Privacy Policy
Last updated: 27 May 2026
1. Who we are
CEO·Intelligence (“we”, “us”) is operated by Pronto Click, with registered office in Italy and primary contact at [email protected].
We provide an autonomous AI multi-agent platform that helps businesses automate analysis, marketing, and operations. The service is accessible at ceo-intelligence.com and api.ceo-intelligence.com.
2. What data we collect
We collect only the data needed to deliver the service:
- Account data: name, email, organization name, role, authentication tokens.
- Content you provide: prompts, files, documents, web URLs you ask agents to audit or process.
- Connected-account data: when you connect a third-party account (Google Workspace, Gmail, Calendar, Search Console, Analytics, Microsoft 365, LinkedIn, WhatsApp, etc.), we store the OAuth tokens needed to read or act on your behalf — encrypted at rest with AES-256-GCM.
- Usage telemetry: timestamps, agent invocations, token counts, error logs. Used to operate the service, debug, and bill.
- Cookies & local storage: an authentication JWT and a strictly necessary session cookie. We do not use third-party advertising cookies.
3. How we use your data
- To run the AI agents you instruct.
- To call third-party APIs you have explicitly connected (e.g. Google Search Console, Google Analytics 4, Gmail) on your behalf and only as requested by you or by an agent you control.
- To deliver core product features, support, and billing.
- To monitor security, prevent abuse, and comply with legal obligations.
We do not sell your data, train foundation models on your private content, or share your content with advertisers.
4. Google API Services — Limited Use disclosure
CEO·Intelligence's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, for data obtained via Google OAuth scopes:
- Gmail (mail.google.com) — we only access messages you explicitly route through the inbox feature. We never read messages for advertising, profiling, or model training. Content is processed in-memory or stored encrypted at rest only for the features you have enabled.
- Google Calendar (auth/calendar) — we read and write events solely to render your calendar inside the dashboard and to schedule items you create.
- Google Contacts (auth/contacts) — read only when you explicitly trigger contact-sync.
- Google Search Console (auth/webmasters.readonly) — read-only. Used exclusively to provide the SEO audit feature you requested. Data is shown only to authenticated users in your organization and is not shared with third parties.
- Google Analytics (auth/analytics.readonly) — read-only. Used exclusively to power the analytics-aware SEO and performance audits you request. Data is never used to train AI models or transferred to advertisers.
- Google Ads (auth/adwords) — used only when you ask an agent to run a Google Ads audit on your own account.
- YouTube (auth/youtube) — used only when you ask an agent to manage your own channel.
We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features (e.g. our hosting provider). We do not use Google user data to serve advertising. Human access to your Google data is limited to (a) you, (b) your authorized organization members, and (c) Pronto Click staff strictly for security, legal, or to provide support you have requested.
You can revoke our access at any time at myaccount.google.com/permissions or from Settings → Google Search Console + Analytics → Disconnect inside CEO·Intelligence.
5. Where data is stored
Primary storage is on infrastructure controlled by Pronto Click, located in the European Union. Encrypted backups are kept on the same infrastructure. Some sub-processors (e.g. LLM providers you choose to enable) may process data outside the EU under appropriate safeguards; you can review and disable them per agent in Settings.
6. Retention
Account data is retained while your account is active and for up to 12 months after closure for legal and accounting reasons. OAuth tokens are deleted within 30 days of disconnection or account closure. You can request immediate deletion via [email protected].
7. Your rights (GDPR)
Under the EU General Data Protection Regulation you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise any right, write to [email protected]. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
8. Security
We encrypt sensitive data at rest (AES-256-GCM), enforce TLS 1.2+ in transit, scope database access per organization with row-level security, and log access to sensitive resources. We follow least- privilege principles internally.
9. Children
The service is not directed to children under 16 and we do not knowingly collect their data.
10. Changes
We may update this policy. Material changes will be announced inside the dashboard and by email at least 14 days before they take effect.
11. Contact
Data controller: Pronto Click · [email protected].