Privacy Policy

Gnosari ("we," "us," or "our") operates gnosari.com and provides AI agent management and collaboration services (the "Service"). This Privacy Policy governs your access to and use of our Service.

We are committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services. This policy outlines our data handling practices and your rights regarding your personal information.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1.1 Information You Provide Directly

• Account Information: Email address, name, password (encrypted), and profile information when you register for an account.
• Payment Information: Billing details, payment method information (processed securely through Stripe), and transaction history.
• AI Agent Data: Configuration details, instructions, knowledge sources, tools, and content you create using our Service.
• Communication Data: Messages, feedback, and support requests you send to us.
• User Content: Files, documents, and other content you upload to our platform.

1.2 Information We Collect Automatically

• Usage Data: Information about how you interact with our Service, including pages viewed, features used, and actions taken.
• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Authentication Tokens: JWT tokens stored in browser local storage for maintaining your session.
• Log Data: Server logs including access times, error messages, and system events.
• Cookies and Similar Technologies: We use cookies and local storage to maintain sessions, preferences, and analytics.

1.3 Information from Third Parties

• AI Model Providers: Usage metrics and performance data from AI service providers (OpenAI, Anthropic, etc.).
• Payment Processors: Transaction confirmations and payment status from Stripe.
• Analytics Services: Aggregated usage statistics and performance metrics.

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI agent management platform and related services.
• Account Management: To create and manage your account, authenticate your access, and maintain your preferences.
• Payment Processing: To process payments, manage subscriptions, and provide billing support.
• Communication: To send you service updates, security alerts, support messages, and administrative communications.
• Personalization: To customize your experience and provide relevant features and content.
• Analytics and Improvement: To analyze usage patterns, monitor performance, and improve our Service.
• Security: To detect, prevent, and address fraud, security issues, and technical problems.
• Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights and those of our users.
• Marketing (with consent): To send promotional materials and updates about new features (you can opt-out at any time).

We do not sell your personal information. We may share your information in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Cloud Hosting: Infrastructure providers for data storage and computing resources.
• Payment Processing: Stripe for secure payment processing (subject to their privacy policy).
• AI Services: OpenAI, Anthropic, and other AI model providers for processing your AI agent requests.
• Analytics: Analytics services for understanding usage patterns (anonymized where possible).
• Communication: Email service providers for transactional and marketing emails.

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

We implement industry-standard security measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
• Password Security: Passwords are hashed using industry-standard algorithms and never stored in plain text.
• Access Controls: Strict access controls and authentication requirements for system access.
• Regular Audits: Periodic security audits and vulnerability assessments.
• Monitoring: 24/7 security monitoring and incident response procedures.
• Secure Infrastructure: Industry-leading cloud providers with SOC 2 and ISO 27001 certifications.

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period after account closure for legal and operational purposes.
• Transaction Records: Retained for at least 7 years to comply with tax and financial regulations.
• Usage Data: Aggregated analytics retained indefinitely for service improvement; individual usage data deleted after 24 months.
• Backups: Data in backups may be retained for up to 90 days for disaster recovery purposes.
• Legal Holds: Data may be retained longer if required for legal proceedings or regulatory compliance.

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal information.
• Right to Deletion: Request deletion of your personal information (subject to legal retention requirements).
• Right to Portability: Receive your personal information in a structured, machine-readable format.
• Right to Object: Object to certain processing of your personal information, including marketing.
• Right to Restriction: Request restriction of processing your personal information in certain circumstances.
• Right to Withdraw Consent: Withdraw consent for processing where we rely on consent as legal basis.
• Right to Complain: Lodge a complaint with a supervisory authority if you believe your rights have been violated.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses: EU-approved Standard Contractual Clauses for transfers to third countries.
• Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection.
• Privacy Shield (where applicable): Compliance with relevant international privacy frameworks.
• Service Provider Agreements: Contractual obligations ensuring third-party processors maintain appropriate data protection.

Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at dpo@neomanex.com. We will take steps to delete such information from our systems.

Our Service may contain links to third-party websites, services, or integrations that are not operated by us. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing your personal information.

Key Third-Party Services

• Stripe: Payment processing - Privacy Policy
• OpenAI: AI model services - Privacy Policy
• Anthropic: AI model services - Privacy Policy

We use cookies and similar tracking technologies to collect and store information about your use of our Service.

Types of Cookies We Use

• Essential Cookies

  Required for basic functionality including authentication (JWT tokens in localStorage), session management, and security features. These cannot be disabled.

• Analytics Cookies

  Help us understand how visitors interact with our Service by collecting and reporting information anonymously.

• Preference Cookies

  Remember your preferences and settings, such as language preference, theme selection, and UI customizations.

Managing Cookies

Most web browsers allow you to control cookies through browser settings. However, disabling certain cookies may limit your ability to use some features of our Service.

You can manage your cookie preferences through your browser settings or by contacting us at dpo@neomanex.com.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of your personal information (subject to exceptions).
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information).
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.

To exercise these rights, contact us at dpo@neomanex.com. We will verify your identity before processing your request.

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Service to you.
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, security).
• Consent: Where you have given explicit consent for specific processing activities.
• Legal Obligation: Processing required to comply with legal obligations.

Data Controller

Neomanex (operating Gnosari) acts as the data controller for personal information processed through our Service. Contact our Data Protection Officer at dpo@neomanex.com for GDPR-related inquiries.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

We will notify you of any material changes by:

• Sending an email to the address associated with your account
• Posting a prominent notice on our website
• Displaying an in-app notification when you next log in

Your continued use of our Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: