Privacy Policy

The data controller responsible for your personal data is Ercole.AI, the operator of the Ercole.AI platform, with registered address at 16192 Coastal Highway, 19958 Lewes, Delaware (USA), EIN 35-2674139.

For any privacy-related request you can contact us at privacy@ercole.ai.

We collect the following categories of personal data:

• Account data — full name, email address and password (stored hashed) provided at registration and authentication.
• Onboarding & profile data — information you share about yourself and your business, such as brand, niche, tone of voice, occupation, goals and other personalization details.
• Content data — the prompts, messages, files, images, audio and video you submit, the agents, projects and knowledge bases you create, and the Output generated for you.
• Integration data — access tokens and metadata for third-party services you connect (for example via Composio), used to act on your behalf within the scope you grant.
• Channel identifiers — your Telegram identifier when you link the Telegram bot.
• Usage & billing data — Credit consumption, model and tool usage, subscription and payment status, and execution traces (the steps and AI model calls your Agents make) used for operation, debugging and metering.
• Technical data — IP address, device and browser information, and essential cookies/local storage needed to keep you signed in and to remember preferences (see our Cookie Policy).

We use your personal data to:

• create and manage your account and authenticate your access;
• provide, personalize and operate the Service, including configuring and running your Agents and executing the tasks you request;
• process content through AI models and tools to generate Output;
• operate connected integrations and scheduled tasks on your behalf;
• meter usage, manage Credits, subscriptions and payments;
• record execution traces to debug, secure, monitor and improve the Service;
• communicate with you about the Service, including service and security notices;
• comply with legal obligations and enforce our Terms.

Where the GDPR or similar laws apply, we process your data on the following legal bases: performance of a contract (to provide the Service you sign up for), your consent (for example for optional communications and non-essential cookies), our legitimate interests (to secure, debug and improve the Service and prevent abuse), and compliance with a legal obligation.

The Service relies on third-party large language models (LLMs) and other external providers to process your inputs and generate Output. As a result, content you submit — including files — may be transmitted to and processed by these third parties to perform your tasks.

Because of this, sharing corporate, confidential or otherwise sensitive content is not recommended. You are solely responsible for deciding what content to submit. We do not use your private content to train third-party foundation models except where required to deliver the feature you requested.

We do not sell your personal data. We share data only with service providers and partners that help us run the Service, under appropriate contractual safeguards, including:

• Infrastructure & database — our hosting and database provider (Supabase) stores your account, content and billing data in a logically isolated workspace protected by row-level security;
• AI model providers — to process inputs and generate Output;
• Integration framework — Composio, to manage connectors and act within third-party services you authorize;
• Payment & subscription processors — to handle charges, subscriptions and in-app purchases;
• Messaging — Telegram, where you choose to use the Telegram channel;
• Observability — tools used to trace and debug executions.

We may also disclose data where required by law, to protect our rights, or in connection with a merger, acquisition or sale of assets.

When you connect a third-party service, you authorize Ercole.AI and the relevant Agent to access and act within that service on your behalf, within the scope you grant. Your use of each third-party service remains subject to that provider’s own terms and privacy policy. You may disconnect an integration at any time from your settings.

Ercole.AI operates from the United States and works with providers that may process data in the United States, the European Union and other countries. Where personal data is transferred internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses, where required by applicable law.

We retain your personal data for as long as your account is active and as needed to provide the Service. After account deletion, we delete or anonymize your data within a reasonable period, except where we must retain certain records to comply with legal, accounting or security obligations, or to resolve disputes.

We implement technical and organizational measures designed to protect your data, including encryption in transit, row-level security isolating each workspace, access controls and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential.

Depending on your location, you may have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent at any time. You can manage much of your data directly in your account settings, and you can request account deletion. To exercise your rights, contact us at privacy@ercole.ai. You also have the right to lodge a complaint with your local data protection authority.

The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will take reasonable steps to notify you, for example by posting the updated policy with a new effective date or through the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

For questions about this Privacy Policy or your personal data, contact us at privacy@ercole.ai.