Privacy Policy

Controller, processor and contact details

For personal information that we collect directly from users for our own purposes, including account administration, security, analytics, billing, product improvement and communications, we act as the controller, business or equivalent responsible entity under applicable privacy laws.

For personal information contained in user Inputs, connected accounts, business data, customer data, documents, workflows, prompts, instructions or other materials that you submit to the Platform for processing on your behalf ("Customer Content"), we may act as your processor, service provider or equivalent under applicable privacy laws.

If a separate data processing agreement, enterprise agreement or other written agreement applies, that agreement will prevail to the extent of any inconsistency with this Privacy Policy.

Our privacy contact is: privacy@makeacompany.ai

Personal information we collect

We may collect the following categories of personal information, depending on how you use the Platform:

• account and contact information, including name, email address, username, organization, role, password credentials or authentication information;
• profile and onboarding information, including business ideas, founder profile, business objectives, preferences, use case, intended jurisdiction, industry and other information provided during onboarding;
• Inputs and Customer Content, including prompts, instructions, business plans, documents, notes, uploaded files, communications, code, workflows, strategies, customer information, operational information and other materials submitted to the Platform;
• Outputs and agent activity data, including AI-generated content, drafts, plans, recommendations, workflow steps, agent logs, actions, messages, tool calls, approvals, errors, task histories and execution records;
• third-party integration data, including information from accounts you connect to the Platform, such as email, calendar, Slack, Google Workspace, GitHub, Stripe, payment, hosting, CRM, analytics, cloud, communication, domain, website, document or other third-party services;
• commercial and billing information, including subscription plan, invoices, transaction records, usage credits, payment status and related account information. Payment card details may be processed by payment providers and may not be stored by us directly;
• communications and feedback, including support requests, survey responses, user interviews, bug reports, product feedback, messages and call notes;
• technical, device and usage data, including IP address, device identifiers, browser type, operating system, pages viewed, features used, timestamps, log data, session data, cookies, analytics identifiers, error reports and security events; and
• information from third parties, including referral partners, identity or authentication providers, integration providers, analytics providers, service providers, publicly available sources and other users where relevant to your use of the Platform.

We do not intentionally require you to provide sensitive personal information, regulated health information, payment card data, government identifiers or other high-risk personal information unless we have expressly agreed in writing that the Platform is suitable for that use.

AI-specific processing

The Platform uses AI systems, agents, models, automations and workflow tools to process Inputs, generate Outputs and assist with business creation and operational tasks.

When you submit prompts, documents, instructions, business ideas, customer information or other Customer Content, that information may be processed by the Platform and by selected model providers, infrastructure providers and tool providers for the purpose of providing, securing, debugging, monitoring and improving the Services.

Agent activity may be logged so that we can provide audit-ability, diagnose issues, improve reliability, investigate misuse, support users and maintain operational controls.

AI systems may generate inaccurate, incomplete or inappropriate Outputs. This Privacy Policy explains how we handle personal information, but it does not replace your obligation under the Terms of Use to review and approve Outputs and agent actions before external or commercial use.

Unless we notify you otherwise or obtain any legally required consent, we will not use non-public Customer Content to publicly identify you, disclose your confidential business idea for marketing purposes, or train a generally available model in a way that intentionally exposes your identifiable Customer Content to other users.

Connected accounts and third-party integrations

If you connect a third-party account or integration to the Platform, you authorize us and our Agents to access, process, retrieve, transmit and use information from that third-party service in accordance with your settings, permissions and instructions.

The information available to us will depend on the third-party service, the permissions you grant and the data made available through that service.

You are responsible for ensuring that you have the right to connect third-party accounts and to provide any personal information available through those accounts to the Platform.

You may be able to revoke access to certain integrations through the Platform or through the relevant third-party service. Revocation may affect the availability or functionality of the Services.

Cookies, analytics and similar technologies

We and our service providers may use cookies, pixels, local storage, SDKs, analytics tags and similar technologies to operate the Platform, maintain sessions, remember preferences, measure usage, diagnose issues, protect security and improve the Services.

You may be able to disable cookies through your browser settings, but some Platform features may not function properly without them.

Where legally required, we will request consent for non-essential cookies or similar technologies.

How we use personal information

We may use personal information for the following purposes:

• to provide, operate, maintain, secure, support and improve the Platform;
• to create and manage accounts, authenticate users and administer early access participation;
• to process Inputs, generate Outputs, coordinate Agents, execute workflows and enable the functionality requested by you;
• to enable, monitor, troubleshoot and support third-party integrations and connected accounts;
• to communicate with you about the Platform, including onboarding, product updates, support, service notices, billing, security and policy changes;
• to analyze usage, measure performance, conduct product research, improve user experience, develop new features and evaluate product-market fit;
• to detect, investigate, prevent and respond to fraud, spam, misuse, abuse, security incidents, technical issues, legal risk and violations of our Terms of Use;
• to comply with legal obligations, enforce our rights, resolve disputes and respond to lawful requests from regulators, courts, law enforcement or other authorities;
• to process payments, invoices, credits and commercial account administration;
• to send marketing or promotional communications where permitted by law, subject to your opt-out rights; and
• for any other purpose disclosed to you or with your consent.

Legal bases for processing

Where EU, UK or similar data protection laws apply, our legal bases for processing personal information may include: performance of a contract, where processing is necessary to provide the Platform or administer your account; legitimate interests, including product improvement, security, fraud prevention, analytics, support and business administration; consent, where we ask for consent for a specific processing activity; and legal obligation, where processing is necessary to comply with applicable laws.

