Privacy Policy – AI Advisory Board

Effective date: 10 December 2025

1. Who we are

This Privacy Policy explains how we collect, use and protect personal data in connection with the AI Advisory Board web application and related services (the "Service").

The Service is provided by:

«ECOSYSTEMS ONLINE» LLC
Tershakovtsiv 2A, Lviv, Ukraine
Phone: +38 067 324 0595
Email: ceo@aiadvisoryboard.me

In this Privacy Policy, "Company", "we", "us" or "our" refers to «ECOSYSTEMS ONLINE» LLC. "You" means any individual who uses the Service, visits our websites, or communicates with us.

If you use the Service on behalf of a company, that company is referred to as the Customer.

2. Role of the Company (controller vs processor)

For users who visit our website, request a demo, receive marketing, or contact us, we act as a data controller.

For employees and contractors who use AI Advisory Board inside their company account, we generally act as a data processor on behalf of the Customer, who is the data controller for such personal data.

In some cases (for example our own demo workspaces or accounts we create for testing), we may act as a controller for the data in that workspace.

If your employer or another organization invited you to use the Service, please contact that organization directly for questions about how they use your personal data. We will process your data according to our agreement with the Customer and this Policy.

3. Personal data we collect

We may collect and process the following categories of personal data.

3.1. Account and profile data

  • Name, surname
  • Email address
  • Password hash (we never store plain-text passwords)
  • Role or job title
  • Company name or workspace name
  • Preferred language and time zone

If you sign up using Google OAuth, we receive data from Google as described in section 7 below.

3.2. Workspace content (reports and planning data)

The core of AI Advisory Board is collecting and analysing short structured reports from employees (for example: "yesterday's results", "today's plan", "help needed") and related information.

Depending on how your company configures the Service, we may process:

  • Daily / weekly reports you submit
  • Plans, tasks, priorities and progress updates
  • Comments, reactions and feedback inside the workspace
  • Links to documents, tickets, CRM records and other resources that you decide to include
  • AI-generated summaries, recommendations and analytics based on your input

This content may include personal data about you and other people (e.g. colleagues, clients).

3.3. Calendar and integrations

If you choose to connect third-party services (for example Google Calendar, communication or project management tools), we receive data from those services only to the extent you or your organization authorize.

Examples:

  • Calendar events (title, description, time, duration, participants)
  • Information about meetings and focus blocks that is used to build timelines and suggestions
  • Metadata from integrated tools (for example task status, project names, ticket IDs)

We use such data only to provide the Service features requested by you or the Customer, such as:

  • context for your daily plan and report,
  • analytics about planned vs actual work,
  • suggestions before or after meetings.

You can disconnect integrations at any time from the settings page of the Service or from the connected third-party account.

3.4. Usage and device data

When you visit our website or use the Service, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device information
  • Date, time and duration of use
  • Pages and screens visited, buttons clicked, basic events inside the app
  • Referrer URL (where you came from)

We use this information for security, fraud prevention, performance monitoring, debugging and product analytics.

3.5. Communication and support data

When you contact us by email, in-app chat, or other channels, we collect:

  • Your contact details
  • Content of your messages and attachments
  • Technical information needed to investigate issues (for example logs, screenshots you choose to share)

We use this data to answer your questions, solve problems and improve the Service.

3.6. Billing and payment data

If the Customer upgrades to a paid plan, we may collect:

  • Billing contact name and email
  • Company legal name, address, tax details
  • Information about chosen plan, invoices and payment status

Payment card details are processed by our payment providers. We do not store full card numbers.

3.7. Job applicants and contractors

If you apply for a job or cooperate with us as a contractor, we may process:

  • Contact details and CV
  • Work history, skills, portfolios and references
  • Interview notes and communication history
  • Data required by law for HR, tax and accounting purposes

4. Legal bases (for EEA/UK users)

Where GDPR or similar laws apply, we rely on the following legal bases:

  • Performance of a contract – to provide and operate the Service under our agreements with Customers and users.
  • Legitimate interests – to maintain and improve the Service, protect our rights, ensure security, and contact business users about relevant features, subject to your rights.
  • Consent – for certain types of optional analytics or marketing communications, and for non-essential cookies where required.
  • Legal obligations – to comply with tax, accounting, and other legal requirements.

5. How we use personal data

We use personal data for the following purposes:

  • To register users and create workspaces
  • To deliver the core functionality of AI Advisory Board (collecting reports, generating summaries, dashboards and insights)
  • To show leaders and managers structured views of team activities, in line with Customer configuration
  • To provide customer support and respond to enquiries
  • To send service-related notifications (for example reminders, security alerts, feature changes)
  • To improve and develop the Service, including through analytics, experiments and feedback
  • To protect the security and integrity of the Service, detect abuse and prevent fraud
  • To comply with applicable laws and enforce our agreements

We do not sell personal data.

We may use aggregated and anonymised data (that no longer identifies individuals) for statistics, research, product decisions and communication with partners or investors.

6. AI-generated content

Our Service uses artificial intelligence models to generate summaries, insights and suggestions based on the data you or the Customer provide.

