LegalPrivacy Policy

Gabie Privacy Policy

Privacy Policy

Last updated: March 19, 2026

At a glance

Gabie is a B2B software platform for billboard and out-of-home operators. In most cases, the operator that uses Gabie controls the CRM, inventory, advertiser, and campaign data in its workspace. Gabie hosts and processes that data to provide the service.

We use personal information to run the platform, secure accounts, power AI features, support Scout outreach, process bookings, and improve product performance. We use minimal cookies, do not use third-party ad tracking, and do not store payment card numbers. We do not sell personal information or share it for cross-context behavioral advertising.

1. Scope

This Privacy Policy explains how CGL (Corporation for Good Living) ("CGL," "Gabie," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use gabie.ai, Gabie workspaces, operator customer portals, Scout SDR, Creative Studio, Gabie Chat, support services, and other related products and services (together, the "Service").

This Policy applies to information we process about:

  • operators and their staff who use Gabie;
  • advertisers and other end users who access an operator's customer portal;
  • prospects and business contacts processed through Scout outreach workflows;
  • website visitors, support contacts, billing contacts, and others who interact directly with CGL.

This Policy does not replace any privacy policy or notice provided by a Gabie operator to its own advertisers, prospects, customers, or staff. If your information is in an operator's workspace, that operator may also have its own privacy obligations and disclosures.

2. Who controls the data

Operator-controlled data

For most CRM, inventory, advertiser, campaign, and Scout outreach data stored in a Gabie workspace, the billboard operator is the data controller (or, under California law, the business). Gabie acts as the operator's processor, service provider, or contractor. That means the operator decides what data goes into the workspace, who can access it, how it is used, and how long it should be kept.

Gabie-controlled data

CGL is the controller or business for information we collect directly about our own relationship with you, such as account administration, billing contacts, support requests, website activity, security logs, and direct communications with us.

If you are an advertiser, portal user, or Scout contact

If your data is processed inside an operator's workspace or outreach campaign, the operator is usually the best first point of contact for privacy requests about that data. Gabie may help the operator respond, but we do so on the operator's instructions.

3. Information we collect

Information operators provide to us

  • Account information: name, work email, phone number, company name, user role, and password in hashed form.
  • Inventory information: structure addresses, GPS coordinates, face dimensions, rates, traffic counts, lease dates, tenant names, and photos.
  • CRM and workflow data: business accounts, contacts, deal stages, notes, tasks, meeting logs, reminders, and related records.
  • Creative content: uploaded images, creative briefs, campaign assets, and AI-generated billboard artwork.
  • Support and implementation data: onboarding materials, support requests, emails, and files shared with us.

Information advertisers and portal users provide or generate

  • Account and contact details: name, email, company, and phone number.
  • Portal and booking activity: boards viewed, holds placed, campaigns booked, creative submitted, messages sent through the portal, and other workflow actions.
  • Limited payment-related information: transaction status and related billing metadata from our payment processor. We do not store full payment card numbers or card security codes.

Scout prospect and outreach data

Scout may process publicly available business information sourced from business listings, public directories, websites, and similar sources, including:

  • business name, address, industry, website, and location context;
  • publicly listed contact names, email addresses, phone numbers, and job titles;
  • outreach sequences, delivery events, opens or replies where available, unsubscribe signals, and reply classifications such as interested, not interested, or objection.

Information collected automatically

  • Usage data: login events, feature usage, page views, timestamps, workspace activity, and session data.
  • Technical data: IP address, browser type, device information, operating system, referral URLs, and error logs.
  • Security data: authentication events, access logs, fraud and abuse signals, and audit trails.

Information from third parties

We may receive information from operators, public business data sources used for Scout, mapping and geocoding providers, identity and email delivery providers, and payment processors. We may also derive information from existing records, such as lead status, reply classification, or other workflow labels.

4. How we use information

We use personal information to:

  • provide, host, maintain, and improve the Service;
  • authenticate users, manage permissions, and secure accounts;
  • store and organize inventory, CRM, booking, and creative data;
  • power operator customer portals and related workflows;
  • run Scout outreach workflows on behalf of operators;
  • process advertiser replies, unsubscribe requests, and suppression lists;
  • generate AI-assisted chat responses and creative outputs;
  • provide support, onboarding, training, and account administration;
  • monitor performance, diagnose bugs, prevent fraud, and enforce our agreements;
  • comply with legal obligations and protect the rights, safety, and security of Gabie, our customers, and others.

We may also use aggregated or de-identified information that does not reasonably identify a person to analyze usage, improve the product, measure performance, and develop reports or statistics.

