Last updated March 19th, 2026

Privacy Policy

This privacy policy describes how We collect, use, process, and protect Your information when You use Our Service. Please read this privacy policy carefully to understand Our policies and practices regarding Your information.

Use of the Service is also subject to Our Terms and Conditions, which can be found at https://erdo.ai/terms.

Interpretation and Definitions

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this privacy policy:

Service means the Erdo web-based software platform accessible at https://erdo.ai and any associated subdomains, APIs, and features provided by the Company.

Account means a unique account created for You to access our Service or parts of our Service.

Company (referred to as either "the Company", "Erdo", "We", "Us" or "Our") refers to Erdo AI, LLC, 419 Park Avenue South, Suite 600, New York, NY 10016.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Service Integration means a connection that You establish through the Service to allow access to third-party data sources, applications, or databases for the purpose of reading data from or writing data to those third-party services.

AI Features means the artificial intelligence and machine learning capabilities provided through the Service, including but not limited to natural language processing, data analysis, code generation, and automated insights powered by third-party large language model (LLM) providers.

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Processing and Ownership

You retain all rights, title, and interest in and to all data uploaded to or processed through the Service. The Company's rights and obligations with respect to such data are as follows:

(a) The Company shall process data in accordance with our Service functionality and any instructions provided through the Service;

(b) All data processing shall occur in secure environments with appropriate safeguards;

(c) The Company may use patterns, insights, and anonymized data derived from Service usage to improve and develop our technology and Service offerings in accordance with applicable terms;

(d) The Company maintains appropriate security controls and data protection measures.

(e) The Company may access and review data when necessary for Service operations, including but not limited to security monitoring, bug investigation, feature development, and customer support.

Artificial Intelligence and LLM Data Processing

The Service utilizes artificial intelligence and large language model (LLM) technology to provide its core functionality. By using the Service, You acknowledge and agree to the following data processing practices:

(a) Third-Party LLM Providers: Your conversations, queries, and data submitted to the Service may be transmitted to and processed by third-party LLM providers, including but not limited to Anthropic, OpenAI, and Google, to generate responses, insights, and automated actions;

(b) Data Transmission: When You interact with AI Features, the content of Your messages and relevant context from Your connected data sources may be sent to these third-party providers for processing;

(c) Provider Privacy Policies: Data processed by third-party LLM providers is subject to their respective privacy policies and data handling practices. We encourage You to review the privacy policies of Anthropic, OpenAI, and Google;

(d) Conversation History: Your conversations with the AI are stored in Our systems to provide continuity, enable features like conversation history, and improve the Service;

(e) Code Generation: AI Features may generate and execute code on Your behalf to query and analyze data from Your connected integrations. This code execution occurs in secure, isolated environments.

Service Analytics

The Company collects and analyzes Service usage data, including user behavior, preferences, and interaction patterns, to improve Service functionality, personalization, and user experience. Such data is handled in accordance with industry standard privacy and security practices.

Third-Party Service Integrations

The Service allows You to connect to various third-party services through Service Integrations, including but not limited to:

(a) Advertising platforms (Google Ads, Meta Ads, TikTok Ads);

(b) Analytics services (Google Analytics);

(c) CRM systems (HubSpot, Salesforce);

(d) E-commerce platforms (Shopify);

(e) Payment processors (Stripe);

(f) Databases and data warehouses (PostgreSQL, BigQuery, Snowflake, ClickHouse, Microsoft Fabric);

(g) Productivity tools (Google Sheets, Google Drive);

(h) Integration platforms (Pipedream), which enable connections to additional third-party services.

Integration with third-party services is subject to the following terms:

(a) Access to third-party services requires explicit Account authorization and compliance with applicable terms of service;

(b) The Company may collaborate with third parties to enhance Service functionality and features;

(c) All Service Integrations receive appropriate protection and security measures;

(d) The Company may use insights from Service Integrations to improve overall platform functionality and user experience in accordance with applicable third-party terms;

(e) The Company may enhance and optimize the Service based on aggregate platform usage patterns in compliance with applicable service terms;

(f) Any platform improvements will maintain appropriate safeguards for Account information;

(g) You may manage or disconnect Service Integrations through Your Account settings at any time.

Integration Credentials and Authentication Data

When You connect Service Integrations, We collect and store the following types of authentication data:

(a) OAuth Tokens: Access and refresh tokens for OAuth-based integrations (such as Google, Meta, Salesforce, HubSpot);

(b) API Keys: API keys and secrets for services that use key-based authentication;

(c) Database Credentials: Connection strings, usernames, passwords, and host information for database integrations;

(d) Service Account Credentials: Service account keys and certificates for cloud provider integrations.

