Last updated August 6th, 2025

Privacy Policy

This privacy policy describes how We collect, use, process, and protect Your information when You use Our Service. Please read this privacy policy carefully to understand Our policies and practices regarding Your information.

Use of the Service is also subject to Our Terms and Conditions, which can be found at https://erdo.ai/terms.

Interpretation and Definitions

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this privacy policy:

Application means the software program provided by the Company downloaded by You on any electronic Device, named Erdo

Account means a unique account created for You to access our Service or parts of our Service.

Company (referred to as either "the Company", "Erdo", "We", "Us" or "Our") refers to Erdo AI, LLC, 419 Park Avenue South, Suite 600, New York, NY 10016.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Service refers to the Application.

Service Integration means a connection that You establish through the Service to allow access to third-party data sources (such as Google services) for the purpose of using them with the Service.

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Processing and Ownership

You retain all rights, title, and interest in and to all data uploaded to or processed through the Service. The Company's rights and obligations with respect to such data are as follows:

(a) The Company shall process data in accordance with our Service functionality and any instructions provided through the Service;

(b) All data processing shall occur in secure environments with appropriate safeguards;

(c) The Company may use patterns, insights, and anonymized data derived from Service usage to improve and develop our technology and Service offerings in accordance with applicable terms;

(d) The Company maintains appropriate security controls and data protection measures.

(e) The Company may access and review data when necessary for Service operations, including but not limited to security monitoring, bug investigation, feature development, and customer support.

Service Analytics

The Company collects and analyzes Service usage data, including user behavior, preferences, and interaction patterns, to improve Service functionality, personalization, and user experience. Such data is handled in accordance with industry standard privacy and security practices.

Third-Party Service Integrations

Integration with third-party services is subject to the following terms:

(a) Access to third-party services requires explicit Account authorization and compliance with applicable terms of service;

(b) The Company may collaborate with third parties to enhance Service functionality and features;

(c) All Service Integrations receive appropriate protection and security measures;

(d) The Company may use insights from Service Integrations to improve overall platform functionality and user experience in accordance with applicable third-party terms;

(e) The Company may enhance and optimize the Service based on aggregate platform usage patterns in compliance with applicable service terms;

(f) Any platform improvements will maintain appropriate safeguards for Account information;

(g) You may manage or disconnect Service Integrations through Your Account settings at any time.

Google Services Data

For users who connect Google services, We collect and process the following categories of data only when specifically requested through the Service:

(a) For Google Analytics integrations: website analytics data including traffic metrics, user behavior data, and campaign performance data as explicitly requested by You through the Service;

(b) For Google Ads integrations: advertising campaign data, performance metrics, and related analytics as explicitly requested by You through the Service;

(c) For Google Drive and Google Sheets integrations: spreadsheet data, document content, and file metadata as explicitly requested by You through the Service for data analysis purposes;

(d) Basic Account information required for authentication.

Google-Specific Commitments:We comply with Google API Services User Data Policy, including the Limited Use requirements. Google user data obtained through Google APIs is used solely to provide or improve user-facing features that are prominent in Our Service's requesting application's user interface. We do not transfer Google user data to others unless necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent. We do not use Google user data for serving advertisements or allow humans to read this data unless we have Your affirmative agreement for specific messages or it is necessary for security purposes such as investigating abuse.

Data Sharing, Transfer, and Disclosure

We do not sell, rent, or trade Your personal information, including Google user data, to third parties for their marketing purposes. We may share, transfer, or disclose Your information only in the following limited circumstances:

(a) Service Providers: We may share data with trusted third-party service providers who assist us in operating our Service, such as cloud hosting providers (Google Cloud Platform), authentication services (Clerk), and analytics providers. We only share the minimum data necessary for these providers to perform their specific functions. These providers are contractually obligated to protect Your data and use it solely for providing services on our behalf.

(b) Legal Requirements: We may disclose Your information if required by law, court order, or other legal process, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, or ensure user safety.

(c) Business Transfers: In the event of a merger, acquisition, or sale of assets, Your information may be transferred as part of that transaction, subject to the same privacy protections outlined in this policy.

(d) Consent: We may share Your information with Your explicit consent for specific purposes not covered above.

All data transfers are conducted using secure protocols and in compliance with applicable data protection laws. Google user data is never shared for advertising or marketing purposes and is only accessed as necessary to provide the specific Service functionality You have requested.

Data Protection Mechanisms

We implement comprehensive security measures to protect Your data, including sensitive Google user data:

(a) Encryption: All data is encrypted both in transit using TLS and at rest using AES-GCM encryption. Each organization's data is encrypted with separate encryption keys to ensure isolation. Database connections use encrypted channels and all API communications are secured with industry-standard encryption protocols.

(b) Access Controls: We implement role-based access controls (RBAC) ensuring that only authorized personnel can access Your data on a need-to-know basis. All access is logged and monitored.

(c) Authentication: Multi-factor authentication is required for all administrative access, including access to cloud services and infrastructure. OAuth 2.0 protocols are used for secure third-party integrations, including Google services.

(d) Infrastructure Security: Our Service runs on secure cloud infrastructure with vulnerability assessments and penetration testing. We maintain SOC 2 compliance standards.

(e) Data Isolation: Customer data is logically isolated using secure multi-tenant architecture. Each organization's data is separated and protected from unauthorized access by other tenants.

(f) Monitoring and Logging: We maintain comprehensive audit logs of all data access and system activities. Automated security monitoring detects and alerts on suspicious activities.

Data Retention and Deletion

We will retain Your personal information, including data from Service Integrations (such as Google services), for the length of time needed to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

When You disconnect a Service Integration, We delete the associated access credentials immediately. When the data retention period expires, We will delete or destroy the data. Historical data from these Service Integrations may be retained for up to 30 days to ensure service continuity in case of accidental disconnection.

You may request complete deletion of Your Account and associated data from Service Integrations, including any Google service data, by contacting Us at hello@erdo.ai. Upon receiving such a request, We will delete Your data within 30 days, except where retention is required by law or necessary for legitimate business purposes such as audit logs.

Contact Us

If You have any questions about this privacy policy or Our privacy practices, You can contact Us by email: hello@erdo.ai.