5. AI features

Gabie includes AI features such as Gabie Chat and Creative Studio. When you use these features, we may send prompts, selected workspace context, uploaded files, and outputs to third-party AI providers such as OpenAI and Anthropic so the feature can work.

We use business-oriented API or enterprise services for this processing. Under our agreements with these providers, operator data sent for AI processing is not used to train their public models. We may store prompts, outputs, and related metadata in your workspace to provide history, improve reliability, investigate abuse, and support the feature.

AI output can be incomplete or wrong. Operators remain responsible for reviewing generated content before using it in outreach, campaigns, or public-facing materials.

6. Scout SDR

Scout is an AI-assisted outreach tool that helps operators find and contact nearby businesses. Scout is used on behalf of the operator, not on Gabie's own behalf.

  • The operator controls the targeting, sender identity, campaign rules, message approvals, and whether human review is required.
  • Scout may send outreach using the operator's selected email domain or sender configuration.
  • Gabie may process responses, apply automated labels, maintain delivery logs, and keep suppression records needed to honor opt-outs.

The operator is responsible for complying with CAN-SPAM and other applicable outreach, privacy, and anti-spam laws. That includes responsibility for lawful targeting, required consent where applicable, unsubscribe handling, sender identification, required disclosures, and any required physical mailing address or notice in outbound messages.

If you receive Scout outreach and do not want further contact, use the unsubscribe method provided in the message or contact the sender identified in the email. Gabie may retain limited suppression data so that opt-out preferences continue to be respected.

7. Camera System (coming soon)

The Camera System is not generally available yet. When launched, it is intended to support on-device vehicle counting and classification for billboard measurement workflows.

The Camera System is designed with privacy by architecture. Video frames are processed on the device and deleted on the device. Gabie does not store or transmit raw video as part of the core counting workflow. The intended output is structured count data only, such as vehicle type, timestamp, and direction.

Customers deploying cameras are responsible for site-level compliance obligations that may apply to their own installation, including any required signage, notice, or local legal review.

8. How we disclose information

We may disclose personal information in the following circumstances:

  • Within an operator's workspace: to users authorized by that operator.
  • Service providers and subprocessors: such as hosting, database, authentication, AI, geocoding, mapping, email delivery, analytics, security, support, and payment processing vendors. Examples include Supabase, Vercel, OpenAI, Anthropic, Google Maps, email delivery providers, and payment processors.
  • At the operator's direction: when an operator uses integrations, exports data, invites portal users, or instructs us to send outreach or share data with a third party.
  • Legal and safety reasons: if required by law, subpoena, court order, or where reasonably necessary to protect rights, safety, security, or investigate fraud or abuse.
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to standard confidentiality protections.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use third-party advertising cookies or tracking pixels on the Service.

9. Cookies and similar technologies

We use minimal cookies and similar storage technologies, mainly to keep users signed in, maintain sessions, remember preferences, protect accounts, and support core product functionality. We may also use limited first-party analytics or server-side logs to understand performance and usage.

We do not use third-party advertising cookies or similar tools for cross-site ad tracking. If you block essential cookies in your browser, some parts of the Service may not work properly.

10. Data retention

We keep personal information for as long as reasonably necessary to provide the Service, maintain the operator account, comply with law, resolve disputes, prevent fraud, and enforce our agreements.

  • Active workspace data: generally retained while the operator account remains active.
  • Deleted or closed accounts: we typically delete or anonymize data from active systems within 30 days after a verified request or account closure, unless a longer period is required for legal, security, or operational reasons.
  • Backups: backup copies may persist for up to 90 days before being overwritten or deleted on our normal backup cycle.
  • Scout suppression records: we may retain limited unsubscribe or suppression information longer so we can continue honoring opt-out requests and document compliance.

When we process information solely on behalf of an operator, we retain and delete that information according to the operator's instructions and our contract with the operator.

11. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These safeguards include encryption in transit using TLS, encryption at rest, hashed passwords, role-based access controls, least-privilege access, logging and monitoring, and vendor access management.

No system is perfectly secure, and we cannot guarantee absolute security. We are continuing to mature our security and compliance program and may pursue additional independent assessments or certifications, including SOC 2, over time. Unless we expressly say otherwise, Gabie is not currently representing that it has completed SOC 2 certification.

12. Your rights and choices

Operators

Operators can usually access, update, export, or delete core workspace data through the product or by contacting us. Gabie currently supports CSV export for core data portability workflows. Operators can also manage user access, roles, and portal permissions within their workspace.

Advertisers, portal users, and Scout contacts

If your information sits inside an operator's workspace, that operator is usually the right place to send your request. This includes most booking records, campaign submissions, CRM entries, and Scout outreach records. Gabie may assist the operator in responding to your request.

