Privacy Policy

1. Personal Data We Collect

Personal Data You Provide

Account Information: When you create an account, we collect information associated with your account, including your name, contact information, account credentials, payment information, and transaction history.

User Content: We collect Personal Data that you provide in the input to our Services, including your prompts and other content you upload such as files, images, and documents.

Communication Information: If you communicate with us via email or our website forms, we collect your name, contact information, and the contents of your messages.

Other Information You Provide: We collect other information you may provide, such as when you complete application forms for our Founding Customer, Implementation Partner, or Sales Consultant programs.

Personal Data We Receive from Your Use of the Services

Log Data: We collect information your browser or device automatically sends, including IP address, browser type and settings, date and time of your request, and how you interact with our Services.

Usage Data: We collect information about your use of the Services, including types of content viewed, features used, actions taken, time zone, and dates and times of access.

Device Information: We collect information about the device you use to access the Services, including device name, operating system, device identifiers, and browser.

Location Information: We may determine the general area from which your device accesses our Services based on IP address for security purposes and to improve your experience.

Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services and improve your experience.

Information from Connectors and Integrations

If you connect third-party services to the platform (such as Slack, Google Workspace, email, or industry-specific tools), we receive data from those services as authorized by your configuration and the third party’s terms.

2. How We Use Personal Data

We may use Personal Data for the following purposes:

• To provide, analyze, and maintain our Services
• To improve and develop our Services and conduct research
• To configure and deploy your organizational intelligence layer
• To communicate with you, including to send you information about our Services and events
• To prevent fraud, illegal activity, or misuse of our Services, and to protect the security of our systems
• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, Ontologic, or third parties
• To send marketing communications about Ontologic products and services (you may opt out at any time)

We do not use your Content to train AI models for use outside of your deployment without your explicit consent.

3. SMS and Messaging Data

Platform Messaging

The Ontologic platform includes automated SMS and communications functionality powered by Twilio. When your organization uses these features, we process phone numbers, message content, delivery status, and opt-in/opt-out records on your behalf as a data processor.

SMS Opt-In

SMS communications sent through the Ontologic platform are sent by your organization to your contacts. Your organization is responsible for obtaining and maintaining valid prior express written consent from all SMS recipients in compliance with the TCPA and applicable regulations. Ontologic processes SMS data as a data processor on your behalf and does not use recipient phone numbers for any purpose other than message delivery.

Opt-Out

Recipients of SMS messages sent through the platform may opt out at any time by replying STOP. Opt-out requests are processed automatically and recorded in the platform. No further messages will be sent to opted-out numbers. Recipients may reply HELP for assistance information.

Message and Data Rates

Standard message and data rates may apply to SMS messages received by your contacts. This is governed by recipients’ mobile carrier plans and must be disclosed in your organization’s opt-in language.

4. Sharing Your Information

We do not sell your Personal Data. However, we may share certain data with trusted partners and third-party service providers to operate and enhance our platform, including:

• Cloud infrastructure: Amazon Web Services (AWS)
• Database services: MongoDB Atlas, Neo4j
• AI model providers: Anthropic and other LLM providers as configured per deployment
• Messaging: Twilio (SMS and communications infrastructure)
• Email delivery: Resend
• Payment processing: Stripe

These providers are contractually obligated to uphold strict data protection standards. We may also share information with Implementation Partners who manage your deployment, bound by confidentiality obligations under their partner agreement.

We may also share information: if required by law or legal process; to protect the rights, property, or safety of Ontologic, our customers, or others; or in connection with a merger, acquisition, or sale of assets (with advance notice to you).

5. Data Retention

We retain information for as long as necessary to provide the Services and fulfill the purposes described in this policy, or as required by law:

• Account and Customer Data: Retained for the duration of your active account plus 12 months
• Transaction and billing records: Retained for 7 years
• Communications and support records: Retained for 2 years
• Usage logs and analytics: Retained for 13 months
• SMS opt-in consent records: Retained for the life of the customer relationship plus 4 years
• Security and audit logs: Retained for 12 months

6. Data Security

Ontologic implements commercially reasonable technical, administrative, and organizational security measures aligned with SOC 2 principles, including encryption in transit (TLS) and at rest, role-based access controls, audit logging, multi-tenant data isolation, and regular security reviews.

Data Breaches

In the event of a data breach or security incident, Ontologic will promptly investigate and notify affected users in compliance with applicable laws. We will take reasonable steps to mitigate any harm resulting from the breach. Ontologic shall not be liable for any damages arising from a data breach except to the extent arising directly from Ontologic’s gross negligence, willful misconduct, or failure to adhere to applicable data security laws.

7. Your Rights

Depending on where you live, you may have certain statutory rights in relation to your Personal Data, including the right to: access your Personal Data; delete your Personal Data from our records; update or correct your Personal Data; transfer your Personal Data to a third party (data portability); restrict how we process your Personal Data; withdraw consent where we rely on consent as the legal basis; object to how we process your Personal Data; and lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@ontologic.co. We will respond within 30 days.

Marketing Opt-Out

You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at hello@ontologic.co.

California Residents

California residents have additional rights under the CCPA, including the right to know, delete, and opt out of the sale of personal information. Ontologic does not sell personal information. To exercise your CCPA rights, contact us at privacy@ontologic.co.

8. User Content Ownership and Responsibility

Users retain full ownership of the content they create within Ontologic. Ontologic does not claim ownership of User Content. By using the platform, users grant Ontologic a non-exclusive, royalty-free license to use, display, and process User Content solely for the purpose of operating, improving, and maintaining the Services. Users are responsible for ensuring their content complies with applicable laws.

9. Third-Party Services and Links

The Services may integrate with or link to third-party platforms and services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you connect to the platform. Ontologic is not responsible for the privacy practices of third-party services.

10. International Data Transfers

Ontologic is based in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States. By using the Services, you acknowledge this transfer. We implement appropriate safeguards for international transfers where required by applicable law.

11. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have collected Personal Data from a minor, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice in the platform at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, data requests, or questions about this policy:

Ontologic LLC | Fort Thomas, Kentucky
privacy@ontologic.co | hello@ontologic.co

This Privacy Policy was last updated March 1, 2026.