Privacy Policy
Last updated: 2026-05-09
This Privacy Policy describes how Eceeli LLC ("we," "us," "our") — a limited liability company organized under the laws of the State of Wyoming, USA, operating the Agonai competitive-intelligence platform at agonai.io and app.agonai.io (the "Service") — collects, uses, and protects information about you ("you," "Customer").
By using the Service you agree to this Policy. If you do not agree, do not use the Service.
1. Who We Are
| Legal entity | Eceeli LLC |
| Jurisdiction | Wyoming, USA |
| Registered agent | [Doola registered agent address — see Articles of Organization] |
| Product | Agonai (operated under the trade name "Agonai") |
| Privacy contact | privacy@agonai.io |
| Legal contact | legal@agonai.io |
2. Information We Collect
Information you provide directly:
- Account information: name, email address, organization name, billing address (collected by our payment processor; see Section 5).
- Configuration data: competitor URLs, source feeds, AI prompt configurations, query catalogs, portfolio settings.
- Optional integrations: OAuth tokens for Slack, Microsoft Teams, and HubSpot (encrypted at rest using Cloak field-level encryption).
- AI provider credentials (Scout-tier "BYOK" customers only): API keys for Anthropic, OpenAI, Google Gemini, Perplexity, or OpenAI-compatible endpoints (encrypted at rest using Cloak field-level encryption).
- Support correspondence and feedback you send us.
Information collected automatically:
- Usage telemetry: pages visited, features used, request timing, error events.
- Session metadata: IP address, browser/device type, authentication-session expiration.
- Operational logs needed to provide and secure the Service.
Information collected from public sources on your behalf:
When you add a competitor or source, the Service fetches publicly available content (web pages, RSS feeds, review sites, news, careers pages, GitHub releases, app-store metadata, podcast indexes, Wikipedia, status pages, public SEC filings, etc.). This content is processed and stored in association with your account. We do not collect data behind login walls and we respect robots.txt directives.
3. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Service.
- Process payments and manage subscriptions (via Polar — see Section 5).
- Send transactional emails: magic-link sign-in, alert notifications, scheduled reports, billing receipts.
- Generate AI-derived insights, battlecards, trends, and visibility analyses on the data you have configured.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Improve the Service based on aggregated usage patterns.
- Comply with legal obligations.
We do not sell your personal information. We do not use your data to train general-purpose AI models. We do not share customer data with third parties for advertising.
4. AI Processing — Data Flows
How your prompts and competitor data are routed depends on your plan:
| Plan | AI provider routing | Data flow |
|---|---|---|
| Scout (BYOK) | Customer's own API keys (Anthropic, OpenAI, Gemini, Perplexity, or OpenAI-compatible custom endpoint) | Your prompts and competitor data are sent directly to the AI provider you authorized, billed against your API account. We act as a routing layer; we do not retain prompt/response payloads beyond what is needed to display the result and audit usage. |
| Growth, Business | Eceeli LLC managed accounts at Anthropic, OpenAI, Google, and/or Perplexity | Your prompts and competitor data are processed by our managed AI sub-processors (see Section 5). Each sub-processor's data-handling commitments apply (zero-day-retention, no training-on-customer-data agreements, where offered by the provider). |
In both cases the prompts and responses are stored within your tenant's database row and are visible only to authorized members of your organization.
5. Sub-Processors
We rely on a small number of vendors to deliver the Service. Each of them processes your data only as needed to perform their function, and is bound by their own privacy commitments.
