Privacy Policy

Last Updated: May 17, 2026

Intellisea ("we," "our," or "us") is committed to protecting the privacy and security of our users. This Privacy Policy describes how we collect, use, store, share, and safeguard information when you use the Intellisea platform — an agentic AI-powered digital marketing SaaS application.

By accessing or using Intellisea, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.

1. Information We Collect

1.1 Account Information

When you register for Intellisea, we collect:

Full name, email address, and password (encrypted)
Organization name, industry, and business details
Billing and payment information (processed by third-party payment providers)
Team member information added via organization invitations

1.2 User-Generated Content

Content you create or upload within the platform, including:

Chat conversations with AI agents
Strategy board documents and campaign plans
Content templates, media assets, and generated videos
Deployment calendars and task assignments
Business facts, knowledge base entries, and organizational memory

1.3 Third-Party Platform Data

When you connect integrations, we access data from third-party platforms on your behalf, including but not limited to:

Google Analytics: Website traffic, user behavior, conversion data
Google Ads: Campaign performance, ad spend, keyword data
Google Business Profile: Reviews, business listings, local performance
Google Search Console: Search rankings, indexing status, crawl data
LinkedIn: Company page analytics, post performance
Microsoft Teams: Message interactions with AI agents within your workspace

This third-party data is used exclusively to help our AI agents construct, refine, and optimize marketing strategies tailored to your business. We do not sell, share, or redistribute your third-party platform data to any external parties.

1.4 Usage & Technical Data

Browser type, device information, IP address
Pages visited, features used, session duration
Error logs and performance metrics

2. How We Use Your Information

We use collected information to:

Power AI Agents: Our agentic AI system (CEO Agent, Director Agents, and Specialist Agents) uses your business context, third-party platform data, and conversation history to deliver personalized marketing intelligence, strategies, and content.
Maintain Persistent Memory: AI agents retain organizational knowledge across sessions so every team member benefits from shared context. This memory is scoped exclusively to your organization.
Generate Content: Create AI-generated text, images, videos, and voiceovers for your marketing campaigns using your brand guidelines and business data.
Improve the Platform: Analyze aggregated, anonymized usage patterns to improve features, performance, and user experience. We never use your proprietary business data for training general AI models.
Communicate: Send account-related notifications, feature updates, and support responses.

3. AI-Specific Data Practices

3.1 Google API Services — Limited Use Disclosure

Intellisea's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Intellisea:

Only uses Google user data to provide and improve the user-facing features of the Intellisea platform that are visible and apparent to the user
Does not transfer Google user data to third parties unless necessary to provide the service, required by law, or with explicit user consent
Does not use Google user data for serving advertisements
Does not allow humans to read Google user data unless: (a) we have the user's affirmative consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations

3.2 Google API Scopes We Request

When you connect Google services to Intellisea, we request access to the following scopes. Each scope is used solely for the stated purpose:

Service	Scope	Purpose
Google Analytics	analytics.readonly, analytics.edit	Read website traffic data and manage GA4 properties to provide marketing performance insights and recommendations
Google Ads	adwords	Read campaign performance data and manage ad campaigns, keywords, and budgets on behalf of the user
Google Search Console	webmasters, indexing	Read search performance data, check indexing status, and submit URLs for crawling to provide SEO insights
Google Tag Manager	tagmanager.readonly, tagmanager.edit.containers, tagmanager.manage.accounts, tagmanager.publish	Read and manage tracking tags, triggers, and variables to help users configure marketing measurement
Google Business Profile	business.manage	Read business listing information, reviews, and local performance data to provide local SEO recommendations
Google Identity	openid, userinfo.email	Identify the Google account used for authentication and associate the integration with the correct user

3.3 How We Access, Use, Store, and Share Google User Data

Access: Google user data is accessed only when the user initiates an action within the Intellisea platform (e.g., requesting a performance report, creating a campaign, or viewing analytics). We also access data via automated scheduled tasks that the user has explicitly configured (e.g., weekly performance reports, token refresh).
Use: Google user data is used exclusively to display insights, generate recommendations, execute marketing actions, and create reports within the Intellisea platform for the authenticated user and their organization members.
Storage: OAuth refresh tokens are encrypted and stored in AWS Secrets Manager. Cached analytics data (performance metrics, campaign data) is stored in AWS DynamoDB and retained for up to 12 months to enable historical trend analysis. Raw API responses are not permanently stored — they are processed in real-time and discarded after the user's session.
Sharing: Google user data is never shared with third parties, used for advertising, or transferred outside of the user's organization within Intellisea. Data is only shared with AWS infrastructure services (Bedrock, DynamoDB, Lambda) as necessary to process the user's request.

