Custom GPT Privacy Policy
Last Updated: April 30, 2026
Plain-English summary: GDK Digital Custom GPTs help users analyze business documents and produce work outputs. We use information only to provide, secure, support, and improve the requested workflow. We do not sell user data. Some data may be processed by OpenAI, Google, hosting providers, or other service providers depending on the GPT features you use.
Table of Contents
- 1. Scope
- 2. Platform Roles
- 3. Information We Collect
- 4. Uploaded Files and Job Documents
- 5. Google Drive and Connected Apps
- 6. GPT Actions and APIs
- 7. How We Use Information
- 8. Sharing and Service Providers
- 9. Retention
- 10. Security
- 11. Your Choices and Rights
- 12. Children's Privacy
- 13. AI Output Limitations
- 14. Changes
- 15. Contact
1. Scope
This policy applies to Custom GPTs, GPT Actions, connected-app workflows, and AI-assisted business tools operated or configured by GDK Digital LLC, including GPTs built for estimating, scope clarification, document review, job handoff, product research, and similar business workflows.
This policy supplements the general GDK Digital Privacy Policy. If a specific GPT or service has a product-specific policy, the product-specific policy controls for that service.
OpenAI, Google, and other third-party services may process your information under their own policies when you use ChatGPT, connected apps, OAuth, Google Drive, or external APIs.
2. Platform Roles
| Surface | What it does | Who controls it |
|---|---|---|
| ChatGPT conversation | Processes prompts, uploaded files, and GPT responses inside ChatGPT. | OpenAI controls ChatGPT platform processing under OpenAI policies. |
| GDK Digital Custom GPT instructions and knowledge | Defines the GPT behavior, reference material, workflow rules, and source documents loaded by the builder. | GDK Digital controls builder-provided configuration and knowledge files. |
| Connected apps such as Google Drive | Allows the GPT to read, search, create, or update user-authorized files depending on the connection and permission scope. | The connected app provider and the user-authorized account control access permissions. |
| GPT Actions or private APIs | Allows ChatGPT to send relevant request data to a GDK Digital endpoint or approved third-party endpoint to retrieve, calculate, save, or export data. | GDK Digital controls GDK-operated endpoints. Third parties control their own endpoints. |
3. Information We Collect
3.1 Information you provide
- Prompts, instructions, questions, corrections, and workflow requests you enter into the GPT.
- Uploaded files, pasted text, images, spreadsheets, PDFs, contracts, proposals, measurement reports, pricing sheets, product guides, scope notes, and job packets you provide.
- Business contact details if you submit a form, request support, or create an account outside ChatGPT.
- Job-specific information such as customer names, property addresses, project scope, measurements, product selections, colors, warranty selections, crew notes, and pricing or margin inputs when you provide them.
3.2 Information generated by the GPT or actions
- Scope summaries, takeoffs, ordering drafts, estimates, reports, open-question lists, quality checks, exports, and other generated outputs.
- Action request and response metadata, including timestamps, endpoint names, request IDs, error logs, and technical diagnostics.
- Saved job records or export files when a GPT or action explicitly saves, writes, or exports data.
3.3 Automatically collected technical information
- IP address, browser, device, timestamp, referring page, and server log data when you use GDK Digital websites or GDK-operated APIs.
- Security, fraud-prevention, rate-limit, and error information needed to operate and protect the service.
4. Uploaded Files and Job Documents
Custom GPT workflows often depend on user-provided documents. These may include contracts, sales sheets, EagleView or Hover reports, supplier sheets, labor sheets, window quotes, job photos, drawings, and internal operating documents.
- We use these documents to complete the workflow you request, such as analyzing scope, identifying blockers, generating summaries, building material takeoffs, or preparing ordering drafts.
- Documents uploaded directly into ChatGPT are handled by OpenAI's systems and may not be visible to GDK Digital unless they are sent to a GDK-operated action, stored in a GDK-controlled connected folder, or separately shared with us.
- Builder-provided GPT knowledge files may appear as source references or source chips in ChatGPT. Do not place proprietary material in builder knowledge if you do not want users to see file names or source references.
- Users should avoid uploading sensitive personal information unless it is necessary for the workflow.
5. Google Drive and Connected Apps
Some GPTs may use Google Drive, Google Docs, Google Sheets, or similar connected apps to retrieve or update knowledge files, pricing sheets, job documents, or research files.
