Privacy Policy

1. Introduction

This Privacy Policy explains how Good Thinking (finn@goodthinking.solutions) handles personal data when you interact with our services. Good Thinking operates under two domains:

• goodthinking.solutions — AI chatbot and automation services deployed for client businesses
• goodthinking.studio — our portfolio and studio site

Our chatbots appear either on our own website or on websites operated by businesses we work with ("Client Business"). Our chatbot technology is built using the ChatBase.co platform.

Important: All conversations with our chatbots are saved. Transcripts are sent to staff daily and may be read by human team members.

2. Who Controls Your Data

For chatbots on Client Business websites

Good Thinking operates as the Data Controller for the technical processing and storage of your chat data. The Client Business is also a Data Controller for how they use the information you provide in conversations. This means:

• Good Thinking controls the chatbot platform, stores transcripts, and manages data retention
• The Client Business receives daily transcript reports and uses the information to respond to your queries
• ChatBase.co is our Data Processor, providing the technical infrastructure

For chatbots on the Good Thinking website

Good Thinking is the sole Data Controller. ChatBase.co is our Data Processor.

Our registered details

3. What Data We Collect and How It's Used

Chat Transcripts

What: Every message you send in a conversation with the chatbot.
How it's used: Transcripts are automatically sent to relevant staff members in daily email reports.
Who sees it: Staff members at the relevant organisation may read your conversation.

Please do not share sensitive information such as health conditions, financial details, or passwords in chatbot conversations.

Contact Information (Optional)

What: Name, email address, or phone number that you voluntarily provide.
When: The chatbot may ask whether you'd like to leave your contact details for the team to follow up.
How it's used: Passed to the Client Business so they can respond to your enquiry. Included in the chat transcript.

Technical Information

What: IP address, browser type, approximate location, timestamp.
How it's used: For chatbot functionality, security, and troubleshooting.
Who collects it: ChatBase.co automatically collects this data.

Automation and Workflow Projects

Where Good Thinking builds automated workflows, integrations, or data pipelines on behalf of a Client Business, personal data may be processed as part of those automations — for example, contact records passed between systems, form submissions routed to CRM platforms, or AI-generated responses triggered by customer activity.

In these cases, Good Thinking acts as a Data Processor on behalf of the Client Business (the Data Controller). The specific data processed, its purpose, and retention will be documented in the relevant data processing agreement with that client. If you have questions about data processed through an automated workflow built by Good Thinking, please contact the Client Business directly or reach us at finn@goodthinking.solutions.

Legal Basis

We process your data based on legitimate interests: providing customer service, responding to enquiries, and improving our chatbot services.

4. How Long We Keep Your Data

Standard retention: All chat transcripts and related data are kept for one year from the date of your conversation, then securely deleted.

Early deletion: If you request deletion of your data, we will remove it within 30 days (see Section 7). Deletion is handled manually by Good Thinking.

5. Who We Share Your Data With

We share your chat data with:

• The Client Business whose website you're using (they receive daily transcript emails)
• ChatBase.co (our technical platform provider, acting as Data Processor)
• Third-party AI API providers (such as OpenAI or Anthropic) where they are used to power chatbot or automation features — these providers act as sub-processors and handle data under their own GDPR-compliant terms

We do not:

• Sell your data to third parties
• Use your data to train general AI models
• Share your data for marketing purposes (except as described in Section 8)

6. Data Storage and Security

Where Data is Stored

Data is stored on ChatBase.co's secure servers, which may be located in the United States or Canada.

Security Measures

• Encryption at rest (AES-256)
• Encryption in transit (TLS 1.2+)
• Access controls limiting who can view data
• ChatBase.co complies with GDPR and SOC 2 standards

International Transfers

Personal data transferred outside the UK/EEA is protected by Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office.

Data Processing Agreement

Good Thinking has a Data Processing Agreement with ChatBase.co to ensure GDPR-compliant handling of all personal data.

Data Breach Notification

If ChatBase.co notifies us of any data breach affecting chatbot data, we will inform affected Client Businesses immediately and cooperate fully to meet legal notification requirements.

7. Your Data Protection Rights

You have the following rights under UK data protection law:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Ask us to limit how your data is used
• Objection: Object to our processing of your data
• Portability: Request your data in a portable format

How to Exercise Your Rights

For chatbots on Client Business websites or automation workflows: contact Good Thinking at finn@goodthinking.solutions. We will action your request and inform the relevant Client Business.

We will respond to your request within 30 days. If you object to our processing of your data, we will stop processing unless we have compelling legitimate grounds to continue (which we will explain to you).

Making a Complaint

If you're unhappy with how we've handled your data, you can complain to the UK Information Commissioner's Office:

• Website: ico.org.uk
• Helpline: 0303 123 1113

8. Cookies and Tracking

The chatbots use ChatBase.co technology, which may place cookies on your device for:

• Essential functionality
• Security
• Analytics
• User preferences
• Limited marketing analysis (not for third-party advertising)

You can control cookie preferences using the "Cookie Preferences" link in the chat interface or your browser settings. For full details, see the ChatBase Cookie Policy.

9. Children's Privacy

Our chatbot services are not intended for anyone under 16 years of age. We do not knowingly collect data from children. If you believe a child has used our chatbot, please contact finn@goodthinking.solutions immediately and we will delete their data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new effective date. We encourage you to review this policy periodically.

11. Contact Us

For any questions about this policy or to exercise your data protection rights: