Privacy Settings

Privacy Policy

Privacy policy governing the relationship between users and Go Loco.

Go Loco (the "Service") is operated by General Alignment, Inc. (the "Company"). This Privacy Policy explains how the Company collects, uses, and protects information when users use the Service. By using the Service, users agree to the practices described here and consent to the collection and processing of their data. Signed-in users consent to cookies and tracking as a condition of the Service. Signed-out users may manage cookie and tracking preferences via the privacy settings.

The Service provides generative language learning content, voice chat, practice exercises, and textbooks. All user interactions and generated content are managed according to this Privacy Policy.

Our privacy practices are designed to meet or exceed the requirements of applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the Lei Geral de Proteção de Dados (LGPD). All users are afforded the same privacy rights regardless of location.

Definitions

  • Personal Information: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal information, including collection, storage, use, disclosure, or deletion.
  • Service Providers: Third-party companies or individuals who perform services on behalf of the Company.
  • Generative Content: Content created by the Service AI based on user prompts.
  • Prompts: Text submitted by users to generate AI content. Prompts are stored and linked to the resulting content.

How We Collect Information

The Company collects information in several ways to provide, operate, and improve the Service.

First, we collect information directly from users when they sign up, subscribe, submit prompts, or interact with the Service. This includes account information and prompts for generative content. Users may also provide their email address to receive future communications.

We also collect information automatically through analytics services. This includes tracking course progress and exercises, as well as device identifiers, IP addresses, and session data gathered through analytics tools.

Finally, we may receive information from third-party providers. When users log in using Google or other third parties, we receive profile information that they permit. Payment processing is conducted through Stripe.

How We Use User Information

  • We use information to provide, operate, and improve the Service.
  • User prompts and interactions are used to generate AI content and prompts may be used to improve our AI models.
  • Payment processing is handled by Stripe. We do not directly handle or store billing information.
  • We may use email addresses to send service-related or marketing communications to users who have opted in.
  • We use data to ensure legal compliance, prevent fraud, and maintain security.

How We Share User Information

We do not sell or lease user personal information. We share data only with trusted service providers performing essential functions on behalf of the Company, including Firebase for authentication and storage, Stripe for payment processing, and Google for login services and Amplitude for usage analytics. OpenAI and/or Anthropic process voice and prompts for Generative AI Content. All service providers are bound by Data Processing Agreements or equivalent terms obligating them to maintain the confidentiality and security of user data in compliance with applicable privacy laws, including GDPR.

We may also disclose information when required by law, to protect our rights or the safety of our users, or to respond to legal processes.

Lawful Basis for Processing

We process personal data on the following lawful bases:

  • Contractual necessity: Account creation, authentication, course progress tracking, and payment processing are necessary to provide the Service.
  • Consent: Analytics, cookies, tracking, and marketing communications are processed based on user consent.
  • Legitimate interests: Fraud prevention, security monitoring, and service improvement are conducted based on our legitimate interests, where these do not override user privacy rights.
  • Legal obligation: We may process data to comply with applicable laws and respond to legal processes.

AI Content and Public Access

All generative content, including outputs derived from user prompts, is public by default. Prompts are stored and linked to the resulting content. User personal information is not publicly linked to generative content.

Restrictions on Bots and Automated Access

Automated access to the Service is strictly regulated. Search engine bots are permitted to index public content. Any other automated access, including scraping for AI training, competitive analysis, or commercial purposes, is prohibited unless explicitly authorized. Violation of these rules may result in suspension or permanent restriction of access.

Data Transfers and Server Locations

All user data is stored on servers located in the United States. Users outside the United States should be aware that their data is transferred to and processed in the United States. These transfers are covered by appropriate safeguards, including Standard Contractual Clauses established through our service provider agreements, in compliance with applicable privacy laws including GDPR. Users retain their statutory privacy rights regardless of location.

Cookies and Tracking Technologies

  • We use local storage to remember user settings and preferences.
  • First-party cookies from Amplitude Analytics collect standard usage and performance metrics, including device identifiers and IP addresses.
  • Signed-in users consent to cookies and tracking as a condition of the Service. Signed-out users may manage cookie and tracking preferences via the consent banner.
  • Users may disable cookies in their browser, but some features may not function properly if cookies are blocked.

Data Retention

We retain user data only as long as necessary to provide the Service or as required by law. Account information is kept while an account is active or until the user requests deletion. Upon account deletion, we will delete personal data promptly, except where retention is required by law. Payment data is retained according to Stripe's policies and legal obligations.

For inactive accounts, we retain data for up to one year from the date of last activity. Users can request deletion of their personal data at any time by deleting their account.

User Rights

Users have the right to access, correct, delete, and port their personal data, as well as the right to object to or withdraw consent for certain types of processing. Users have the right to know what personal information is collected and shared. We do not sell data, including personal data.

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will delete it promptly.

To exercise any of these rights, please contact us at yo@golo.co. We will respond within applicable legal timeframes.

Data Security

  • Authentication is secured via Firebase.
  • Database access is restricted and regularly reviewed.
  • Payment processing is PCI-compliant through Stripe.
  • All transmissions use HTTPS/TLS encryption.

In the event of a data breach, we will notify affected users via email if their personal information is compromised, in accordance with applicable legal requirements.

Third-Party Links

The Service may include links to external websites. We are not responsible for the privacy practices or content of these sites. We encourage users to review the privacy policies of any third-party sites before providing personal information.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. We will update the "Last Updated" date to reflect the most recent version. Material changes — including changes that affect how user data is collected, used, or shared — will be communicated via email to users who have opted in to communications, or via in-app notification. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact Information

For questions, concerns, or to exercise your rights regarding personal data, please contact:

Email: yo@golo.co

Thank you!

Effective: March 15, 2026 Last Updated: March 29, 2026