Privacy Policy

Hagonel, Inc. ("Hagonel," "we," "us," or "our") respects your privacy and is committed to protecting the data you entrust to us. This Privacy Policy explains how we collect, use, and safeguard information when you use our "Invisible Business OS" service.

Hagonel is fundamentally different from traditional SaaS applications. We operate on a non-custodial architecture—meaning your business data never resides on our servers. We access it via APIs only when needed to perform requested orchestration tasks.

When you connect Hagonel to your tools (Slack, Gmail, CRM, etc.), we access data from these systems at runtime to fulfill your requests. This includes:

• Messages and conversations in connected communication platforms
• Calendar events and scheduling data
• CRM records (contacts, deals, activities)
• Project management data (tasks, sprints, assignments)
• Financial transaction metadata (when Stripe/QuickBooks connected)

Hagonel builds a Knowledge Graph ("Institutional Memory") from your business data. This graph stores entities (people, projects, budgets) and relationships between them. Storage location depends on your plan:

• ✕ Train AI models on your data: Your proprietary business data is never used to train or fine-tune Hagonel's AI systems.
• ✕ Sell data to third parties: We do not monetize customer data in any form.
• ✕ Aggregate cross-customer data: Each customer's Knowledge Graph is completely isolated.
• ✕ Retain data after disconnection: When you revoke an integration, we lose all access immediately.

We do collect limited information necessary to operate the service:

• Account Information: Email, name, company, billing details
• Usage Telemetry: Feature usage, error logs, performance metrics (anonymized)
• Audit Logs: Records of all orchestration actions for compliance
• Support Communications: Emails, chat transcripts with our team

For customers in healthcare or handling Protected Health Information (PHI), Hagonel offers HIPAA-compliant deployments through our partnership with proxiML.

• Runtime Data: Not retained beyond the immediate request
• Knowledge Graph: Retained until you delete it or terminate service
• Audit Logs: 90 days (or longer per enterprise contract)
• Account Data: Until account deletion + 30 days
• Billing Records: 7 years (legal requirement)

Hagonel uses the following categories of subprocessors:

• Cloud Infrastructure: AWS / GCP (SOC 2, ISO 27001)
• LLM Providers: Anthropic, OpenAI (Enterprise agreements, no training on data)
• Payment Processing: Stripe (PCI DSS compliant)
• Analytics: PostHog (self-hosted instance, EU data residency option)

Enterprise customers may request the full subprocessor list and receive 30-day notice of any changes.

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of data we hold about you
• Rectification: Correct inaccurate personal data
• Deletion: Request erasure of your data
• Portability: Export your Knowledge Graph in standard formats
• Objection: Object to certain processing activities
• Restriction: Limit how we process your data

To exercise these rights, contact privacy@hagonel.ai

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• SOC 2 Type II audited infrastructure
• Regular penetration testing and security audits
• Role-based access control (RBAC) for all internal systems
• Mandatory security training for all employees