Privacy Policy
Last updated: 2026-06-13
This Privacy Policy describes how Eceeli LLC ("we," "us," "our") — a limited liability company organized under the laws of the State of Wyoming, USA, operating the Agonai competitive-intelligence platform at agonai.io and app.agonai.io (the "Service") — collects, uses, and protects information about you ("you," "Customer").
By using the Service you agree to this Policy. If you do not agree, do not use the Service.
1. Who We Are
| Legal entity | Eceeli LLC |
| Jurisdiction | Wyoming, USA |
| Product | Agonai |
| Contact | privacy@agonai.io |
2. Information We Collect
Information you provide directly:
- Account information: name, email address, organization name, billing address (collected by our payment processor; see Section 5).
- Configuration data: competitor URLs, source feeds, AI prompt configurations, query catalogs, portfolio settings.
- Optional integrations: OAuth tokens for Slack, Microsoft Teams, and HubSpot (encrypted at rest using field-level AES-GCM encryption).
- AI provider credentials (Scout-tier "bring your own keys" customers only): API keys you have provisioned with leading AI providers, encrypted at rest using field-level AES-GCM encryption.
- Support correspondence and feedback you send us.
Information collected automatically:
- Usage telemetry: pages visited, features used, request timing, error events.
- Session metadata: IP address, browser/device type, authentication-session expiration.
- Operational logs needed to provide and secure the Service.
Information collected from public sources on your behalf:
When you add a competitor or source, the Service fetches publicly available content (web pages, RSS feeds, review sites, news, careers pages, public code-release feeds, app-store metadata, podcast indexes, Wikipedia, status pages, public SEC filings, etc.). This content is processed and stored in association with your account. We do not collect data behind login walls and we respect robots.txt directives.
Personal data appearing in monitored sources. Monitored content may incidentally contain personal data about individuals who are not our customers (for example, the name of an executive quoted in the news, or the author of a public review). The Service is designed to analyze companies, brands, and organizations — not to monitor, profile, or build dossiers on natural persons, and we apply data minimization accordingly. Where data-protection law applies, our lawful basis for processing such publicly available personal data is our legitimate interest (and our customer's) in competitive analysis, balanced against the rights of the individual. Any individual whose personal data appears in content we process may exercise the rights in Section 8 (including access and erasure) by contacting privacy@agonai.io.
3. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Service.
- Process payments and manage subscriptions (via our Merchant of Record — see Section 5).
- Send transactional emails: sign-in links, alert notifications, scheduled reports, billing receipts.
- Generate AI-derived insights, battlecards, trends, and visibility analyses on the data you have configured.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Improve the Service based on aggregated usage patterns.
- Comply with legal obligations.
We do not sell your personal information. We do not use your data to train general-purpose AI models. We do not share customer data with third parties for advertising.
4. AI Processing — Data Flows
How your prompts and competitor data are routed depends on your plan:
| Plan | AI provider routing | Data flow |
|---|---|---|
| Scout (bring your own keys) | Your own API keys with the AI provider of your choice | Your prompts and competitor data are sent directly to the AI provider you authorized, billed against your API account. We act as a routing layer; we do not retain prompt/response payloads beyond what is needed to display the result and audit usage. |
| Growth, Business | Eceeli LLC managed AI provider accounts | Your prompts and competitor data are processed by our managed AI sub-processors (see Section 5). Each sub-processor's data-handling commitments apply, including zero-day-retention and no-training-on-customer-data agreements where offered by the provider. |
In both cases the prompts and responses are stored within your tenant's database row and are visible only to authorized members of your organization.
