Privacy Policy

Autonomata (“Autonomata,” “we,” “us,” or “our”) provides an AI operating system for B2B service companies, available at https://autonomata.ai and https://app.autonomata.ai (the “Service”). This Privacy Policy describes how we collect, use, store, share, and delete information when you visit our marketing website, create an account, or connect third-party services such as Google to the Service.

We collect the following categories of information:

• Account information. Name, email address, organization name, and authentication identifiers when you sign up or are invited to the Service.
• Usage and device information. Logs, IP address, browser type, pages viewed, and timestamps generated when you use the Service.
• Content you submit. Tasks, prompts, files, configuration, and other inputs you provide to agents running on Autonomata.
• Third-party data you connect. Data we access on your behalf through integrations you authorize, including Google services described in Section 4.
• Communications. Messages you send to support, waitlist form submissions, and replies to product emails.

We use the information we collect to:

• Provide, operate, and maintain the Service and its agents on your behalf.
• Authenticate users, enforce access controls, and audit agent actions for security and compliance.
• Improve user-facing features that you and your team interact with.
• Diagnose technical issues, prevent abuse, and respond to support requests.
• Send service-related notices and, where you have opted in, product updates.

We do not sell your personal information. We do not use your data, including data from Google APIs, to serve advertising. We do not use your content to train generalized AI/ML models that are offered to other customers.

When you connect a Google account to Autonomata, you authorize us to access specific Google data on your behalf using OAuth scopes that you explicitly approve on Google’s consent screen. The scopes we may request include:

• Google Calendar (e.g. https://www.googleapis.com/auth/calendar.events and https://www.googleapis.com/auth/calendar.events.freebusy) — to read your calendars and events, create and update events on your behalf, manage attendees, and check free/busy availability, so that Autonomata agents can schedule meetings, propose open time slots and book appointments captured by inbound sales agents, and keep calendar state in sync with the Service.

How we use Google user data. We use Google user data only to provide the user-facing features described above. We do not use Google user data to train, fine-tune, or evaluate generalized AI/ML models. We do not transfer Google user data to advertising platforms, data brokers, or other third parties for purposes unrelated to providing the Service. We restrict employee and contractor access to Google user data to the minimum necessary to operate, support, and secure the Service.

Limited Use compliance. Autonomata’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Storage. We store the OAuth refresh tokens needed to call Google APIs on your behalf, and we cache the minimum Google data required to operate features you use (for example, upcoming calendar events shown in the Service). Cached Google data is associated with your tenant and is not commingled with other tenants’ data.

Revoking access. You can disconnect Autonomata from your Google account at any time inside the Service, or by visiting https://myaccount.google.com/permissions. Once disconnected, we stop calling Google APIs on your behalf and delete cached Google data on the schedule described in Section 8.

We share information only as follows:

• Within your tenant. Information you submit may be visible to other authorized users within your organization on Autonomata.
• Service providers. We use vetted vendors to host infrastructure (Amazon Web Services), provide authentication (Auth0), send transactional email, process payments (Stripe), and provide AI model inference (e.g. Anthropic, OpenAI). These vendors process data on our instructions under written data-processing agreements.
• Legal and safety. We may disclose information if required by law, valid legal process, or to protect the rights, safety, or property of Autonomata, our users, or the public.
• Business transfers. If Autonomata is involved in a merger, acquisition, or asset sale, information may be transferred subject to the protections of this policy.

We do not sell or rent personal information, and we do not share Google user data with third parties except as strictly required to provide the Service.

The Service is hosted on Amazon Web Services in the United States. Application data, including cached Google data, is stored encrypted at rest and transmitted over TLS. If you access the Service from outside the United States, you consent to your data being processed in the United States.

We follow industry-standard practices to protect data, including encryption in transit and at rest, tenant isolation, scoped access controls, audit logging, and regular review of access to production systems. No system is perfectly secure.

We retain account information for as long as your account is active. Content you submit is retained while your account is active so the Service can use it. Operational logs are retained for a limited period for security and debugging. Cached Google user data is retained only as long as needed to operate the connected feature; when you disconnect a Google account or delete your Autonomata account, we delete cached Google data and revoke stored OAuth tokens within 30 days, except where a longer retention is required to comply with legal obligations.

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. You can exercise many of these rights through your account settings in the Service, or by submitting a request through the Service’s support channels. We will respond within the timeframes required by applicable law.

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.