Privacy Policy

1. Introduction

This Privacy Policy describes how Padiso ("Padiso", "we", "us", or "our") collects, uses, discloses, and protects information when you use the Padiso platform, websites, dashboard, APIs, and related services (the "Service"), including information processed by the AI agents you run on the Service.

It applies to visitors of our website, account holders, and the authorized users within a customer workspace. Where you use Padiso on behalf of an organization, that organization is the controller of the workspace data and you should also consult its own privacy notices.

2. Information we collect

We collect the following categories of information:

• Account and profile data: your name, email address, password or single-sign-on identifier, organization name, and role.
• Billing data: your plan, subscription status, and payment details, which are collected and processed by our third-party payment processor (we do not store full card numbers).
• Workspace content: the workspaces, projects, goals, tasks, prompts, instructions, comments, and other materials you and your users submit ("Your Content").
• Agent and run data: the inputs, outputs, tool calls, status, token usage, cost, and logs generated when your agents run.
• Connected credentials: API keys, tokens, and secrets you store in the vault to connect models and integrations, which are encrypted.
• Usage and device data: log data such as IP address, browser type, pages viewed, actions taken, timestamps, and similar diagnostic information.
• Cookies and similar technologies: as described in our Cookie Policy.

3. How we collect information

We collect information you provide directly (for example, when you sign up, configure agents, or contact support), automatically as you use the Service (for example, through logs and cookies), and from third parties such as our payment processor, authentication provider, and analytics tools.

4. How we use information

We use information to:

• provide, operate, maintain, and secure the Service, including running and coordinating your agents;
• process payments and manage subscriptions;
• monitor performance, prevent fraud and abuse, and enforce budgets, approvals, and our Terms;
• provide customer support and respond to your requests;
• analyze usage to understand and improve the Service and develop new features;
• send service, security, and (where permitted) marketing communications, which you can opt out of; and
• comply with legal obligations and enforce our rights.

5. Legal bases for processing

Where the GDPR or similar laws apply, we process personal data on the following bases: performance of our contract with you (to provide the Service); our legitimate interests (to secure, operate, and improve the Service and to communicate with you), balanced against your rights; your consent (for example, for non-essential cookies and marketing); and compliance with legal obligations.

6. Agent and run data

When your agents run, we store the data needed to display your dashboard, enforce budgets and approvals, recover from failures, and maintain an audit trail. This data is associated with your workspace and logically isolated from other customers.

We do not use Your Content, prompts, or agent outputs to train shared or foundation models. Content you choose to send to a third-party model Provider is transmitted to that Provider to fulfil the run and is subject to the Provider’s own terms.

7. Sharing and disclosure

We do not sell your personal data. We share information only as follows:

• Sub-processors: trusted service providers that help us run the Service, such as cloud hosting, our database provider, payment processing, email delivery, and analytics, under contractual confidentiality and data-protection obligations.
• Providers and Integrations you connect: data is shared with the model Providers and Integrations you enable, at your direction, to fulfil agent runs.
• Legal and safety: when required by law, regulation, or valid legal process, or to protect the rights, property, or safety of Padiso, our users, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

8. International data transfers

We may process and store information in countries other than the one in which you are located. Where we transfer personal data internationally, we use appropriate safeguards, such as standard contractual clauses, to protect it in accordance with applicable law.

9. Data retention

We retain personal data and Your Content for as long as your account is active and as needed to provide the Service. You can delete workspaces and content at any time. After your account is closed, we delete or anonymize remaining data within a reasonable period, except where we are required to retain it for legal, tax, accounting, or security purposes, or to resolve disputes and enforce agreements.

10. Security

We implement technical and organizational measures designed to protect information, including encryption in transit and at rest, workspace isolation, scoped and encrypted storage of credentials, access controls on a need-to-know basis, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to protect your information and review our practices regularly.

11. Your rights and choices

Depending on your location (including under the GDPR and the CCPA/CPRA), you may have the right to access, correct, update, port, restrict, or delete your personal data, to object to certain processing, and to withdraw consent where processing is based on consent. You may also have the right not to be discriminated against for exercising these rights.

You can manage much of your data directly in your account settings, and you can opt out of marketing emails using the unsubscribe link. To make a request, contact us at [email protected]; we may need to verify your identity. If we process workspace data on behalf of an organization, we will refer your request to that organization. You may also lodge a complaint with your local data-protection authority.

12. Cookies and tracking

We use cookies and similar technologies for essential functionality, to remember preferences, and (with your consent) for analytics. For details and how to manage your choices, see our Cookie Policy.

13. Children

The Service is intended for business use and is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version here, change the "last updated" date, and, for material changes, provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance.