SECURITY · PRIVACY

Security & Privacy Statement

How GEDO.AI collects, uses, stores and protects your information, the control you keep over your data, and where our responsibility begins and ends during the beta.

Version v1.1 (Beta)Last updated: 2026-07-12Effective: 2026-07-12

At Gedo, privacy isn’t a feature bolted on afterwards — it’s a design premise. We believe the memories, goals and conversations you record belong to you; our job is to keep them safe and let you view, export and delete them at any time.

This statement applies to the GEDO.AI website, app and related services (the “Service”). The Service is currently in invite-only beta, and some security capabilities are still being built. We choose to describe the real state of things here rather than make promises we can’t keep.

01

Who we are & scope

The Service is operated by GEDO PTE. LTD., a technology company registered in Singapore (“we”, “us”, or “GEDO”), which acts as the controller of your personal data.

This statement covers how we collect, use, store, share and delete personal data when you use the Service. It is a product-level statement; where the law requires it, we will separately provide a formal Privacy Policy and Terms of Service.

02

Information we collect

We follow a principle of minimal collection — gathering only what the Service needs to work:

  • Account information: the email, display name and avatar you register with, plus your membership and subscription status.
  • Content you create or import: memories, goals, plans, tasks, conversations, and the chat exports, documents and web content you bring in via Sources — the heart of the Service, all provided by you.
  • Necessary technical data: login state, basic device and browser information, and limited operational logs needed to run and secure the Service.
  • We do not quietly collect your contacts, location history or cross-site behavioural profiles unrelated to the product.
03

How we use information

We use the information above only to:

  • Provide and maintain the core Service — memory storage and recall, goal planning and AI conversation.
  • Personalise recall, insights and suggestions based on your own data.
  • With your separate, explicit consent — and only then — train your personal twin model or improve GEDO's own models. Both are off by default; see “Model training & your consent” below.
  • Keep your account and data secure, troubleshoot issues, and prevent abuse and fraud.
  • Communicate product updates and important notices, where you have agreed to receive them.
  • We do not use your personal content for advertising, and we do not sell or rent it to third parties for marketing.
04

AI processing & third-party model providers

The Service’s conversations and some intelligent features rely on large language models. To provide them, your conversation content and related context — including content queued for memory extraction and source imports — are sent, at the moment you make a request, to third-party model providers (such as Anthropic and OpenAI) for inference, and the results are returned to you.

These providers act as our subprocessors and process the data only on our instructions to complete that request. Under their developer-facing terms, content submitted via their APIs is not used to train their general-purpose models by default.

Vector embeddings for semantic search are computed within our own environment, and some extraction tasks run there first, falling back to third-party providers only when needed. We continuously assess each provider’s security and compliance, and reserve the right to change providers when needed.

05

Model training & your consent

By default, nothing you create is ever used to train models — that is the factory setting, and we will not change it for you. The following two capabilities are optional, off by default, independent of each other, and revocable at any time:

  • Twin model training (coming soon): after you sign a separate training consent, we train a personal twin model on the samples you approved — processed only on GEDO’s own infrastructure, never sent to third-party AI providers, and never merged into any general-purpose model.
  • Help improve GEDO (coming soon): when enabled, your conversations may be used to compare, evaluate and improve GEDO’s own models — on GEDO’s own servers. You can switch it off at any time.
  • Revoke = physical deletion: withdraw your training consent at any time, and the corresponding training data and any trained personal model are physically deleted, beyond recovery.

In short: no consent, no training; with consent, only on our own compute; change your mind, and it’s gone for good.

06

Storage & security measures

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption in transit: all traffic between you and the Service is encrypted over HTTPS/TLS.
  • Per-user storage: during the beta, your data is stored per-user in the cloud and isolated behind account authentication.
  • Access control: only authorised services access data, within the scope required to deliver a feature; internal access follows the principle of least privilege.
  • An honest note on encryption at rest: at-rest encryption of storage media and independent key management are still planned and not yet fully enabled in the beta. We won’t dress this up with phrases like “military-grade encryption”.

No system can be perfectly secure. We keep hardening our security, and we describe today’s limits honestly in the Disclaimer below.

