Privacy Policy

Conol (“we”, “us”) provides a collaborative workspace for working with AI agents. This policy explains what data we collect, why we collect it, how we use and share it, and the rights you have over it. If you have any questions, contact us at privacy@conol.ai.

• Account data. Email, name, password hash, and authentication credentials (including passkeys and API keys) you create.
• Content. Notes, chat messages, files, and other content you upload to your workspaces.
• Agent interactions. Inputs you send to AI agents, the outputs they produce, tool calls, and associated session metadata.
• Agent memory. Notes your agent writes about your preferences and context (e.g. profile and memory files). You can read, edit, and delete these in the product at any time.
• Voice data. If you use voice input or output, your audio recordings are processed for transcription and generated speech.
• Channel data. Messages sent through linked channels such as Telegram or WeChat, when you choose to bind them.
• Connector credentials.When you connect third-party services (e.g. GitHub, Vercel, Cloudflare, Google), we store the resulting OAuth credentials encrypted, or — for Composio-managed connectors — a reference to the credential Composio holds (see “Sharing data”).
• Waitlist and invitations. If you join the waitlist or are invited by a member, we store your email address before you have an account, solely to manage access. You can ask us to remove it at any time.
• Billing data. Subscription tier, credit usage, and payment metadata processed by Stripe. We never store full card numbers.
• Technical data. IP address, browser, device, log timestamps, and error reports used for security and reliability.
• Cookies. See our Cookie Policy for the categories we set and how to manage them.

• To provide, secure, and maintain the Conol service and your workspaces.
• To authenticate you and protect your account.
• To process payments and apply credit usage.
• To execute agent requests, including sending prompts to model providers (such as Anthropic, OpenAI, OpenRouter) strictly to fulfill your request.
• To send essential service notifications.
• To improve performance and detect abuse.

Where applicable (e.g. GDPR/UK GDPR), we rely on: contractual necessity to deliver the service, legitimate interest in securing and improving it, your consent for optional cookies and marketing, and legal obligations such as tax recordkeeping.

We do not sell your personal data. We share data only with:

• Infrastructure providers we use to operate Conol (e.g. Vercel, AWS, Cloudflare, hosted Postgres and Redis).
• Analytics providers (Vercel Speed Insights and Google Analytics) that measure aggregate, non-advertising usage — only when you consent to analytics cookies.
• Model providers (e.g. Anthropic, OpenAI, OpenRouter) to execute agent requests you initiate. If you use voice features, your audio is sent to OpenAI for transcription and speech generation.
• Sandbox infrastructure(E2B) where your agent’s code execution runs — content the agent works on in a sandbox (files, code, repositories you connect) is processed there.
• Agent tool providers used to fulfill specific requests: Exa and Jina (web search queries and the pages the agent reads), fal.ai (prompts and source media for image/video generation), and ClawHub (search terms when you browse the skill registry).
• Composio, which manages the OAuth connection for certain connectors (e.g. Gmail, Google Calendar, Google Drive). Composio holds the access credential for those services in its cloud and relays the actions your agent performs. Conol’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: Google user data is used only to provide the connector features you request, is never used for advertising, and is never sold.
• Email delivery (Resend) to send verification, invitation, and other service emails.
• Payment processors (Stripe) to process subscriptions.
• Communication channels (Telegram, WeChat) you have voluntarily linked.
• Authorities if required by law or to protect the safety of users.

We retain content and account data for as long as your account is active. When you delete a note or workspace in the product, it is immediately removed from your workspace and excluded from the service. To delete your account and its data, email privacy@conol.ai — we complete account deletion requests within 30 days, except for data we are required to retain for legal, accounting, or fraud-prevention purposes.

Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal data, and to withdraw consent or object to processing. To exercise these rights email privacy@conol.ai. You may also lodge a complaint with your local data protection authority.

Conol operates primarily out of facilities in Asia and the United States. When data is transferred across borders, we rely on standard contractual clauses or equivalent safeguards.

We use encryption in transit (TLS), encrypted storage for uploaded files and connector credentials, scoped credentials, and least-privilege access. Agent code runs in isolated sandboxes, never on shared application servers. No system is perfectly secure; please use a strong unique password and enable passkeys where available.

Conol is not intended for users under 13 (or 16 in the EU/UK).

We may update this policy. Material changes will be announced via the product and this page's effective date will be revised.

privacy@conol.ai