Privacy Policy

Upfleet ("we," "us," or "our") operates an AI-powered operations platform that deploys autonomous agents to help your teams work more efficiently. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, platform, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

Information You Provide

• Account information — name, email address, company name, phone number, and job title when you create an account or request a demo.
• Communications — messages, support requests, feedback, and any other content you send to us.
• Payment information — billing details processed securely through our third-party payment providers. We do not store your full payment card details.
• Agent configuration data — custom instructions, prompts, and workflow configurations you create for your AI agents.

Information from Connected Services

Our platform integrates with your existing business tools to power AI agents. When you authorize a connection, we may access data from:

• CRM systems — contact records, deal information, and customer interaction history.
• Communication platforms — call logs, message threads, and conversation metadata from phone systems, email, and messaging tools.
• Operations & logistics tools — shipment data, scheduling information, and workflow records.
• Productivity suites — calendar events, task data, and document metadata needed to coordinate agent actions.
• Automation platforms — workflow triggers and action data from integration services you connect.

Information Collected Automatically

• Usage data — pages viewed, features used, agent interactions, and session durations.
• Device information — browser type, operating system, device identifiers, and IP address.
• Cookies and tracking technologies — see our Cookies section below.

We use the information we collect to:

• Provide, operate, and improve our AI agent platform and Services.
• Execute AI agent tasks on your behalf — including making and receiving calls, sending messages, and coordinating workflows across your connected systems.
• Personalize your experience and tailor agent behavior to your team's needs.
• Process transactions and send related transactional communications.
• Respond to your requests, questions, and support inquiries.
• Send product updates, security alerts, and administrative messages.
• Analyze usage patterns to improve platform performance, reliability, and safety.
• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations.

Upfleet connects to your business tools — CRMs, phone systems, email, logistics platforms, and automation services — to enable AI agents to act on your behalf. We understand the trust this requires, and we've built our platform with data safety as a core principle.

How We Handle Connected Data

• Minimum necessary access — we only request the permissions needed for your configured agent workflows. We never ask for more access than required.
• Purpose-bound processing — data from connected services is used exclusively to execute the tasks you configure. We do not use your connected data to train our models, sell to third parties, or for any purpose outside your authorized workflows.
• Encrypted in transit and at rest — all data flowing between your tools and our platform is encrypted using TLS 1.2+ in transit and AES-256 at rest.
• Token-based authentication — we use OAuth 2.0 and secure API tokens to connect to your services. We do not store your third-party passwords.
• Revocable at any time — you can disconnect any integration at any time from your dashboard. When disconnected, we stop accessing that service and delete cached credentials.
• Scoped to your workspace — connected data is isolated to your organization. Other customers never have access to your data.

Similar to platforms like Zapier, Make, and other integration services, we act as an authorized connector between your tools. The key difference is that our AI agents can intelligently act on data — but always within the boundaries you set and the permissions you grant.

When our AI agents make or receive phone calls, send messages, or interact through communication channels on your behalf:

• Call recordings and transcripts may be generated and stored to provide you with call summaries, analytics, and quality assurance.
• Communication content is processed in real time to enable agent responses and is stored only as long as needed for your configured workflows and retention settings.
• You are responsible for ensuring that the use of AI agents in communications complies with applicable laws, including consent and disclosure requirements in your jurisdiction.

We do not sell your personal information. We share data only in these limited circumstances:

• Service providers — trusted vendors who help us operate our platform (hosting, analytics, payment processing, communication infrastructure). They are contractually bound to protect your data.
• Connected services — data is sent to third-party tools only when you have explicitly authorized the connection and configured agent workflows that require it.
• Legal requirements — when required by law, regulation, legal process, or governmental request.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you in advance.
• With your consent — in any other case, we will ask for your explicit consent before sharing.

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Access controls and authentication for all internal systems.
• Regular security audits and vulnerability assessments.
• Infrastructure hosted on SOC 2 compliant cloud providers.
• Incident response procedures to handle potential security events.

While no system is 100% secure, we work continuously to protect your data and improve our security practices.

We retain your information only for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specifically:

• Account data — retained while your account is active, then deleted or anonymized within 90 days of account closure.
• Agent interaction data — call recordings, transcripts, and workflow logs are retained according to your plan's retention settings and deleted afterward.
• Connected service data — cached only as long as needed to complete agent tasks, unless you configure longer retention.
• Usage analytics — aggregated and anonymized data may be retained indefinitely for product improvement.

You can request deletion of your data at any time by contacting us.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data, subject to legal retention requirements.
• Portability — request your data in a structured, machine-readable format.
• Restriction — request that we limit processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at founders@upfleet.ai. We will respond within 30 days.

We use cookies and similar technologies to operate and improve our Services:

• Essential cookies — required for the platform to function (authentication, security, preferences).
• Analytics cookies — help us understand how you use our Services so we can improve them.
• Functional cookies — remember your settings and preferences across sessions.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure that appropriate safeguards are in place, including standard contractual clauses and other measures required by applicable law, to protect your data during international transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after changes take effect constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, please contact us at:

founders@upfleet.ai