Privacy Policy
Last updated: July 18, 2026
Squarepoint Consulting LLC, doing business as ("d/b/a") Octogee ("we," "us," "our"), an Oregon limited liability company, operates the Octogee platform at octogee.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
By using Octogee, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
Service tiers. Octogee offers Managed (Standard) gateways, where we operate the full platform and select the subprocessors described below, and Operator gateways, where you configure your own AI tooling and may connect third-party services. Except where noted, this policy describes data flows for the Managed service. On Operator gateways, your integrations and data routing are determined by your configuration — see the Operator carve-out in Section 4.
If you are served by an Octogee Studio. Octogee licenses independent regional operators ("Octogee Studios") to deliver the platform to you as a managed service. If you are onboarded through an Octogee Studio, that Studio operates your workspace and may act as an independent controller of your business data, while Octogee provides and hosts the platform and processes data as described in this policy. Octogee Studios are independently owned and operated and are bound by confidentiality and data-protection obligations under their license with Octogee. See Section 4.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, and password when you create an account. If you sign in with Google, we receive your name, email, and profile picture from Google.
- Business Information: Business name, project descriptions, goals, and other information you provide during onboarding and use of the Service.
- Payment Information: Payment details are collected and processed by our payment processor, Stripe, Inc. We do not store your full credit card number. We receive your Stripe customer ID and subscription status.
- Communications: Messages you exchange with your AI agents and team, including conversations with your AI Coach. On Managed gateways, chat runs on our self-hosted Mattermost instance and through the web app. These conversations are stored to provide persistent memory and continuity of service. On Operator gateways, any third-party chat or messaging integrations you connect (for example, Discord) are configured and controlled by you — see Section 4.
- Customer Business Data: If you use Octogee to manage business records — such as customers and contacts, leads and sales pipeline, invoices and bookkeeping entries, schedules and appointments, projects and tasks, documents, and website content — we store that data on your behalf.
1.2 Information Collected Automatically
- Usage Data: Token usage, interaction counts, feature usage, session timestamps, and throttle status.
- Analytics Data: We use Google Analytics for Firebase to measure page views, broad link categories, scroll-depth milestones, engagement checkpoints, signup events, and checkout status. After sign-in, analytics may use your internal Firebase user ID to connect these events across the Service. We do not send your email address, messages, files, agent prompts, or workspace content to analytics, and we do not use session replay.
- Device Information: Browser type, operating system, IP address, and referring URLs collected via standard web server logs.
- Cookies: We use essential cookies for authentication and session management and first-party analytics cookies to understand visits and conversions. We do not use third-party advertising cookies.
2. How We Use Your Information
- Provide the Service: Operate your AI agents, maintain conversation history, manage your workspace, and deliver personalized business assistance.
- Process Payments: Manage subscriptions, billing, and usage-based features via Stripe.
- Improve the Service: Analyze usage patterns (in aggregate) to improve features, reliability, and performance.
- Communicate: Send transactional emails (account verification, billing receipts, service notifications). We will not send marketing emails without your consent.
- Enforce Terms: Detect abuse, enforce usage limits, and protect the security of the Service.
3. AI Processing and Third-Party AI Providers
On the Managed service, Octogee uses third-party artificial intelligence providers, including Anthropic, PBC (Claude), to power AI agent responses. When you interact with your AI agents:
- Your messages and relevant context are sent to Anthropic's API for processing.
- Anthropic's use of this data is governed by their Privacy Policy and Terms of Service.
- Under Anthropic's commercial API terms, your inputs and outputs are not used to train their models.
- We do not guarantee the accuracy, completeness, or reliability of AI-generated content. AI outputs are informational and should not be relied upon as professional advice (legal, financial, medical, or otherwise).
On Operator gateways, the AI provider(s) and data routing are determined by your configuration, not by Octogee. If you connect a different or self-hosted model provider, your inputs and outputs are governed by that provider's terms, and the Anthropic-specific terms above may not apply.
3A. Google User Data (Gmail, Google Calendar, Google Drive)
You can optionally connect your Google account so your AI agent can work with your email, calendar, and files. This is a separate, capability-scoped consent — signing in to Octogee with Google does not grant it. You choose each capability individually:
- Google Calendar: your agent reads your schedule and creates or updates events.
- Gmail: your agent reads, organizes, drafts, and sends email on your behalf. It cannot permanently delete your mail.
- Google Drive: by default your agent can access only the files you explicitly share through the Google file picker, plus files it creates. You may optionally grant read access to your full Drive.
How we use it. Google user data is used solely to provide the agent features you ask for — reading and acting on your own mail, calendar, and files inside your own workspace. Content your agent retrieves may appear in your conversation history, which you control and can delete. We do not sell Google user data, do not use it for advertising, and do not share it except with the service providers described in Section 4 acting on our behalf (including AI providers whose commercial terms prohibit training on your data).
