01
/ 07
👨🏾
👩🏻
👨🏼
🧕🏽
👨🏿
👩🏾
👧🏻
👩🏼
👦🏽
👨🏻
👩🏻‍🦰
🧔🏾
👨🏻
👨🏼‍🦱
👩🏿
🧓🏻

Discover what users really think. At scale.

Generate realistic AI personas from real-world data, run synthetic interviews at scale, and get actionable insights — in minutes, not months.

Start for free

How it works

From zero to insights in three simple steps

Define your audience, generate psychologically rich personas from real data, and run in-depth synthetic interviews that reveal genuine user perspectives.

View detailed process
👨🏽
👩🏻
👨🏿
👩🏼
🧕🏾
👨🏻
👩🏿
👨🏾
👦🏽
🧓🏻
👩🏻

Sarah Park

Tech-savvy early adopter · Skeptical

Product manager at a Series B startup. Values efficiency and simplicity. Frustrated by bloated tools that promise everything but deliver mediocrity.

👨🏾

Marcus Johnson

Freelance designer · Optimistic

Creative professional juggling multiple clients. Seeks tools that enhance creativity without adding complexity. Open to new solutions that save time.

🧕🏽

Aisha Khan

Engineering lead · Pragmatic

Leads a team of 12 engineers. Prioritizes reliability and integration capabilities. Needs solutions that scale without breaking existing workflows.

Features

Interview diverse personas at scale

Each AI persona has unique perspectives, backgrounds, and communication styles. Get authentic feedback from skeptics, enthusiasts, and everyone in between.

Explore all features

Data Sources

Real voices. Real data.

Pull authentic user sentiment from 20+ platforms to create personas that reflect how people actually feel. Ground your research in real-world signals from reviews, forums, and public discussions.

Explore data sources
GET/ google-maps-reviews
GET/ reddit-comments
GET/ youtube-comments
GET/ indeed-reviews
GET/ glassdoor-reviews
GET/ airbnb-reviews
GET/ producthunt-reviews
GET/ yelp-reviews
GET/ trustpilot-reviews
GET/ g2-reviews
GET/ amazon-reviews
GET/ getapp-reviews
+ many more...
01
Define your audience
Describe who you want to talk to — by prompt, LinkedIn profile, company URL, or deep web research.
02
Generate personas
Get psychologically rich user profiles with unique personalities, backstories, and honest perspectives.
03
Run studies
Run interviews where personas respond naturally. Extract patterns and insights automatically.

The Process

Three steps to actionable insights

From defining your audience to extracting themes and recommendations—our end-to-end workflow turns scattered voices into structured insights you can act on immediately.

See it in action
Legal

Imprint

Responsible for Content (§ 5 DDG)

GoTofu
A student project at Code University of Applied Sciences
Donaustr. 44
12043 Berlin, Germany

Contact

info@gotofu.com

About This Project

GoTofu is a non-commercial student project created as part of the MTM_02 | Agile Engineering Management course. It is not affiliated with any commercial entity and does not offer paid services. There is no VAT ID, commercial register entry, or trade license associated with this project.

Liability for External Links

Our website contains links to external websites operated by third parties. We have no control over the content of these websites and cannot assume liability for them. The respective operators are responsible for the content of linked pages. At the time of linking, we checked linked pages for possible legal violations — none were apparent. If we become aware of any legal violations, we will remove such links immediately.

Legal

Privacy Policy

Last updated: March 27, 2026

1. Who We Are

GoTofu ("we", "us", "our") operates the synthetic user research platform available at app.gotofu.io. GoTofu is a student project at Code University of Applied Sciences, established in Germany.

All data protection queries should be directed to our privacy team:
Privacy contact: privacy@gotofu.io
Mailing address: GoTofu, Donaustr. 44, 12043 Berlin, Germany

As GoTofu is established in the EU (Germany), no Article 27 EU Representative is required. We will respond to privacy requests within one month of receipt.

2. Data We Collect

  • Account data — name, email address, and authentication credentials provided at sign-up.
  • Organisation data — company name, product description, and team member details provided during onboarding.
  • Research data — AI persona configurations, interview transcripts, survey responses, uploaded files (PDFs, datasets), and generated analysis reports.
  • Usage data — token consumption, feature usage events, and interaction logs used for billing and service improvement.
  • Technical data — IP address, browser type, device identifiers, collected via cookies and server logs.

This service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@gotofu.io.

3. How We Use Your Data

  • To provide, maintain, and improve the GoTofu platform and its features.
  • To generate AI personas and conduct synthetic interviews on your behalf.
  • To produce automated insights and analysis reports from your research inputs.
  • To manage your account, subscriptions, billing, and support requests.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.
  • To monitor and improve platform reliability and performance.
  • To comply with legal obligations and enforce our Terms of Service.
  • To send optional marketing communications, where you have given explicit consent.