07

Your control over your data

Your data is yours to command. The Service gives you these self-service controls, available at any time:

  • One-click export: export your memories, goals and conversations as a portable .gmp memory pack, to take anywhere.
  • Hard delete: delete any single memory, or wipe your entire account. We don’t soft-delete, and we keep no hidden backups afterwards.
  • Pause memory: pause long-term memory with one switch; the AI immediately stops recalling and stops learning from new conversations.
  • Per-item AI exclusion: mark any single memory invisible to the AI — you decide what it gets to see.
  • Confirm before saving: candidate memories the AI extracts from conversations or imported sources are only written to your memory after you confirm each one.
  • Outbound access is your call: what your digital persona exposes, and the access tokens for your personal memory endpoint (scoped, revocable, audit-logged), stay fully under your control. Carrying your memory into a third-party AI is your act of data sovereignty — we never share it on our own.
08

Data retention & deletion

While you use the Service, we retain the content you create so we can keep serving you. When you delete a piece of data or close your account, that data is hard-deleted.

Because of operational logs and routine backup cycles, incidental technical copies may briefly remain in rolling logs and are cleared automatically on their cycle; we won’t use this as an excuse to retain your deleted personal content long-term.

09

What we will never do

Some lines are fixed from day one:

  • We will never sell or rent your personal data.
  • We will never use your private content to train our own or any third party’s general-purpose models.
  • We will never run hidden behavioural surveillance or cross-site tracking beyond the product.
  • We will never make privacy-surrendering choices for you “on by default”.
  • We will never train any model on your content without your separate consent — including your own twin model.
10

Cookies & local storage

We use necessary cookies and browser local storage to keep you signed in, remember interface preferences (such as language and theme) and maintain basic security. We do not use third-party marketing cookies for cross-site ad tracking. You can clear this data in your browser settings, though it may affect sign-in and some features.

11

International transfers & compliance

GEDO is registered in Singapore and serves users worldwide, so your data may be stored or processed outside your region (including where our cloud and model providers operate).

By design, we align with the core principles of GDPR, CCPA and other major privacy frameworks — notice, minimisation, access, portability and deletion. If the law in your region grants you rights to access, correct, export or delete your personal data, you can exercise them via the contact below.

12

Children’s privacy

The Service is not directed to children under 14. If you are under 18, please use it with the consent and guidance of a parent or guardian. If we learn we have collected a child’s personal information without guardian consent, we will delete it promptly.

13

Changes to this statement

As the product evolves and our security matures, we may update this statement from time to time. Material changes will be reflected on this page, with the “Last updated” date at the top. Continuing to use the Service means you are aware of the updated content.

14

Contact us

If you have any questions about this statement, or wish to exercise your data rights — access, export, correction or deletion — please reach us:

  • Privacy & data requests: support@gedo.ai
  • General enquiries: info@gedo.ai
  • Company address: 160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914
15

Disclaimer

The Service is currently in invite-only beta and is provided on an “as is” and “as available” basis. We make reasonable efforts to keep it available and secure, but we do not guarantee it will be uninterrupted, error-free or absolutely secure.

As noted above, at-rest encryption, independent key management, comprehensive auditing and finer-grained retention policies are still being built. Until these are fully in place, please use your own judgement before entering highly sensitive information (such as ID documents, bank card numbers or other people’s private data).

Keeping your account credentials safe is your responsibility. To the extent permitted by law, we are not liable for exposure resulting from your own sharing, public publishing (for example, making a digital persona public) or a third party obtaining your credentials without authorisation.

The Service relies on third-party infrastructure and model providers whose own terms and privacy policies are independent of this statement. For issues caused by third parties, we will help address them but will not assume liability beyond our own fault.

To the maximum extent permitted by law, we are not liable for indirect, incidental or consequential losses arising from your use of, or inability to use, the Service. Nothing here excludes or limits liability that cannot be excluded under applicable law. Where this statement conflicts with mandatory law in your region, that law prevails.

This is a product-level security and privacy statement and does not constitute legal advice. At general availability we will provide a legally binding Privacy Policy and Terms of Service.

We know trust is hard-earned. Every line above is a commitment we are willing to be held to.

Issued by
GEDO PTE. LTD.
Registered technology company
160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914
Privacy & data: support@gedo.ai
Signed: 12 July 2026