How we store and protect it. Your Google OAuth tokens are encrypted with Google Cloud KMS before being stored. The long-lived refresh token is decrypted only on the server and the refresh token is never sent to your browser. When you open Google Picker, Octogee sends a short-lived Google access token to your authenticated browser solely so the Picker can grant access to the files you select; the response is not cached and Octogee does not persist that token in browser storage.
AI/ML limitation. We do not retain or use data obtained through Google Workspace APIs to develop, improve, or train generalized or non-personalized artificial intelligence and/or machine learning models. Google user data is used only to provide personalized, user-facing features for the account that granted it, and is never co-mingled across users for model development.
Limited Use disclosure. Octogee's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The use of information received from Google Workspace APIs will adhere to that policy's Limited Use requirements.
Revoking access. Disconnect Google at any time from Account → Connections: Octogee revokes its access with Google and deletes the stored tokens. You can also revoke Octogee's access from your Google Account permissions page.
4. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
- Service Providers (Managed service): Stripe (payments), Anthropic (AI processing), Google Cloud Platform (hosting and infrastructure), Google Analytics for Firebase (site and product analytics), and Resend (transactional email). Each provider processes data only as necessary to provide their respective services. Self-hosted components of the Managed service — such as our Mattermost chat and Gitea repositories — run on our own infrastructure and are not third-party subprocessors.
- Operator-gateway integrations: On Operator gateways, you may connect additional third-party services (for example, Discord, external APIs, or alternative model providers). These recipients are not Octogee subprocessors; you are the controller of any data you route to them, their handling of that data is governed by their own privacy terms, and Octogee is not a processor of, and bears no responsibility for, integrations you configure.
- Your Octogee Studio (if applicable): If you are onboarded through an independent Octogee Studio, that Studio operates your workspace and has access to the data necessary to deliver its services to you. Studios are licensed by Octogee and bound by confidentiality and data-protection obligations under that license; with respect to the services it provides to you, the Studio acts as an independent controller of your data.
- Legal Requirements: If required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
- With Your Consent: We may share information for any other purpose with your explicit consent.
5. Data Storage and Security
- Data is stored on Google Cloud Platform infrastructure (including Google Cloud Firestore and Google Cloud Storage) in the United States (us-central1 region).
- We use industry-standard security measures including encryption in transit (TLS), Firebase Authentication, and access controls.
- AI agent workspaces are logically separated per customer. No cross-customer data access is possible through normal operation of the Service.
- On Operator gateways, data sent outbound through integrations you configure leaves Octogee's infrastructure and control and is handled by the third-party services you have connected.
- Despite our efforts, no method of electronic storage is 100% secure. We cannot guarantee absolute security.
5.1 Data Breach Notification
In the event of a security breach involving your personal information, we will notify affected users and applicable regulatory authorities in accordance with Oregon's Consumer Identity Theft Protection Act (ORS 646A.604) and other applicable state laws, without unreasonable delay and in no case later than the timeframes required by law.
6. Data Retention
- Active Accounts: We retain your data for as long as your account is active.
- Canceled Accounts: After cancellation, your workspace data is retained in a hibernated state for 90 days, after which it may be permanently deleted. You may request earlier deletion.
- Conversation History: AI conversation logs are retained as part of your workspace for service continuity. You may request deletion at any time.
- Billing Records: Retained as required by applicable tax and accounting laws (typically 7 years).
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Data Portability: Request an export of your data in a machine-readable format.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@octogee.com. We will respond to verified requests within 45 days.
7A. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- Authorized Agents: You may designate an authorized agent to submit requests on your behalf with proper verification.
To exercise these rights, contact privacy@octogee.com. We will verify your identity before processing requests and respond within 45 days.
7A.1 Financial Incentives
Our free trial offer is not a "financial incentive" for the collection of personal information under the CCPA. The trial is offered to allow you to evaluate the Service before committing to a paid subscription, and the personal information collected during the trial is the same as for paid accounts.
7B. Other State Privacy Laws
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, and others) may have additional rights regarding their personal information. To exercise any applicable rights, contact privacy@octogee.com.
7C. International Visitors
If you access the Service from the European Economic Area (EEA) or other jurisdictions with comprehensive data protection laws, additional consent mechanisms may apply. The Service is primarily designed for and directed to users in the United States.
7D. Do Not Track
When your browser sends a Do Not Track (DNT) signal, we do not initialize Google Analytics or send optional analytics events. Essential authentication, security, billing, and standard server logs continue to operate.
8. Children's Privacy
Octogee is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
9. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy, contact us at:
Squarepoint Consulting LLC
d/b/a Octogee
Bend, Oregon, USA
privacy@octogee.com