Last updated: April 23, 2026 · Effective: April 23, 2026
This summary is provided for convenience only. The full policy below is the controlling document.
eggsy.ai ("eggsy," "we," "us," or "our") operates the eggsy.ai platform (the "Platform"), which provides AI-powered virtual employees that perform tasks on behalf of you and your business, including social media management, email handling, lead generation, voice reception, blog writing, and document review.
This Privacy Policy describes how we collect, use, disclose, store, share, and safeguard information when you use the Platform, our website at eggsy.ai, our APIs, or any related services (collectively, the "Services").
By creating an account, connecting a third-party integration, or otherwise using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not use the Services.
eggsy.ai acts as a Data Controller for account, billing, and platform usage information, and as a Data Processor for content, contacts, and operational data you submit or that we access through your connected third-party accounts on your instruction.
When you connect a third-party account (Section 5), we collect and store:
Recording disclosure: You are responsible for ensuring that callers in jurisdictions requiring two-party (all-party) consent (including California, Florida, Illinois, Maryland, Massachusetts, Pennsylvania, Washington, and others) are properly notified that the call is being recorded. ALEX includes a configurable opening disclosure for this purpose; disabling it is at your own legal risk.
You are responsible for the lawful basis for processing prospect data, including compliance with CAN-SPAM (US), CASL (Canada), GDPR (EEA/UK), and any other applicable anti-spam or data-protection laws. See our Terms of Service.
See Section 9 for our full cookie disclosure.
We process your data for the following purposes and on the following legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Services | Contract |
| Execute tasks via connected integrations | Contract / Consent |
| Process payments and prevent fraud | Contract / Legal Obligation |
| Customer support and account communication | Contract / Legitimate Interest |
| Product improvement and analytics (aggregated) | Legitimate Interest |
| Security, abuse detection, and incident response | Legitimate Interest / Legal Obligation |
| Marketing emails about new features (opt-out anytime) | Legitimate Interest / Consent |
| Legal compliance and dispute resolution | Legal Obligation |
The Platform integrates with third-party services so your AI employees can perform real work on your behalf. When you authorize an integration via OAuth or an equivalent authentication flow, you grant eggsy.ai permission to access your account on that service strictly within the scopes you approve.
| Provider | Purpose | Typical Scopes |
|---|---|---|
| Google (Gmail, Calendar, Drive, Docs, Sheets, Search Console) | Email, calendar, file access, SEO | gmail.modify, calendar, drive.file, webmasters.readonly |
| Microsoft 365 (Outlook, Calendar, OneDrive) | Email, calendar, files | Mail.ReadWrite, Calendars.ReadWrite, Files.ReadWrite |
| Meta (Facebook Pages, Instagram Business) | Social posting, insights, comments | pages_manage_posts, instagram_content_publish, pages_read_engagement |
| Profile, page posting, outreach | w_member_social, w_organization_social, r_liteprofile | |
| X (Twitter) | Posting, engagement | tweet.read, tweet.write, users.read |
| TikTok for Business | Content publishing, insights | video.publish, video.list, user.info.basic |
| YouTube | Video upload, analytics | youtube.upload, youtube.readonly |
| WordPress, Webflow, Shopify, Wix | Blog publishing | posts.write, content.publish |
| HubSpot, Salesforce, Pipedrive | CRM sync, lead routing | contacts, deals, tickets (read/write) |
| Calendly, Cal.com | Meeting booking | scheduling.read, scheduling.write |
| Slack, Microsoft Teams, Discord | Notifications, team chat | chat:write, channels:read |
| Twilio | Voice, SMS, phone numbers | API key (PSTN access) |
| Zapier, Make | Workflow automation | Webhook + API key |
| Stripe | Subscription billing | Read-only customer + payment data |
eggsy.ai's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
When you connect Meta-owned accounts (Facebook Pages, Instagram Business), our use of that data complies with the Meta Platform Terms and Developer Policies. We do not sell, license, or purchase any data obtained from Meta, and we delete platform data within 30 days of your disconnection, except as legally required.
Our use of LinkedIn data is subject to the LinkedIn API Terms of Use. We do not scrape LinkedIn outside its official APIs and do not store LinkedIn member data beyond what is necessary to provide the Services you request.
You may disconnect any integration at any time from Settings > Integrations. Upon disconnection, we revoke our OAuth tokens, stop accessing your account on that provider, and delete cached content from that provider within 30 days, subject to legal retention obligations. You may also revoke access directly from the provider (e.g., Google Account permissions, Meta Business Suite, etc.).