3.4 Revoking Google Access

Users can disconnect any Google integration at any time from the Integrations page within Intellisea. Upon disconnection:

The OAuth refresh token is immediately deleted from AWS Secrets Manager
The integration record is removed from our database
Cached data from that integration is purged within 24 hours
Users can also revoke access directly from their Google Account permissions page

3.5 AI Model Usage

Intellisea leverages large language models and generative AI services (including Amazon Bedrock, AWS infrastructure, and third-party AI APIs) to power its agent network. Important disclosures:

No Model Training on Your Data: Your business data, conversations, and content are never used to train, fine-tune, or improve general-purpose AI foundation models. Your data is used solely to serve your organization's requests in real time.
Prompt Isolation: Each organization's data is logically isolated. AI agents process your data within your organization's context only. No cross-organization data leakage occurs.
Generated Content Ownership: All content generated by AI agents on your behalf (text, images, videos, strategies) is owned by you and your organization.

3.2 Third-Party AI Services

We use the following AI infrastructure providers under strict data processing agreements:

Amazon Web Services (Bedrock, S3, DynamoDB, Lambda): Core infrastructure for AI model inference, data storage, and compute
HeyGen: AI spokesperson video generation (data transmitted only when you initiate video creation)

All AI service providers are contractually bound to not retain, log, or use your data beyond the immediate processing of your request.

4. Data Storage & Security

4.1 Infrastructure

All data is stored on Amazon Web Services (AWS) in the United States (us-east-1 region)
Data at rest is encrypted using AES-256 encryption
Data in transit is encrypted using TLS 1.2+
Authentication is managed through Amazon Cognito with secure token-based sessions

4.2 Access Controls

Role-based access controls within organizations restrict data visibility per team member
API keys and OAuth tokens for third-party integrations are encrypted and stored securely — never exposed in client-side code
Administrative access to production systems is restricted to authorized personnel with multi-factor authentication

4.3 Incident Response

In the event of a data breach, we will notify affected users within 72 hours of discovery, consistent with applicable data protection regulations.

5. Data Sharing

We do not sell your personal information or business data. We may share data only in these circumstances:

Service Providers: Third-party vendors who assist in operating the platform (hosting, payment processing, email delivery) under strict confidentiality agreements
Legal Compliance: When required by law, regulation, subpoena, or court order
Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to users
With Your Consent: When you explicitly authorize sharing with a third party

6. Data Retention & Deletion

6.1 Active Accounts

We retain your data for as long as your account remains active and as needed to provide services to your organization.

6.2 Account Deletion

When an organization's account is deleted, all associated data is permanently deleted from our systems. This includes:

All user accounts within the organization
Chat histories, AI conversation logs, and persistent memory
Strategy boards, content templates, and generated media
Deployment plans and task records
Business facts, knowledge base entries, and organizational context
Connected integration tokens and cached third-party data
All files stored in cloud storage (S3) under the organization's tenant

Deletion is processed within 30 days of the request. Backup copies are purged within 90 days. Once deleted, data cannot be recovered.

6.3 Individual User Removal

Organization administrators can remove individual team members at any time. Removed users lose access immediately, and their personal authentication data is deleted. Shared organizational content (strategy boards, chat histories contributed to) remains with the organization.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Portability: Request your data in a machine-readable format
Objection: Object to certain types of data processing
Restriction: Request restricted processing of your data

To exercise any of these rights, contact us at privacy@intellisea.com.

8. Cookies & Tracking

We use essential cookies to maintain authentication sessions and remember user preferences. We do not use third-party advertising cookies or cross-site tracking pixels. Analytics data is collected in aggregate and anonymized form only.

9. Children's Privacy

Intellisea is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

10. International Data Transfers

If you access Intellisea from outside the United States, your data may be transferred to and processed in the United States. By using the platform, you consent to this transfer. We ensure appropriate safeguards are in place consistent with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Intellisea Privacy Team
Email: privacy@intellisea.com