Privacy Policy

Last updated: March 15, 2026

Aiorkesta ("we", "our", "us") operates the website www.aiorkesta.com and the Aiorkesta platform (the "Service"). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

We collect the following types of information:

• Account Information: When you sign up, we collect your name, email address, and profile picture via Google Sign-In.
• OAuth Tokens: When you connect third-party services (Gmail, Telegram, GitHub, etc.), we store encrypted OAuth tokens to access those services on your behalf.
• Usage Data: We collect information about how you use the Service, including agents created, pipelines run, and queries made.
• Content: Documents you upload to agent knowledge bases, pipeline configurations, and chat messages.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service.
• Execute AI agent pipelines and process queries on your behalf.
• Access connected services (Gmail, Telegram, GitHub, etc.) only as configured by you in your pipelines.
• Send service-related communications.

3. Gmail Data Usage

When you connect your Gmail account, we request the following permissions:

• gmail.readonly: To read incoming emails for pipeline triggers.
• gmail.modify: To mark processed emails as read.
• gmail.send: To send email replies when configured in your pipelines.

We only access your Gmail data when a pipeline you have configured requires it. We do not read, store, or share your email content beyond what is necessary to execute your configured pipelines. Email content is processed in real-time and is not permanently stored.

We do not use Gmail data for advertising, market research, or any purpose unrelated to providing the Service.

4. Data Storage and Security

• All OAuth tokens and API keys are encrypted at rest using AES-256 encryption.
• Data is stored on secure servers with access controls.
• Each user's data is isolated — users cannot access other users' agents, pipelines, or connected services.
• We use per-user scoped API tokens to ensure project-level isolation with third-party services.

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data with:

• AI Service Providers: Your queries and documents are processed by our AI backend (aifly.click) to generate agent responses. This processing is subject to their privacy practices.
• Connected Services: When you connect third-party services (Gmail, Telegram, etc.), data flows to those services as configured in your pipelines.
• Legal Requirements: We may disclose information if required by law.

6. Data Retention

We retain your data for as long as your account is active. You can:

• Delete individual agents and their knowledge bases at any time.
• Disconnect third-party services (Gmail, Telegram, etc.) to revoke access and delete stored tokens.
• Request deletion of your account and all associated data by contacting us.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Disconnect any connected third-party service at any time.
• Export your data.
• Object to processing of your data.

8. Cookies

We use essential cookies for authentication (session tokens). We do not use tracking or advertising cookies.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

privacy@aiorkesta.com