Direct requests to Gabie

For information that CGL controls directly, you can contact us at hello@gabie.ai. Please include enough information for us to understand your request and verify your identity if needed. We may ask for additional information where necessary to confirm the requestor's authority.

Marketing communications

You can opt out of non-essential marketing emails from CGL by using the unsubscribe link in the email. Opting out of CGL marketing emails will not stop service-related, security, billing, or account messages.

Other U.S. state privacy rights

Residents of certain U.S. states may have additional rights under applicable privacy laws, including rights to access, delete, correct, or receive a portable copy of personal information, and in some states appeal rights. Contact us at hello@gabie.ai, and we will handle your request in line with applicable law and our role in the processing.

13. California privacy disclosures

This section applies to California residents to the extent the California Consumer Privacy Act, as amended ("CCPA"), applies to the processing. It describes the categories of personal information we collected in the 12 months before the "Last updated" date above, the sources of that information, the purposes for which we used it, and the categories of third parties to whom we disclosed it for business purposes.

Category Examples Sources Business purposes Disclosed to
Identifiers and contact information Name, email, phone, company, account username, business address, public business contact details used for Scout Operators, advertisers, public sources, website or product use Accounts, portal access, communications, outreach workflows, support, billing Service providers, operator-authorized users, email delivery and payment providers
Commercial and account records Inventory details, rates, traffic counts, lease dates, bookings, holds, transaction metadata, notes, tasks, meeting logs Operators, advertisers, payment processors, public sources used by operators Running the platform, CRM, booking workflows, reporting, billing, support Service providers, operator-authorized users, payment processors
Internet or network activity IP address, browser type, logins, feature usage, session data, error logs Browsers, devices, and our systems Security, authentication, analytics, troubleshooting, product improvement Hosting, infrastructure, analytics, and security providers
Geolocation or location-related information Structure addresses, GPS coordinates, approximate location inferred from IP where applicable Operators, devices, mapping tools Inventory management, mapping, geocoding, territory analysis, Scout workflows Service providers, mapping providers, operator-authorized users
Professional or employment-related information Job title, employer, business affiliation Operators, advertisers, public business sources CRM records, outreach, account management, support Service providers, operator-authorized users, email delivery providers
Audio, electronic, visual, or similar information Billboard photos, uploaded images, creative submissions, AI-generated artwork, support attachments Operators, advertisers, portal users Creative workflows, campaign management, support, product functionality Storage, hosting, AI providers where used, operator-authorized users
Inferences or classifications Lead status, reply classification, workflow recommendations, suppression status Derived from user actions, replies, and existing records Triage, workflow automation, customer support, product functionality Service providers, AI providers where used, operator-authorized users
Sensitive personal information (limited) Account credentials in hashed form and, in limited cases, precise location data relevant to structures or users Operators, users, devices, our systems Account security, authentication, service delivery, fraud prevention Authentication, hosting, infrastructure, and security providers

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We also do not knowingly use or disclose sensitive personal information for purposes that would require us to offer a separate right to limit beyond what California law permits for service delivery, security, fraud prevention, and similar operational purposes.

California rights

California residents may have the right to:

  • know what personal information we collected, used, disclosed, sold, or shared about them;
  • request deletion of personal information, subject to legal exceptions;
  • request correction of inaccurate personal information;
  • receive a portable copy of certain personal information;
  • opt out of sale or sharing, if a business engages in those activities;
  • receive equal service and pricing even if they exercise their privacy rights.

California residents may also use an authorized agent to submit a request on their behalf, subject to identity and authorization verification requirements.

How to submit a California request

Email us at hello@gabie.ai with the subject line Privacy Request. Because Gabie operates online, email is our designated method for privacy requests. If your request relates to data controlled by an operator, we may direct you to that operator or forward the request to the operator as appropriate.

14. International users

Gabie is based in the United States and is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

We do not make jurisdiction-specific commitments in this Policy beyond what is stated here, but we are willing to work with international customers that need additional contractual privacy terms for cross-border data transfers or vendor due diligence.

15. Children

Gabie is a business product. It is not directed to children, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us at hello@gabie.ai so we can review and delete it if appropriate.

16. Changes to this Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide notice by email to our operator customers and may also provide notice in the Service or on this page. The "Last updated" date above shows when this Policy was last revised.

17. Contact us

Gabie is operated by CGL (Corporation for Good Living).

Email: hello@gabie.ai

If you are contacting us about an operator workspace, please include the name of the operator so we can route your request correctly.

This Policy is intended to explain our data practices in plain language. It does not replace any customer contract, data processing addendum, or other agreement between CGL and an operator.