4. Legal Basis for Processing (GDPR Art. 6)

4.1 Contract Performance (Art. 6(1)(b))

Processing is necessary to deliver the services you signed up for — including account management, AI persona generation, synthetic interviews, and the production of research outputs. Providing account data (name, email) is a contractual requirement; without it we cannot create your account.

4.2 Legitimate Interests (Art. 6(1)(f))

We process certain data based on our legitimate interests: security and fraud prevention, service analytics and improvement, and short-term technical log retention. You have the right to object to this processing — see Section 9.

4.3 Consent (Art. 6(1)(a))

Where we send optional marketing communications, we rely on your freely given consent. You may withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing privacy@gotofu.io.

4.4 Legal Obligation (Art. 6(1)(c))

Where applicable law requires us to retain or disclose data — for example, for tax or accounting purposes — we will process data accordingly.

5. Where Your Data Is Stored

  • Database — PostgreSQL hosted on AWS EU West 1 (Ireland) via Supabase.
  • Authentication — Supabase, same EU region.
  • Application hosting — Vercel (defaults to US East compute; SCCs apply — see Section 6).
  • Email — Zoho Mail EU (mx.zoho.eu), hosted within the European Union.

6. Third-Party Processors & International Transfers

Processor Purpose Location Safeguard
Supabase Database & auth EU (Ireland) Within EU
Vercel App hosting & CDN US / global SCCs (2021/914)
OpenAI AI persona generation United States SCCs + EU–US DPF
Inngest Background jobs United States SCCs (pending confirmation)
Tavily Web research grounding United States SCCs
Zoho Mail EU Transactional email EU Within EU
Hostinger DNS registrar Lithuania (EU) Within EU

Copies of applicable SCCs are available on request by emailing privacy@gotofu.io.

7. AI-Specific Data Handling

Your research data is transmitted to AI providers solely to deliver the features you actively use. We do not use your personal data to train AI models. We use OpenAI's API with data usage opt-out enabled — your inputs and outputs are not used by OpenAI for model training under our enterprise data processing agreement.

AI-generated outputs — including personas, interview transcripts, and reports — are stored in our EU-based database and remain your property.

Automated decision-making (Art. 22 GDPR): GoTofu uses AI to generate synthetic personas and research outputs. These outputs are constructed about fictional, synthetic personas and are not decisions made about you as an individual. Article 22 GDPR does not apply to the core AI functions of this platform.

8. Data Retention

  • Account & organisation data — retained for the duration of your active account; deleted within 30 days of account closure.
  • Research data (personas, transcripts, reports, uploads) — deleted within 30 days of account closure.
  • Usage data (token logs, billing records) — retained for 24 months, then deleted or anonymised.
  • Technical data (server logs, IP addresses) — retained for 90 days, then automatically deleted.
  • Legal obligation retention — financial records retained for the legally required period (typically 7 years).
  • Anonymised aggregate statistics — may be retained indefinitely as they do not constitute personal data.

9. Your Rights Under GDPR

  • Right of access (Art. 15) — Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restrict processing (Art. 18) — Request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)) — Withdraw consent for marketing at any time.

To exercise your rights, email privacy@gotofu.io. We will respond within one month.

You also have the right to lodge a complaint with our lead supervisory authority:
Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI)
Website: www.datenschutz-berlin.de
Address: Friedrichstr. 219, 10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de

10. Cookies

We use only essential cookies necessary for platform operation. We do not use advertising, analytics, or third-party tracking cookies.

Cookie Purpose Duration
sb-access-token Supabase authentication session token Session (expires on logout)
sb-refresh-token Maintains authenticated session across page refreshes Up to 7 days

Because we use only strictly necessary cookies, we are not required to obtain cookie consent under the ePrivacy Directive. No cookie consent banner is displayed. If our cookie usage changes in future, this policy will be updated accordingly.

11. Security

  • Encryption in transit — All data is encrypted using TLS 1.2 or higher.
  • Encryption at rest — Database storage is encrypted at rest on AWS infrastructure.
  • Role-based access controls — Internal access to personal data is restricted to authorised personnel on a need-to-know basis.
  • Multi-tenant data isolation — Each organisation's data is logically isolated within our database.
  • API key security — Secret API keys and credentials are never exposed to client-side code.
  • Incident response — In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR) and affected users where required (Art. 34 GDPR).

12. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or in-app notification at least 14 days before the changes take effect. The "Last updated" date at the top of this document will always reflect the most recent revision. Previous versions are available on request by emailing privacy@gotofu.io.

13. Contact

GoTofu Privacy Team
Email: privacy@gotofu.io
Address: Donaustr. 44, 12043 Berlin, Germany

For complaints not resolved to your satisfaction, you may contact the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI) as described in Section 9.