Privacy Policy

1.1 Personal Information You Provide

• Account Information: Name, email address, password, profile photo, job title, company name, and other information you provide when creating or updating your account on https://tou.ai.
• Billing Information: Payment method details, billing address, and transaction history processed through our third-party payment processors (including Stripe).
• Communications: Information you provide when you contact us for support, submit feedback, or otherwise communicate with us.

1.2 Workspace Data

• Organization and Team Data: Workspace names, team structures, member roles, permissions, and organizational settings.
• User-Generated Content: Instructions, prompts, task descriptions, documents, messages, and other content you create or upload within the Services.

1.3 AI Interaction Data

• Prompts and Instructions: Text, commands, and instructions you provide to AI agents within the platform.
• Agent Outputs: Responses, content, deliverables, and actions generated by AI agents on your behalf.
• Conversation Histories: Logs of interactions between you and AI agents, including chat histories, task threads, and feedback.
• Agent Action Logs: Records of actions taken by AI agents, including tool usage, decision-making steps, API calls, and execution traces.

1.4 Connected Tool Data

When you authorize AI agents to access third-party services on your behalf, we may collect and process data from those connected tools, including but not limited to:

• Context Layer: Connect your agents to 50+ diverse data sources and turn fragmented data into searchable, up-to-date contexts.
• Deep Research: AI-powered research across web, social, academic and internal sources with adaptive depth, citations, and traceable reasoning.
• Data Search: Crawl, scrape, and search the live web into clean, structured data your agents can consume immediately.
• Unstructured Data: The AI data translation layer. Turn documents, images, video, and audio into information that AI can actually work with.
• Data Lakehouse: Store and manage files in project-scoped buckets with access control and agent-friendly file APIs.

Important

This is customer-controlled data. We act primarily as a data processor, processing it only on your instructions. We do not train or fine-tune AI models on your uploaded or processed content. We may still use fully de-identified and aggregated data (from which all personal identifiers have been removed) to improve our models, as described in Section 2. You retain full ownership of your data and all AI-generated outputs. The scope of data accessed from connected tools depends on the permissions you grant and the tasks you assign to AI agents.

1.5 Automatically Collected Information

• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited on https://tou.ai, features used, click patterns, session duration, referring URLs, and interaction patterns (including agent/task logs processed via PostHog).
• Log Data: Server logs, error reports, access times, and diagnostic data.
• Location Data: Approximate geographic location inferred from your IP address.

1.6 Usage and Analytics Data

We automatically collect limited technical data for service operation, security, and improvement:

• Agent/task logs, query patterns, tool usage statistics
• Error logs, performance metrics
• IP addresses, device identifiers, browser/OS info

This data is aggregated/anonymized where possible and processed based on our legitimate interests in security, reliability, and product improvement.

1.7 Cookies and Tracking Technologies

We use strictly necessary cookies for essential functions (sessions, authentication) and limited analytics (aggregated usage). Non-essential cookies require consent where required by law. Manage via browser settings.

• Providing the Services: To create and manage your account, operate the Agentic AI platform, execute tasks through AI agents, and deliver the core functionality of TouAI.
• Processing Connected Tool Data: To enable AI agents to perform authorized actions on your behalf across integrated third-party services, including Context Layer, Deep Research, Data Search, Unstructured Data, and Data Lakehouse.
• Improving the Services: To analyze usage patterns, diagnose technical issues, develop new features, and enhance the performance and reliability of our AI agents.
• AI Model Enhancement: To use de-identified and aggregated data to improve our AI models, algorithms, and system performance.
• Communications: To send you service-related notices, updates, security alerts, and administrative messages. With your consent, to send marketing and promotional communications.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, and to protect the rights and safety of our users and the Company.
• Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Analytics: To conduct research and analytics to understand how users interact with the Services and to measure the effectiveness of our features.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.

3.1 European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR) or equivalent legislation:

• Performance of a Contract: Processing necessary to perform our contract with you (e.g., providing the Services, managing your account, executing AI agent tasks).
• Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving the Services, ensuring security, preventing fraud, and conducting analytics.
• Consent: Where you have provided explicit consent for specific processing activities (e.g., marketing communications, optional data sharing, certain AI data processing activities).
• Legal Obligation: Processing necessary to comply with legal obligations to which we are subject.

3.2 Canada

If you are located in Canada, we rely on the following bases under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation:

• Consent: We obtain your express or implied consent for the collection, use, and disclosure of your personal information, except where permitted or required by law without consent.
• Legitimate Business Purposes: We process information for purposes that a reasonable person would consider appropriate in the circumstances.
• Legal Requirements: We may process information without consent where required or permitted by law.

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., Alibaba Cloud, Google Cloud)
• Payment processors (Stripe)
• Analytics providers (PostHog — anonymized usage data only)
• Customer support tools
• Email delivery services

All under strict contracts.

4.2 AI Model Providers

To power the AI agent capabilities of the Services, we transmit data to third-party AI model providers, including but not limited to Anthropic, OpenAI, and other large language model (LLM) providers. This data may include your prompts, instructions, workspace context, and connected tool data necessary for AI agents to perform their tasks.

4.3 Connected Third-Party Services

When you authorize integrations, AI agents may transmit data to and from third-party services (e.g., Notion, Google Drive, Slack, Salesforce, MySQL, Jira, GitHub, Google/X, Reddit, YouTube) as necessary to perform tasks. The specific data shared will depend on the permissions you grant and the nature of the task.

4.4 Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

4.5 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (1) comply with a legal obligation; (2) protect and defend our rights or property; (3) act in urgent circumstances to protect the personal safety of users of the Services or the public; or (4) protect against legal liability.

4.6 With Your Consent

We may disclose your personal information for any other purpose with your consent.

• Right to Access: You have the right to request access to the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information under certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances.
• Right to Object to Processing: You have the right to object to the processing of your personal information under certain circumstances.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Withdraw Consent: If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at privacy@tou.ai. We will respond to your request in accordance with applicable law.

• De-identified and Aggregated Data: We may use de-identified and aggregated data (data that cannot be linked back to you) for AI model training and enhancement. This helps us improve the accuracy, performance, and capabilities of our Services.
• Opt-out for Model Training: We will provide mechanisms for users to opt-out of having their data used for AI model training, where feasible and legally required.
• Confidentiality: We maintain strict confidentiality protocols with our AI model providers to ensure your data is handled securely and in accordance with this Privacy Policy.

Automated Decision-Making

Our AI services may involve automated decision-making processes. Where such decisions produce legal effects concerning you or similarly significantly affect you, you have the right to obtain human intervention, express your point of view, and contest the decision.

• The length of time we have an ongoing relationship with you and provide you with the Services.
• Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records for a certain period before deleting them).
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

When you terminate your account, we will delete or make your data inaccessible within a reasonable period, typically 30 days (except where law requires longer retention).

Regressor Inc. 40425 Chapel Way APT 211 Fremont CA 94538 United States