| Sub-processor | Purpose | Data category |
|---|---|---|
| Polar (polar.sh) | Merchant of Record — payment processing, tax collection (EU VAT, US sales tax), invoicing, subscription management | Billing identity, payment method, transaction amounts |
| Stripe (via Polar's Stripe Connect) | Underlying card-processing rail used by Polar | Tokenized payment method, transaction metadata |
| Mercury (mercury.com) | Business banking for Eceeli LLC operations | None of your data — ACH-payout destination only |
| Fly.io (fly.io) | Application hosting and managed PostgreSQL (region: iad, USA) |
All Customer Data at rest and in transit |
| Tigris (tigris.dev) | S3-compatible object storage for monitored-page snapshots | HTML snapshot blobs |
| Cloudflare (cloudflare.com) | DNS, CDN, bot protection on agonai.io and app.agonai.io | Inbound HTTP request metadata |
| Resend (resend.com) | Transactional email delivery (sign-in links, reports, alerts) | Recipient email address, message content |
| AppSignal (appsignal.com) | Application error monitoring and performance telemetry | Error stack traces, request metadata (PII redacted where feasible) |
| Anthropic (anthropic.com) | Claude AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| OpenAI (openai.com) | GPT AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| Google (cloud.google.com) | Gemini AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| Perplexity (perplexity.ai) | Perplexity AI provider (managed-plan customers; AI Visibility queries) | Prompts and responses for AI analysis |
We may add or change sub-processors. Material changes are reflected in this Policy and announced via in-app notice or email at least 14 days before they take effect, where reasonably practicable.
6. Data Retention
| Data | Retention |
|---|---|
| Account profile + organization data | For the duration of your subscription. After cancellation: 30 days of read-only access, then scheduled deletion within an additional 90 days. |
| Monitored-page snapshots | The most recent 30 snapshots per monitored page are retained. Older snapshots are pruned automatically. |
| Raw HTML of snapshots | Raw HTML is retained for 7 days, then nullified — only the diff/structured representation persists. |
| AI-generated insights, battlecards, trends, reports | Retained for the life of the account. Reports may be downloaded/exported at any time. |
| Operational logs | Up to 30 days for security and incident-response purposes; longer if required for an active investigation. |
| Billing records | Retained for 7 years per US tax requirements. Held by Polar (the Merchant of Record) and by us in summary form. |
You may request earlier deletion at any time (see Section 8).
7. Data Security
- In transit: TLS 1.3 between you, our application, and our sub-processors.
- At rest: PostgreSQL on Fly.io with volume-level encryption. Object storage on Tigris with at-rest encryption.
- Field-level encryption: OAuth tokens (Slack, Teams, HubSpot) and BYOK AI keys are encrypted at the field level using Cloak (AES-GCM) with keys held outside the database.
- Authentication: passwordless magic-link sign-in. No password reuse risk.
- Access controls: Ash policies enforce deny-by-default authorization scoped to your organization. Internal access to production data is limited to a small number of personnel for incident response only.
- Backups: PostgreSQL snapshots taken daily with 30-day retention.
No system is impenetrable. We commit to notifying affected customers within 72 hours of confirming a personal-data breach, consistent with GDPR Article 33 and analogous laws.
8. Your Rights
Depending on your jurisdiction, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your personal information ("right to be forgotten").
- Export your data in a portable, machine-readable format (CSV / Markdown).
- Object to or restrict specific processing activities.
- Withdraw consent for any processing that relies on consent.
- Lodge a complaint with a supervisory authority (e.g. your national data-protection authority in the EU/UK; the California Privacy Protection Agency for California residents).
To exercise these rights, email privacy@agonai.io with the request and the email address associated with your account. We respond within 30 days.
9. Cookies
We use only strictly necessary cookies — those required to maintain your authenticated session and to remember your interface preferences (locale, theme). We do not use advertising cookies, cross-site trackers, or session-replay tools.
10. International Data Transfers
The Service is hosted in the United States (Fly.io iad region). If you access the Service from outside the US, your information is transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms with our sub-processors.
11. Children's Privacy
The Service is a B2B product intended for use by individuals 18 years of age or older. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it.
12. Changes to This Policy
We may update this Policy. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify active customers by in-app notice and email at least 14 days before the change takes effect. Your continued use of the Service after the effective date of a change constitutes acceptance of the updated Policy.
13. Contact
| For | |
|---|---|
| Privacy questions, data-rights requests | privacy@agonai.io |
| Legal notices | legal@agonai.io |
| Customer support | support@agonai.io |
| Feedback | feedback@agonai.io |
Eceeli LLC [Doola registered agent address — Wyoming, USA]