Your instructions and the data your AI employees need to complete tasks are sent to large language model (LLM) and audio-model providers for inference. Current providers include:
We have contractual commitments with our model providers that customer data submitted via API is not used to train their general-purpose models. We do not use your private content (emails, calls, contacts, files, chats, generated outputs) to train any model that is shared with other customers.
We may use fully anonymized, aggregated metrics (e.g., “average tokens per task”) to improve the Platform.
When you submit brand voice samples, knowledge base content, or feedback (approve/reject/edit), we store these in your isolated workspace and use them only to personalize your AI employees. They are never shared across workspaces.
Eggsy personnel do not access the content of your messages, files, or AI conversations except: (a) when you explicitly request support and grant access, (b) to investigate suspected abuse or security incidents, (c) to comply with legal process, or (d) on aggregated/anonymized data. All such access is logged.
We engage trusted subprocessors to operate the Services. Current subprocessors include:
| Subprocessor | Function | Region |
|---|---|---|
| Microsoft Azure / AWS / Google Cloud | Hosting, storage, compute | US / EU |
| Stripe, Inc. | Payment processing | US / EU |
| OpenAI, L.L.C. | LLM inference, transcription | US |
| Anthropic, PBC | LLM inference | US |
| Twilio, Inc. | Voice, SMS | US / global |
| ElevenLabs / Deepgram | Voice synthesis & transcription | US |
| SendGrid / Postmark / Resend | Transactional email | US / EU |
| Cloudflare | CDN, DDoS protection, WAF | Global |
| Sentry / Datadog | Error monitoring & observability | US |
| Apollo.io / Hunter.io | B2B contact data (HUNTER agent) | US |
Each subprocessor is bound by a written agreement requiring confidentiality, security, and (where applicable) GDPR-compliant data processing terms. Material changes to this list will be announced at least 30 days in advance for paid customers via email or in-app notice.
We do not sell your personal information. We share data only as follows:
We use the following categories of cookies and similar technologies:
EU/UK/EEA visitors are presented with a granular cookie consent banner. You can withdraw consent at any time via Cookie Settings in the footer.
Despite our safeguards, no system is 100% secure. In the event of a personal data breach affecting you, we will notify you and applicable supervisory authorities without undue delay (and within 72 hours where required by GDPR).
| Data Type | Retention Period |
|---|---|
| Account & profile data | Life of account + 30 days after deletion |
| OAuth tokens | Until you disconnect or revoke; then deleted within 30 days |
| Chat & AI interaction history | Until you delete it; auto-deletion configurable per workspace |
| Cached emails / calendar / files from integrations | Up to 30 days unless required for active workflow |
| Call recordings & transcripts | 90 days by default; configurable 7 days to 2 years |
| Billing & invoice records | 7 years (tax / accounting compliance) |
| Server & application logs | 90 days |
| Backups | Up to 35 days, then permanently overwritten |
eggsy.ai is operated from the United States. If you access the Services from outside the US, your data will be transferred to and processed in the US (and other countries where our subprocessors operate).
For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the EU–US Data Privacy Framework (where applicable to our subprocessors). Copies of SCCs are available on request.
If you are in Canada (PIPEDA), Brazil (LGPD), Australia (Privacy Act), or another jurisdiction with applicable data-protection laws, equivalent rights apply.
Email privacy@eggsy.ai from the email associated with your account. We respond within 30 days (or 45 days under CCPA). For most rights you can also self-serve from Settings > Privacy in your dashboard.
The Services are not directed to or intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal data, contact us at privacy@eggsy.ai and we will delete it promptly.
The Services use AI to generate content, score leads, route messages, and recommend actions. These outputs are not solely automated decisions producing legal or similarly significant effects on you within the meaning of GDPR Article 22, because (a) they require your approval to take effect by default, and (b) you may always override or disable any AI behavior. You retain full control over what is published, sent, or executed in your name.
Our Platform does not currently respond to browser “Do Not Track” signals because no consistent industry standard has been adopted. We do honor Global Privacy Control (GPC) signals as an opt-out under CCPA/CPRA where applicable.
We may update this Privacy Policy. Material changes will be communicated via email and/or an in-app notice at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision. Your continued use of the Services after changes take effect constitutes acceptance.