Privacy Policy
Last Updated: March 27, 2026
1. Personal Information We Collect
1.1 Information You Provide
We collect information you provide directly to us, including:
- Account data: name, email address, company name, and password when you create an account.
- Billing data: payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers.
- Customer Content: data, documents, and materials you upload to train your AI teammates, including knowledge base articles, help center content, and past support tickets.
- Communications: any messages you send us through email, chat, or support channels.
- Feedback: suggestions, feature requests, and other feedback you voluntarily provide.
1.2 Information We Collect Automatically
When you use the Service, we automatically collect certain information, including:
- Device data: IP address, browser type, operating system, and device identifiers.
- Usage data: pages visited, features used, actions taken, time spent, and navigation paths. We may use product analytics tools (such as Amplitude and PostHog) and session replay technology to understand how users interact with the Service and to improve the user experience.
- Log data: server logs, error reports, and performance metrics.
1.3 Information from Third Parties
We may receive information about you from third-party services you connect to eesel AI, such as:
- Helpdesk and CRM platforms (e.g., Zendesk, Freshdesk, Intercom, Gorgias, HubSpot, Help Scout, Salesforce)
- Communication tools (e.g., Slack, Microsoft Teams)
- Knowledge sources (e.g., Google Drive, Google Docs, Notion, Confluence, SharePoint)
- Project management tools (e.g., Jira, Asana)
- E-commerce platforms (e.g., Shopify)
- Other third-party platforms as we expand our integrations
We only access the data you authorize through OAuth or similar authentication flows, and only to the extent necessary to provide the Service.
1.4 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies for:
- Essential operation: authentication (via Auth0 session cookies), session management, and security.
- Analytics: understanding how the Service is used to improve our products. We use services such as Google Analytics, Amplitude, PostHog, and Segment.
- Customer support: providing in-app support via Intercom.
- Marketing: measuring the effectiveness of our marketing campaigns.
You can control cookies through your browser settings. Disabling cookies may limit certain functionality of the Service.
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service, including training your AI teammates, processing queries, and delivering responses through your connected platforms.
- Process payments and manage your subscription.
- Improve and develop the Service, including using aggregated, de-identified Usage Data to enhance our AI models and product features.
- Communicate with you about updates, security alerts, and support inquiries.
- Send marketing communications about new features and offerings (you can opt out at any time).
- Prevent fraud and ensure the security and integrity of the Service.
- Comply with legal obligations and enforce our terms.
2.1 Legal Basis for Processing (EEA/UK)
If you are located in the EEA or UK, we rely on the following legal bases under the GDPR for processing your personal data:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Performance of contract (Art. 6(1)(b)) |
| Process payments | Performance of contract (Art. 6(1)(b)) |
| Improve and develop the Service | Legitimate interest (Art. 6(1)(f)) |
| Communicate service updates and security alerts | Performance of contract (Art. 6(1)(b)) |
| Send marketing communications | Consent (Art. 6(1)(a)) |
| Prevent fraud and ensure security | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
3. How We Share Your Information
We do not sell your personal information. We may share your information with:
- Service providers: third-party vendors who help us operate the Service, including cloud hosting (AWS), payment processing (Stripe), authentication (Auth0), email delivery (SendGrid), and analytics providers. These providers are bound by contractual obligations to protect your data.
- AI model providers: to power your AI teammates, Customer Content may be sent to third-party AI model providers such as OpenAI, Anthropic, and Google. These providers process data solely to generate responses and do not use Customer Content to train their general models, in accordance with their data processing terms. Enterprise customers may request content anonymization before data is sent to AI providers.
- Vector database providers: we use Pinecone to store document embeddings (numerical representations of your content) for retrieval. Pinecone does not have access to the original content in readable form.
- Connected platforms: when you integrate third-party services (e.g., Zendesk, Slack), data flows between eesel AI and those platforms as necessary to provide the Service.
- Professional advisors: lawyers, accountants, and auditors as needed for business operations.
- Legal requirements: when required by law, regulation, legal process, or governmental request.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4. Data Hosting and Security
4.1 Data Hosting
Customer data is hosted on AWS in the United States by default. EU hosting is available for customers who require data residency within the European Union.
4.2 Security Measures
We implement and maintain technical and organizational security measures to protect your data, including:
- Encryption of data in transit (TLS) and at rest (AES-256).
- Access controls and role-based permissions.
- Regular security audits and vulnerability assessments.
- SOC 2 Type II certification (in progress — view our Trust Center for current status).
- View our Trust Center for current status.
Full details of our security practices are available in our Security Policy.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Upon termination of your agreement, we will delete Customer Content within 60 days of your request, as outlined in our Terms of Service.
We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes, enforcing agreements, and complying with legal obligations.
6. International Data Transfers
Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
For transfers of Personal Data from the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as detailed in our Data Processing Agreement (DPA). The governing member state for EEA transfers is the Netherlands; for UK transfers, England and Wales.
7. Your Rights and Choices
7.1 Account Information
You may access, update, or delete your account information at any time through the eesel AI dashboard. If you wish to delete your account entirely, contact us at hi@eesel.app.
7.2 Marketing Communications
You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. You will continue to receive transactional and service-related communications.
7.3 EEA, UK, and Swiss Residents
If you are located in the EEA, UK, or Switzerland, you have the right to:
- Access your personal data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Request erasure of your personal data.
- Restrict or object to certain processing.
- Data portability (receive your data in a structured, machine-readable format).
- Lodge a complaint with your local data protection authority.
To exercise these rights, contact us at hi@eesel.app.
7.4 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Opt out of the sale of personal information (we do not sell personal information).
- Non-discrimination for exercising your privacy rights.
To submit a request, contact us at hi@eesel.app. We may verify your identity before processing your request.
8. Data Processing Agreement
For customers subject to the GDPR or other data protection laws that require a data processing agreement, our DPA is incorporated into our Terms of Service. The DPA is based on the Common Paper DPA Standard Terms Version 1.0 and covers:
- Our role as a data processor (or sub-processor) of Customer Personal Data.
- Processing instructions and permitted purposes.
- Sub-processor management, including advance notice of changes.
- Data subject rights and breach notification obligations.
- International transfer mechanisms (Standard Contractual Clauses).
For Enterprise customers, we offer a comprehensive Cloud Service Agreement with a full DPA, liability caps, indemnification terms, security exhibits, insurance certificates, and custom terms tailored to your organization's requirements. Contact hi@eesel.app to get started.
8.1 Approved Sub-processors
The following sub-processors are authorized to process Customer Personal Data on our behalf.
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | N. Virginia, US (EU available on request) |
| Pinecone | Vector database | N. Virginia, US (EU available on request) |
| OpenAI | AI model provider | United States |
| Anthropic | AI model provider | United States |
| AI model provider | United States | |
| Stripe | Payment processing | United States |
| Auth0 | Authentication | United States |
| SendGrid | Email delivery | United States |
| PostHog | Product analytics | European Union |
| Amplitude | Product analytics | United States |
| Segment | Customer data platform | United States |
| Datadog | Monitoring and logging | European Union |
| Firecrawl | Web content extraction | United States |
| Intercom | In-app customer support | United States |
| Vercel | Serverless compute | United States |
9. Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
10. Third-Party Services
The Service may contain links to or integrations with third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you connect to eesel AI.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective date" above. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: hi@eesel.app
- Security contact: hi@eesel.app
- Address: 651 N Broad St, Middletown, Delaware 19709, United States