All integration credentials are encrypted at rest using AES-256-GCM encryption with per-organization encryption keys. Credentials are used solely to perform the integration functionality You have configured and are never shared with third parties except as necessary to connect to the integrated services.

Browser Automation Data

The Service may include browser automation features. When You use these features:

(a) Login credentials You provide for automated browser sessions are stored in encrypted form using per-organization encryption keys;

(b) Browser session data may be retained temporarily to enable multi-step automated workflows;

(c) Credentials are used solely to perform the automated tasks You configure and are accessible only to Your organization.

Google Services Data

For users who connect Google services, We collect and process the following categories of data only when specifically requested through the Service:

(a) For Google Analytics integrations: website analytics data including traffic metrics, user behavior data, and campaign performance data as explicitly requested by You through the Service;

(b) For Google Ads integrations: advertising campaign data, performance metrics, and related analytics as explicitly requested by You through the Service;

(c) For Google Drive and Google Sheets integrations: spreadsheet data, document content, and file metadata as explicitly requested by You through the Service for data analysis purposes;

(d) Basic Account information required for authentication.

Google-Specific Commitments: We comply with Google API Services User Data Policy, including the Limited Use requirements. Google user data obtained through Google APIs is used solely to provide or improve user-facing features that are prominent in Our Service's requesting application's user interface. We do not transfer Google user data to others unless necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent. We do not use Google user data for serving advertisements or allow humans to read this data unless we have Your affirmative agreement for specific messages or it is necessary for security purposes such as investigating abuse.

Data Sharing, Transfer, and Disclosure

We do not sell, rent, or trade Your personal information, including Google user data, to third parties for their marketing purposes. We may share, transfer, or disclose Your information only in the following limited circumstances:

(a) Service Providers: We may share data with trusted third-party service providers who assist us in operating our Service, such as cloud hosting providers (Google Cloud Platform, Railway), authentication services (Clerk), payment processors (Stripe), and analytics providers. We only share the minimum data necessary for these providers to perform their specific functions. These providers are contractually obligated to protect Your data and use it solely for providing services on our behalf.

(b) LLM Providers: As described in the "Artificial Intelligence and LLM Data Processing" section, Your conversations and data may be transmitted to third-party LLM providers (Anthropic, OpenAI, Google) to provide AI Features.

(c) Legal Requirements: We may disclose Your information if required by law, court order, or other legal process, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, or ensure user safety.

(d) Business Transfers: In the event of a merger, acquisition, or sale of assets, Your information may be transferred as part of that transaction, subject to the same privacy protections outlined in this policy.

(e) Consent: We may share Your information with Your explicit consent for specific purposes not covered above.

All data transfers are conducted using secure protocols and in compliance with applicable data protection laws. Google user data is never shared for advertising or marketing purposes and is only accessed as necessary to provide the specific Service functionality You have requested.

Data Protection Mechanisms

We implement comprehensive security measures to protect Your data, including sensitive integration credentials and Google user data:

(a) Encryption: All data is encrypted both in transit using TLS and at rest using AES-256-GCM encryption. Each organization's data is encrypted with separate encryption keys to ensure isolation. Database connections use encrypted channels and all API communications are secured with industry-standard encryption protocols.

(b) Access Controls: We implement role-based access controls (RBAC) ensuring that only authorized personnel can access Your data on a need-to-know basis. All access is logged and monitored.

(c) Authentication: Multi-factor authentication is available for all user accounts. OAuth 2.0 protocols are used for secure third-party integrations, including Google services.

(d) Infrastructure Security: Our Service runs on secure cloud infrastructure with regular vulnerability assessments.

(e) Data Isolation: Customer data is logically isolated using secure multi-tenant architecture. Each organization's data is separated and protected from unauthorized access by other tenants.

(f) Monitoring and Logging: We maintain comprehensive audit logs of all data access and system activities. Automated security monitoring detects and alerts on suspicious activities.

Data Retention and Deletion

We will retain Your personal information, including data from Service Integrations, for the length of time needed to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

When You disconnect a Service Integration, We delete the associated access credentials immediately. When the data retention period expires, We will delete or destroy the data. Historical data from these Service Integrations may be retained for up to 30 days to ensure service continuity in case of accidental disconnection.

Conversation history and AI interaction data are retained for the duration of Your Account to provide continuity and enable features like conversation history.

You may request complete deletion of Your Account and associated data from Service Integrations, including any Google service data and conversation history, by contacting Us at [email protected]. Upon receiving such a request, We will delete Your data within 30 days, except where retention is required by law or necessary for legitimate business purposes such as audit logs.

Contact Us

If You have any questions about this privacy policy or Our privacy practices, You can contact Us by email: [email protected].