. We appreciate the opportunity to address concerns before you contact any authority.
Data Breaches and Notification
Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.
For users in the United States, we apply relevant privacy rules and regulations. Where ambiguity arises, the most stringent provision is chosen to ensure comprehensive data protection.
If you have any questions about data protection at goahead, you can contact us by email using hello [at] goahead.io.
The first version of this policy was issued on Sunday, 8th of June, 2025. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.