5. Sub-Processors
We rely on a small number of vendors to deliver the Service. Each of them processes your data only as needed to perform their function, and is bound by their own privacy commitments.
| Sub-processor | Purpose | Data category |
|---|---|---|
| Polar (polar.sh) | Merchant of Record — payment processing, tax collection (EU VAT, US sales tax), invoicing, subscription management | Billing identity, payment method, transaction amounts |
| Stripe (via Polar) | Underlying card-processing rail used by Polar | Tokenized payment method, transaction metadata |
| Mercury (mercury.com) | Business banking for Eceeli LLC operations | None of your data — ACH-payout destination only |
| Fly.io (fly.io) | Application hosting and managed PostgreSQL (region: iad, USA) | All Customer Data at rest and in transit |
| Tigris (tigris.dev) | S3-compatible object storage for monitored-page snapshots | HTML snapshot blobs |
| Cloudflare (cloudflare.com) | DNS, CDN, and bot protection | Inbound HTTP request metadata |
| Resend (resend.com) | Transactional email delivery | Recipient email address, message content |
| AppSignal (appsignal.com) | Application error monitoring and performance telemetry | Error stack traces, request metadata (PII redacted where feasible) |
| Anthropic (anthropic.com) | Claude AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| OpenAI (openai.com) | GPT AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| Google (cloud.google.com) | Gemini AI provider (managed-plan customers) | Prompts and responses for AI analysis |
| Perplexity (perplexity.ai) | Perplexity AI provider (managed-plan customers; AI Visibility queries) | Prompts and responses for AI analysis |
We may add or change sub-processors. Material changes are reflected in this Policy and announced via in-app notice or email at least 14 days before they take effect, where reasonably practicable.
6. Data Retention
| Data | Retention |
|---|---|
| Account profile + organization data | For the duration of your subscription. After cancellation: 30 days of read-only access, then scheduled deletion within an additional 90 days. |
| Monitored-page snapshots | The most recent 30 snapshots per monitored page. Older snapshots are pruned automatically. |
| Raw HTML of snapshots | Retained for 7 days, then nullified — only the diff/structured representation persists. |
| AI-generated insights, battlecards, trends, reports | Retained for the life of the account. Exportable at any time. |
| Operational logs | Up to 30 days for security and incident-response purposes; longer if required for an active investigation. |
| Billing records | Retained for 7 years per US tax requirements. Held by the Merchant of Record and by us in summary form. |
You may request earlier deletion at any time (see Section 8).
7. Data Security
- In transit: TLS 1.3 between you, our application, and our sub-processors.
- At rest: managed-database volume-level encryption. Object storage with at-rest encryption.
- Field-level encryption: OAuth tokens and bring-your-own AI keys are encrypted at the field level using AES-GCM with keys held outside the database.
- Authentication: passwordless magic-link sign-in. No password-reuse risk.
- Access controls: deny-by-default authorization policies scoped to your organization. Internal access to production data is limited to a small number of personnel for incident response only.
- Backups: daily database snapshots with 30-day retention.
No system is impenetrable. We commit to notifying affected customers within 72 hours of confirming a personal-data breach, consistent with GDPR Article 33 and analogous laws.
8. Your Rights
Depending on your jurisdiction, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your personal information ("right to be forgotten").
- Export your data in a portable, machine-readable format (CSV / Markdown).
- Object to or restrict specific processing activities.
- Withdraw consent for any processing that relies on consent.
- Lodge a complaint with a supervisory authority (e.g. your national data-protection authority in the EU/UK; the California Privacy Protection Agency for California residents).
To exercise these rights, email privacy@agonai.io with the request and the email address associated with your account. We respond within 30 days.
9. Cookies
We use only strictly necessary cookies — those required to maintain your authenticated session and to remember your interface preferences (locale, theme). We do not use advertising cookies, cross-site trackers, or session-replay tools.
10. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the US, your information is transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms with our sub-processors.
The Service is currently offered only to business customers in the United States (see our Terms of Service). A Data Processing Agreement (DPA) incorporating the applicable SCCs is available to business customers on request at privacy@agonai.io.
11. Children’s Privacy
The Service is a B2B product intended for use by individuals 18 years of age or older. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it.
12. Changes to This Policy
We may update this Policy. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify active customers by in-app notice and email at least 14 days before the change takes effect. Your continued use of the Service after the effective date of a change constitutes acceptance of the updated Policy.
13. Contact
All privacy questions, data-rights requests, legal notices, support requests, and feedback: privacy@agonai.io.
Eceeli LLC — Wyoming, USA.