Privacy Policy

Ontogent ("we," "us," "our") operates the context platform for agentic go-to-market at app.ontogent.ai. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform, APIs, and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

2.1 Account Information

When you create an account, we collect your name, email address, company name, and role. This information is used to provision your workspace, manage access, and communicate with you.

2.2 Client Business Data

You upload or input business data into your Ontogent workspace, including but not limited to: positioning documents, competitive intelligence, ICP definitions, brand rules, content assets, and performance metrics ("Client Data"). You own your Client Data. We process it solely to provide the Service.

2.3 Agent Output Data

When agents run on the platform, they produce deliverables (competitive digests, content briefs, reports, etc.) and associated metadata (approval/rejection status, rejection reasons, timestamps, token usage). This data is stored in your workspace.

2.4 Usage Data

We collect information about how you use the Service: API calls, page views, agent execution logs, context assembly requests, and feature usage patterns. This data is used to operate, improve, and monitor the Service.

2.5 Cookies and Analytics

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. We may use privacy-respecting analytics to understand feature usage.

• Provide the Service: Process your Client Data through the knowledge graph, composition pipeline, and agent fleet to produce deliverables.
• Operate and improve: Monitor performance, fix bugs, develop new features, and optimize the platform.
• Communicate: Send agent output notifications, weekly digests, onboarding emails, and service announcements.
• Cross-client pattern detection: See Section 4 below.
• Comply with law: Respond to legal requests and enforce our Terms of Service.

This section describes how Ontogent aggregates anonymized data across client workspaces to improve the Service for all users. This is a core feature of the platform and we want to be transparent about exactly what is and is not shared.

4.1 What We Aggregate

We aggregate structural performance metrics across opted-in client workspaces to detect patterns that improve recommendations for all users. Aggregated metrics include:

• Agent output approval rates by output type (e.g., "battlecards have 85% approval rate for Series B SaaS")
• Agent effectiveness by McKinsey archetype and company stage
• ARI prediction accuracy (how well automation readiness scores predict actual outcomes)
• Rejection reason categories (e.g., "tone mismatch is the #1 rejection reason")
• Task automation coverage correlations (e.g., "companies with 5+ automated tasks produce 2x output")

4.2 What We Never Share

The following data is never included in cross-client aggregation and is never visible to any other client:

• Your content, copy, or deliverables
• Competitive intelligence (competitor names, positioning, displacement narratives)
• ICP details, persona definitions, or buyer information
• Your company name or any identifying information
• Specific rejection reason text (only categorized — e.g., "tone mismatch" not the actual reason)
• Brand rules, voice guidelines, tenets, or forbidden lexicon
• Pricing, revenue, or financial data

4.3 Minimum Cohort Size

Patterns are only generated and displayed when 5 or more client workspaces in the same business archetype and company stage contribute data. This prevents reverse-engineering individual client data from aggregated patterns.

4.4 Opt-Out

You can opt out of contributing your data to cross-client aggregation at any time via Settings > Privacy in your workspace. When you opt out:

• Your data is immediately excluded from all future pattern detection runs.
• You continue to receive patterns detected from other opted-in clients.
• Opting out does not affect any other aspect of the Service.

4.5 Pattern Expiration

All cross-client patterns expire after 90 days and must be re-validated against fresh data. Expired patterns are automatically removed from the system.

Client Data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure in the US East region. Embeddings are stored using pgvector. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

API keys are bcrypt-hashed and never stored in plaintext. The full key is displayed once at creation and cannot be retrieved afterwards.

We implement rate limiting, request logging, and audit trails for all API access. Access to production databases is restricted and logged.

Client Data is retained for the duration of your subscription. Upon account cancellation or written request, we will delete your workspace data within 30 days, including:

• All documents, artifacts, and knowledge graph data
• All agent definitions, outputs, and run history
• All API keys and usage logs
• All team member records associated with your workspace

Anonymized aggregate data (cross-client patterns) that has already been computed will not be retroactively removed, as it contains no identifying information. Future pattern detection runs will not include your data after deletion.

We use the following third-party services to operate the platform:

• Anthropic (Claude API): LLM calls for agent output generation. Your data is sent to Anthropic's API for processing. Anthropic does not use API inputs/outputs for training. See Anthropic's Privacy Policy.
• Supabase: Database hosting. See Supabase Privacy Policy.
• Vercel: Application hosting. See Vercel Privacy Policy.
• Google (Gmail SMTP): Transactional email delivery.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your personal data and workspace
• Export your data in a machine-readable format
• Opt out of cross-client data aggregation
• Object to processing based on legitimate interest

To exercise any of these rights, email [email protected].

For users in the European Economic Area, we process data under the following legal bases:

• Contract performance: Processing Client Data to provide the Service you subscribed to.
• Legitimate interest: Cross-client pattern aggregation (anonymized, with opt-out), service improvement, and security monitoring.
• Consent: Marketing communications (you can unsubscribe at any time).

California residents have additional rights under the CCPA. We do not sell personal information. Cross-client pattern aggregation uses anonymized, non-personal data and falls under the business purpose exemption. You may request disclosure of the categories of information we collect and the purposes for which it is used by emailing [email protected].

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance.

For privacy questions or concerns:
[email protected]
Ontogent (Strategnik LLC)