Important points:

  • AI output may contain errors or be incomplete.
  • You and the Customer remain responsible for reviewing AI output and for any decisions made based on it.
  • We may use anonymised and aggregated usage information to improve our models, prompts and product behaviour.
  • We do not use your identifiable workspace content to train foundation models that are shared with other customers, unless we obtain explicit agreement from the Customer to do so.

7. Google user data and OAuth

When you sign in with Google or connect Google services (for example Calendar), we access your Google data in line with the permissions you grant.

We use Google user data only to:

  • authenticate you (e.g. using your Google account email and profile information to log you in);
  • fetch calendar and scheduling data to support planning and reporting features, if you choose to enable such integrations.

We do not:

  • sell Google user data;
  • use Google user data for advertising;
  • share Google user data with third parties except as needed to provide the Service and as described in this Policy;
  • allow humans to access Google user data except:
    • where you request support and explicitly allow us to view specific data,
    • where access is required for security, fraud investigation or legal reasons,
    • or where it is necessary to comply with applicable law.

You can revoke access at any time via your Google account settings and, where available, from within our Service.

8. Cookies and similar technologies

We use cookies and similar technologies on our website and inside the Service to:

  • remember your session and language
  • keep you signed in
  • measure traffic and usage patterns
  • run A/B tests and improve the product
  • (where configured) run analytics tools such as Google Analytics, which use cookies to collect information about how visitors use the site

For more details, see our separate Cookie Policy. You can manage your cookie preferences via our cookie banner and through your browser settings.

9. How we share personal data

We share personal data only when necessary and with appropriate safeguards.

We may share data with:

  • Service providers (sub-processors) – for hosting, databases, analytics, error tracking, email delivery, customer support tools, payment processing and similar services. These providers may process personal data on our behalf under written agreements that require them to protect the data.
  • The Customer – if you use the Service under a company account, your workspace owner and authorized administrators can access your reports, plans and related data according to their internal policies and configuration.
  • Professional advisers – such as lawyers, auditors and accountants, to the extent necessary to protect our legal rights and comply with obligations.
  • Authorities – where required by law, court order or valid request from a public authority.
  • Successors – in case of merger, acquisition, reorganisation or similar transaction, personal data may be transferred to the new entity, subject to protections that are at least as strong as those in this Policy.

We may also share aggregated and anonymised information that does not identify individuals.

10. International data transfers

We are based in Ukraine and may use service providers and infrastructure located in multiple countries. This means your personal data may be transferred to and processed in countries that may have different data protection laws than your country.

Where we transfer personal data from the EEA, UK or Switzerland to a country that is not recognised as providing an adequate level of protection, we will use appropriate safeguards, such as Standard Contractual Clauses, or other lawful transfer mechanisms.

11. Data retention

We retain personal data for as long as necessary to:

  • provide the Service to the Customer;
  • comply with our legal obligations;
  • resolve disputes;
  • enforce our agreements.

In general:

  • Workspace data is kept while the Customer's account is active. After termination, we may retain backups and logs for a limited period, unless the Customer requests earlier deletion where this is compatible with our legal obligations.
  • Billing and accounting records are kept for the period required by applicable law.
  • Communication and support records are kept for a reasonable time to handle follow-up questions and improve our processes.

The Customer may have its own policies for data retention inside the Service. In case of conflict, applicable law and our agreement with the Customer will prevail.

12. Data security

We use appropriate technical and organisational measures to protect personal data, including:

  • access controls and authentication
  • encryption in transit and, where appropriate, at rest
  • separation of environments and least-privilege access
  • backup and recovery procedures
  • monitoring, logging and security reviews

However, no system can be guaranteed to be completely secure. You are responsible for choosing a strong password, keeping your login details confidential, and notifying us promptly if you believe your account has been compromised.

13. Your rights

Depending on your location and on whether we act as controller or processor, you may have the following rights regarding your personal data:

  • Right of access – to know whether we process your data and to receive a copy.
  • Right to rectification – to ask us to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data, subject to legal and contractual limits.
  • Right to restriction – to ask us to limit processing in certain situations.
  • Right to data portability – to receive your data in a structured, commonly used format where technically feasible.
  • Right to object – to certain types of processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent.

If we process your data on behalf of a Customer (for example your employer), we may need to forward your request to that Customer, who is the controller for that data.

To exercise your rights, please contact us at ceo@aiadvisoryboard.me and clearly indicate which right you wish to exercise and, where possible, which data your request concerns.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EEA country where you live or work, or where you believe an infringement has occurred.

14. Children's privacy

The Service is not intended for children under 16 years old, and we do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available in the Service or on our website and will include the "Effective date" at the top.

If changes are significant, we may provide additional notice (for example by email or in-app notification). Your continued use of the Service after the updated Policy takes effect means you accept the changes.

16. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

«ECOSYSTEMS ONLINE» LLC
Tershakovtsiv 2A, Lviv, Ukraine
Email: ceo@aiadvisoryboard.me

Privacy Policy | AI Advisory Board | AI Advisory Board