Gilded Index Privacy Policy

This Privacy Policy explains how Gilded Index, LLC (“Gilded Index,” “we,” “us,” or “our”) collects, uses, and shares personal information when you use our website at gildedindex.com, our application at app.gildedindex.com, and related services (collectively, the “Service”).

This Privacy Policy is incorporated into our Terms of Service. By using the Service, you agree to the practices described here.

A note on what makes this Privacy Policy specific to Gilded Index. The Service includes a personal reflection feature. The content of your reflections is treated as private and is never aggregated, themed, summarized, or shared with employers, B2B customers, or any third party except as required by law. This is described in detail in Section 5.

1. Information we collect

1.1 Information you provide directly

• Account information — your name, email address, password, and any profile details you provide.
• Payment information — when you subscribe, your payment details are collected and processed by our payment processor, Stripe. We do not store full credit card numbers on our servers.
• Pulse Check responses and scores — your structured answers to assessment questions and the resulting scores.
• Growth Edge ratings — the optional 1–10 ratings you supply alongside reflections.
• Reflections and journal entries — free-text content you write in response to prompts or to your own initiative within the Service.
• Communications — messages you send us, support requests, and survey responses.
• Gift information — if you send a gift, recipient name and email; if you receive a gift, sender name (as provided).

1.2 Information collected automatically

• Device and usage data — your IP address, browser type, operating system, device identifiers, pages visited, and timestamps. We use this for security, debugging, and improving the Service.
• Authentication data — session tokens and login activity to keep your account secure.

1.3 Information from third parties

• Payment confirmations from Stripe.
• Storefront orders from Shopify when you purchase a physical book.

1.4 What we do not collect

• Behavioral advertising data. We do not currently use marketing pixels, ad-network trackers, or third-party analytics for behavioral targeting.
• Sensitive categories without consent. We do not knowingly collect health information, biometric data, precise geolocation, or other categories defined as “sensitive” under applicable state law.
• Information from children under 18. The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18.

2. How we use information

We use the information we collect to:

• Provide and operate the Service — authenticate you, deliver subscriptions, process payments, run assessments, store your reflections and ratings, generate your benchmarks and Index Reports.
• Personalize your experience — surface relevant prompts, recommend books from our curated catalog, and tailor your benchmark comparisons.
• Communicate with you — send transactional emails (account notifications, payment receipts, assessment reminders), respond to your inquiries, and (with your separate consent) send product updates and newsletters.
• Improve the Service — analyze usage patterns, fix bugs, develop new features. This analysis is conducted on aggregated and de-identified data wherever possible.
• Generate aggregate insights — produce cohort reports for B2B customers (subject to the rules in Sections 5 and 6), benchmarks, and anonymized industry observations.
• Protect the Service and our users — detect fraud, prevent abuse, enforce our Terms, and comply with legal obligations.

3. How we share information

We share personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

3.1 Service providers (sub-processors)

We use the following third-party service providers to operate the Service. Each is bound by confidentiality and data protection obligations and may access information only as needed to provide their service to us:

We periodically review our sub-processors and may add, remove, or replace them as the Service evolves. Material changes will be reflected in an updated version of this policy.

3.2 B2B customers (cohort reports)

If you participate in a B2B firm program or a Cohort Gift program (see Section 6), Gilded Index may share aggregated, anonymized data about your cohort with the B2B customer or gift sender, subject to the cohort minimums described in Section 6.3.

The content of your reflections is never included in cohort reports. Only your Pulse Check scores and Growth Edge ratings contribute to aggregate outputs, and only when you have not opted out of cohort participation.

3.3 Aggregate and de-identified data

We may use aggregated and de-identified data — data that cannot reasonably be linked back to you — to publish research, marketing content, benchmarks, and industry insights. Aggregated data of this kind will not include the content of your reflections.

3.4 Legal and safety

We may disclose information when we have a good-faith belief that disclosure is necessary to:

• Comply with applicable law, court order, subpoena, or government request
• Enforce our Terms of Service or other agreements
• Detect, prevent, or investigate fraud, security, or technical issues
• Protect the rights, property, or safety of Gilded Index, our Members, or the public

3.5 Business transfers

If Gilded Index is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy that result.

3.6 With your consent

We may share your information for any other purpose with your consent.

4. Cookies and tracking technologies

We use a small number of essential cookies to operate the Service — primarily to keep you logged in and to remember your preferences. We do not currently use:

• Third-party advertising or marketing cookies
• Cross-site behavioral tracking pixels (Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, etc.)
• Third-party analytics that build behavioral profiles

If we add analytics or advertising cookies in the future, we will update this Privacy Policy and provide appropriate notice and (where required) consent controls.

You can control cookies through your browser settings. Blocking essential cookies may impair Service functionality.

5. Your reflections — a specific privacy commitment

This section describes how we handle the content of reflections, journal entries, and free-text responses. It is one of the most important sections of this Privacy Policy.

5.1 What “reflection content” means

“Reflection content” refers to any free-text you write through the Service — your reflections, journal entries, and free-form responses to prompts. It does not include structured data such as Pulse Check scores or Growth Edge ratings.

5.2 What we do with reflection content

• We store your reflection content in our database so you can access it.
• We do not theme it, summarize it, extract patterns from it, or analyze it for any purpose visible to anyone other than you, except as required by law.
• We do not share the content of your reflections with employers, B2B customers, gift senders, or any third party except as required by law.
• We do not include reflection content in aggregate reports, cohort reports, Index Reports, benchmarks, or any other output generated for B2B customers or any party other than you.
• Authorized Gilded Index personnel may access reflection content only as needed to support the Service (such as troubleshooting a technical issue you report). All such access is logged.

