Privacy Policy

1. Information We Collect

Information You Provide Directly

When you submit our intake form, contact us, or become a client, we may collect:

• Name and contact information (email address, company name)
• Information about your business and the role you want to automate
• Tool and API credentials necessary to build and operate your AI employee (stored securely; see Section 5)
• Payment information (processed via our payment processor; we do not store raw card data)
• Communications with us via email or other channels

Information Collected Automatically

When you visit our website, we automatically collect:

• IP address and approximate geographic location
• Browser type and version
• Pages visited and time spent on those pages
• Referring URL
• Device type (desktop, mobile, tablet)

Client Business Data

In the course of providing our managed AI services, we may access and process data from your connected business tools (email, CRM, calendar, etc.) solely to configure and operate your AI employee. This data is treated with the highest level of confidentiality and is never used for any purpose other than operating your AI employee.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our services
• Process and fulfill service agreements
• Communicate with you about your account, inquiries, and service updates
• Improve our services and develop new features
• Apply learnings (in anonymized, aggregated form) across our client fleet to improve AI performance
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations
• Send you service-related communications (not marketing, unless you opt in)

We do not sell your personal data. We do not use your data for advertising targeting.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information with:

• Service providers: Third-party vendors who help us operate our business (hosting, payment processing, email delivery). These parties are contractually bound to protect your data.
• AI model providers: When operating your AI employee, requests are sent to large language model APIs (e.g., Anthropic, OpenAI). These providers have their own privacy policies and data handling practices.
• Legal requirements: If required by law, court order, or government request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

We will never share your business data with other clients or use it to benefit parties other than you.

4. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Prospective clients: Inquiry data is retained for 2 years unless you request deletion earlier.
• Active clients: All data is retained for the duration of the service agreement.
• Former clients: Upon service termination, we provide a complete handover of all your data and configuration files. We delete our copies within 30 days of handover confirmation, unless legal retention requirements apply.

You may request deletion of your data at any time by contacting us at [email protected].

5. Security

We implement industry-standard security measures to protect your information:

• Data encrypted at rest (AES-256) and in transit (TLS 1.2+)
• API keys and credentials stored in secure vaults, never in plaintext configurations
• Each client's AI employee runs on isolated dedicated infrastructure — no shared environments
• Least-privilege access controls — your AI employee can only access systems you explicitly authorize
• Automated daily backups with point-in-time recovery
• 24/7 monitoring for anomalies and unauthorized access

No method of transmission over the Internet is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

6. Cookies & Tracking

Our website uses minimal cookies and tracking:

• Essential cookies: Required for basic website functionality
• Analytics: We may use privacy-respecting analytics to understand how visitors use our site. Analytics data is aggregated and anonymized.

You can control cookie settings through your browser. Disabling cookies may affect website functionality.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are located in the European Economic Area (EEA), United Kingdom, or California, additional rights may apply under GDPR, UK GDPR, or CCPA respectively.

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: https://oneagentco.com

We will respond to all privacy-related inquiries within 30 days.