Where we process Customer Content as a processor or service provider, you are responsible for identifying and documenting the relevant legal basis or lawful authority for the processing and for providing any required notices or obtaining any required consents.

How we disclose personal information

We may disclose personal information to:

• service providers, contractors and vendors who provide hosting, storage, compute, model infrastructure, analytics, security, authentication, billing, communications, customer support, error logging, observability and other operational services;
• AI model providers, agent infrastructure providers, tool providers and other technical providers used to process Inputs, generate Outputs and operate the Platform;
• third-party services and integrations that you connect, authorize or instruct the Platform to use;
• professional advisers, including lawyers, accountants, auditors, insurers, bankers and consultants;
• corporate transaction counterparties and advisers in connection with any merger, acquisition, financing, reorganization, sale of assets, change of control or similar transaction;
• law enforcement, courts, regulators, public authorities, dispute counterparties or other third parties where we believe disclosure is required or appropriate to comply with law, enforce rights, protect safety, prevent harm or investigate misuse;
• affiliates and related entities for internal administration, product development, security, support and business operations; and
• other persons where you direct us to disclose the information or where you consent to the disclosure.

We may use and disclose aggregated, anonymized or de-identified information for analytics, benchmarking, product improvement, research, reporting, commercial and operational purposes.

Model providers and infrastructure providers

The Platform may rely on third-party model providers, cloud infrastructure providers, observability providers, databases, vector stores, workflow tools, email providers, communication providers, authentication providers, payment processors and other technical service providers.

These providers may process personal information and Customer Content on our behalf, subject to contractual, technical and organizational controls that we consider appropriate for the relevant service.

The specific providers used may change over time as the Platform develops. We may update this Privacy Policy or provide additional disclosures where legally required.

International transfers

We may process, store and transfer personal information in countries other than the country where you are located, including countries that may not provide the same level of data protection as your home jurisdiction.

Where legally required, we use appropriate safeguards for international transfers, which may include standard contractual clauses, data processing agreements, adequacy decisions, intra-group arrangements, user consent or other lawful transfer mechanisms.

By using the Platform, you acknowledge that personal information may be processed in the jurisdictions where we, our affiliates, service providers, model providers and infrastructure providers operate.

Data retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Platform, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, maintain security, improve the Services and support legitimate business operations.

Retention periods may vary depending on the category of information, the nature of the account, legal requirements, operational needs, backup cycles, security requirements and whether the information is contained in Customer Content, logs, audit records, support records or financial records.

We may retain aggregated, anonymized or de-identified information indefinitely where it no longer identifies an individual.

Deletion or account closure may not immediately remove information from backups, logs, archives, legal holds or records we are required or permitted to retain.

Security

We use reasonable technical, organizational and administrative measures designed to protect personal information against unauthorized access, loss, misuse, disclosure, alteration and destruction.

No system, network, AI workflow, integration or transmission method is completely secure. We cannot guarantee absolute security.

You are responsible for using strong credentials, protecting access tokens and API keys, managing permissions, securing connected accounts and promptly notifying us of any suspected unauthorized access or security incident.

Automated processing and AI-generated outputs

The Platform may use automated processing and AI systems to generate Outputs, recommend workflows, classify information, route tasks, summarize data, draft content, propose actions and assist with business operations.

We do not intend the Platform to make legally or similarly significant decisions about individuals without appropriate human involvement, unless you independently configure, authorize and lawfully implement such use outside our standard early access functionality.

You are responsible for ensuring that any use of the Platform involving individuals, customers, employees, applicants, users, consumers or other data subjects complies with applicable laws and includes all required human review, notices, consents, safeguards and appeal mechanisms.

Your responsibilities when providing personal information

You must not submit personal information to the Platform unless you have the right to do so and your use of the Platform complies with applicable privacy, data protection, marketing, consumer protection, employment, communications and platform laws.

If you provide personal information about third parties, including customers, leads, employees, contractors, applicants, users or business contacts, you are responsible for providing all required notices, obtaining all required consents and ensuring there is a lawful basis for processing.

You must not use the Platform to process sensitive, regulated or high-risk personal information unless we have expressly agreed in writing that the Platform is suitable for that use and any required additional safeguards are in place.

Your rights and choices

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, port or obtain a copy of personal information we hold about you, and to withdraw consent where processing is based on consent.

You may also have the right to complain to a privacy regulator or supervisory authority in your jurisdiction.

You may exercise rights by contacting us at privacy@makeacompany.ai. We may need to verify your identity and may refuse or limit requests where permitted by law.

If your request relates to Customer Content controlled by one of our users, we may direct you to that user or handle the request in accordance with that user's instructions.

Marketing communications

We may send service-related communications that are necessary for account, security, billing, legal or operational purposes.

We may send marketing communications where permitted by law. You may opt out of marketing communications by using the unsubscribe mechanism or contacting us.

Opting out of marketing communications will not prevent us from sending non-marketing service communications.

Children

The Platform is not directed to children and is not intended for use by persons under 18 years old.

We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so that we can take appropriate steps.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Platform, our practices, legal requirements or operational needs.

If we make material changes, we may provide notice through the Platform, by email, or by other reasonable means.

Your continued use of the Platform after an updated Privacy Policy becomes effective means that the updated Privacy Policy applies to your continued use of the Platform.

Contact and complaints

If you have questions, requests or complaints regarding this Privacy Policy or our handling of personal information, please contact us at: privacy@makeacompany.ai.

Please include your name, contact details, the nature of your request and any relevant account information so that we can respond appropriately.

If you are not satisfied with our response, you may have the right to contact the privacy regulator or supervisory authority in your jurisdiction.

Regional disclosures