- Access is limited to the permissions authorized by the connected account and the capabilities enabled in the GPT or app connection.
- We use Google user data only to provide or improve the user-facing workflow you requested, such as reading a selected folder, searching relevant documents, updating an approved spreadsheet, or writing a generated markdown file.
- We do not sell Google user data. We do not use Google user data for advertising, retargeting, credit-worthiness, lending, or unrelated profiling.
- We do not allow humans to read Google user data unless you affirmatively share it with us, it is necessary for support or security, or it is required by law.
- You can revoke connected-app access through your OpenAI or Google account settings. Revocation may stop GPT features that require that connection.
6. GPT Actions and APIs
GPT Actions connect ChatGPT to external APIs. When an action is used, ChatGPT may send relevant parts of your conversation, uploaded data, or generated output to the action endpoint so the endpoint can complete the request.
- Read-only actions may retrieve data such as crew lists, product rules, job records, or pricing tables.
- Consequential actions may create, update, save, export, email, or otherwise change data. Users may be asked to confirm those actions before they run.
- Authentication may use no authentication, API keys, OAuth, or account login depending on the GPT and endpoint.
- OAuth tokens or credentials are used only to authorize requested calls and should be stored and transmitted using reasonable security controls.
- Action responses should return structured data needed for the requested workflow, not unrelated user data.
7. How We Use Information
- Provide the requested GPT workflow, analysis, calculation, lookup, save, export, or report.
- Maintain product logic, workflow quality, source routing, and error handling.
- Support users, troubleshoot problems, debug failed actions, and respond to security issues.
- Protect systems against abuse, unauthorized access, fraud, or misuse.
- Comply with legal obligations and enforce applicable terms.
- Improve GPT instructions, schemas, templates, and product documentation using de-identified or aggregated learnings where practical.
9. Retention
| Data type | Retention approach |
|---|---|
| ChatGPT conversations and files | Handled under OpenAI's retention and workspace settings unless separately sent to or stored by GDK Digital. |
| GDK action logs | Kept only as long as reasonably needed for security, debugging, audit, and operations, unless a longer period is required by law. |
| Saved jobs and exports | Retained until deleted by the user, organization, or administrator, or until no longer needed for the service. |
| Google Drive files | Remain in the user's Google account unless a user-authorized workflow copies, updates, or exports them to another location. |
| Support communications | Retained as needed to answer requests, maintain service records, and resolve disputes. |
When information is no longer needed, we delete, anonymize, or de-identify it where practical and legally permitted.
10. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information. These may include HTTPS/TLS, access controls, least-privilege permissions, encrypted secrets, logging minimization, vendor controls, and review of action schemas and endpoints.
No internet or AI system can be guaranteed to be completely secure. Users are responsible for controlling what they upload, who can access shared folders, and whether uploaded documents contain sensitive information.
11. Your Choices and Rights
- You can choose what information to provide to a GPT.
- You can avoid uploading sensitive documents unless they are necessary for the workflow.
- You can revoke connected accounts through OpenAI or Google account settings.
- You can request access, correction, deletion, or export of personal information held by GDK Digital by contacting us.
- California residents may have rights to know, delete, correct, opt out of sale or sharing, limit sensitive personal information, and avoid discrimination for exercising rights.
- Users in the EEA or UK may have rights to access, correct, delete, restrict, object, port data, withdraw consent, and complain to a supervisory authority.
OpenAI account-level rights, ChatGPT conversation controls, and connected-app controls must be managed through OpenAI, Google, or the relevant provider.
12. Children's Privacy
GDK Digital Custom GPTs are business tools and are not directed to children under 13. We do not knowingly collect personal information from children through these GPTs. If you believe a child has provided personal information to a GDK Digital system, contact us and we will take appropriate steps.
13. AI Output Limitations
Custom GPT outputs may be incomplete, inaccurate, or based on limited source documents. Do not treat GPT output as final legal, financial, engineering, code, safety, warranty, permitting, or material-ordering advice without qualified human review. Assumptions, blockers, and source limitations should be reviewed before field use or ordering.
14. Changes
We may update this policy as GPT features, connected apps, action endpoints, vendor relationships, or legal requirements change. We will update the date above and post the revised policy at this URL. Material changes may also be communicated through product, website, or account notices where appropriate.
15. Contact
GDK Digital LLC
P.O. Box 85
Benton Harbor, MI 49023
United States
Email: info@gdkdigital.com
Support: support@gdkdigital.com