Privacy Policy

Last updated: April 10, 2026

1. Introduction

Autonomous AI ("we", "our", or "us") operates the autonomousai.app platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password. Passwords are hashed and never stored in plain text.

Business Data

We store the data you enter into the platform, including leads, appointments, invoices, email content, campaign configurations, and AI agent settings. This data belongs to you and is scoped to your tenant.

Usage Data

We collect anonymized usage metrics such as page views, feature usage, API call counts, and error logs to improve our service.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We store your Stripe customer ID for subscription management.

3. How We Use Your Information

• To provide and maintain the service
• To process your transactions and send billing notifications
• To send emails on your behalf to your leads and customers
• To run AI agents that respond to your leads (Pro plan only)
• To send you service-related communications (account alerts, security notices)
• To improve our platform and develop new features

4. AI Processing

Our AI agents use third-party language models (Anthropic Claude) to generate email responses and qualify leads on your behalf. Your business context and lead data is sent to these models for processing. We do not use your data to train AI models. All AI actions go through a human-in-the-loop approval queue before execution.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Service providers: Stripe (payments), Resend (email delivery), Anthropic (AI processing), Calendly (scheduling, when connected by you)
• Legal requirements: When required by law, regulation, or legal process

6. Data Security

We implement industry-standard security measures including encrypted data at rest, TLS in transit, encrypted integration credentials, and tenant-scoped data isolation. Integration tokens (Calendly, Stripe, Twilio) are AES-256 encrypted.

7. Data Retention

Your data is retained for as long as your account is active. Soft-deleted records (leads) are retained for 90 days before permanent deletion. You can request full data export or deletion by contacting us.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a standard format
• Withdraw consent for marketing communications

9. Cookies

We use session cookies for authentication. We do not use third-party advertising cookies. Analytics cookies (if any) are first-party only.

10. Contact

For privacy questions, contact us at privacy@autonomousai.app.