5.3 What this means in practice

If you participate in a B2B cohort program, your employer or firm will receive cohort reports that include aggregated Pulse Check scores and Growth Edge ratings — but not the content of your reflections. This is true regardless of whether you opted in or out of cohort participation: reflection content is never shared either way.

5.4 Changes to this commitment

This commitment is also reflected in our Terms of Service (Section 4.4). If we ever propose to change it, we will give you advance notice and an opportunity to delete reflections you do not want retained under any new policy.

6. Cohort reports and gift recipient consent

6.1 B2B Members

If your Gilded Index account was provided through a B2B firm program (your employer or another firm purchased a subscription that includes you), you are a B2B Member. Your participation in cohort reporting is governed by the agreement between Gilded Index and the B2B customer.

You may opt out of cohort participation at any time through your account settings. Opting out means your Pulse Check scores and Growth Edge ratings will not be included in any aggregate report visible to your B2B customer. Your access to the Service is not affected by opting out of cohort participation.

6.2 Gift recipients

If you received Gilded Index as a gift:

• For an Individual Gift, you are a B2C Member with no cohort flow. The gift sender does not receive any reports about your use of the Service.
• For a Cohort Gift, you are asked at activation whether to opt in to the cohort program. If you opt in, your aggregated scores and ratings contribute to the cohort report visible to the gift sender. If you decline, you use the Service as a personal Member with no cohort flow. The gift is delivered to you either way.

You may change your cohort participation choice at any time in your account settings.

6.3 Minimum cohort sizes

To prevent re-identification in small groups, Index Reports are generated only when all three thresholds are met:

1. Eight (8) or more valid (non-N/A) responses within the cohort and reporting window
2. At least sixty percent (60%) participation of enrolled cohort members
3. At least fifteen (15) enrolled cohort members in total

Cohorts that do not meet these thresholds do not produce reports. This is a technical control, not just a policy.

7. Data retention

We retain your information for as long as your account is active and for one (1) year after your account is deleted, unless a shorter period is required by law or a longer period is necessary for one of the following reasons:

• Legal obligations (e.g., tax records, regulatory requirements)
• Dispute resolution (e.g., an ongoing claim or investigation)
• Security and fraud prevention
• Aggregated and de-identified data, which may be retained indefinitely because it can no longer be linked back to you

You may request deletion of your data at any time (see Section 8). When you delete your account, we will:

1. Remove your personal information from active systems within thirty (30) days
2. Retain backup copies for up to one (1) year for disaster recovery, after which they are permanently deleted
3. Retain aggregated and de-identified data indefinitely (it cannot be linked back to you)
4. Reflection content is fully deleted as part of this process and is not retained in any aggregated form

8. Your rights and choices

8.1 Rights available to all Members

Regardless of where you live in the United States, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Delete your account and personal information (subject to the retention exceptions in Section 7)
• Export your data in a portable format
• Opt out of cohort participation if you are a B2B Member or Cohort Gift recipient
• Unsubscribe from marketing emails at any time using the unsubscribe link in those emails

To exercise any of these rights, email hello@gildedindex.com with your request. We will respond within thirty (30) days. We may verify your identity before fulfilling a request to protect against unauthorized access.

8.2 California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what personal information we collect, use, disclose, and (if applicable) sell or share
• Right to delete personal information we have collected from you
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising, so this right is not currently applicable, but we will offer an opt-out mechanism if this changes
• Right to limit the use of sensitive personal information — we do not currently process sensitive personal information for purposes that require this opt-out
• Right to non-discrimination for exercising your privacy rights

To exercise your California rights, email hello@gildedindex.com. You may also designate an authorized agent to make requests on your behalf, subject to identity verification.

8.3 Other state-specific rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have rights similar to those described above. We honor these rights consistently across all U.S. states. Email hello@gildedindex.com with any request.

8.4 Automated processing and profiling

The Service uses automated processing in limited ways: to score your Pulse Check responses, to compute your individual benchmarks, and to aggregate Growth Edge ratings and scores into cohort-level reports.

We do not use automated processing to make decisions that produce legal or similarly significant effects about you as an individual. Pulse Check scores and Growth Edge ratings are tools for your own self-reflection. Outputs delivered to B2B customers and gift senders are aggregate and cohort-level only, never individual, and never include the content of your reflections (see Section 5). Where a B2B customer is involved, our contracts prohibit the customer from using any Service output as the basis for an individual employment decision such as hiring, promotion, compensation, discipline, or termination.

We do not use automated processing for behavioral advertising or to build advertising profiles (see Section 4).

If you are a California resident, you may have rights regarding automated decisionmaking technology and profiling as those regulations take effect under the California Privacy Rights Act, including the right to access information about, and in certain cases opt out of, such processing. To exercise any such right, or to ask how automated processing applies to you, email hello@gildedindex.com. We will honor applicable rights consistently for all U.S. Members.

9. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit, access controls, and audit logging.

No system is perfectly secure. While we take security seriously, we cannot guarantee that unauthorized access or breach will never occur. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable state breach notification laws.

To protect your own account, please use a strong, unique password and notify us promptly at hello@gildedindex.com if you suspect unauthorized access to your account.

10. Children’s privacy

The Service is not intended for and not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it. If you believe a person under 18 has provided us information, please email hello@gildedindex.com.

11. International users

The Service is intended for users located in the United States. We do not currently offer the Service outside the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States, which may have different data protection laws than your home country.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service at least thirty (30) days before the changes take effect. The “Last Updated” date at the top of this policy will always reflect the most recent version.

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

13. Contact

Questions, requests, or concerns about this Privacy Policy or our privacy practices?

Email: hello@gildedindex.com

Mail: