logo

Privacy Policy Overview

BMD Agentic ("we", "our", or "us") is deeply committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains in detail how we collect, use, store, and share information when you engage with our services, products, and features, either directly or through integrations with third-party tools.

Our platform is built around powerful LLM-driven agent pipelines designed to perform deep, autonomous research across both web and enterprise knowledge sources. Because of this, we process large volumes of data, including content you explicitly authorize through integrations like Slack, Drive, Notion, GitHub, Jira, and more. All processing is performed solely for the purpose of fulfilling your queries and delivering accurate, insightful, and actionable research reports — never for profiling or advertising purposes.

We recognize that trust and transparency are fundamental to any AI-powered system, especially those designed to work with sensitive or proprietary enterprise data. That’s why we ensure that all personal and organizational information is handled according to strict security protocols and privacy laws, including GDPR and CCPA where applicable.

This policy outlines exactly what information we collect, why we collect it, how it is used, and the rights you have regarding your data. Please read it carefully. By using the BMD Agentic platform or accessing any of our services, you agree to the practices and terms described herein.

Information We Collect

To deliver our advanced AI-powered research capabilities, we collect different types of information that help us provide, optimize, and secure our services. This data is essential for both system functionality and a personalized user experience.

We collect the following categories of information:

  • Account Information: When you register or subscribe, we collect your name, email address, password (securely hashed), job title, company/organization name, and billing details. This helps us identify you and deliver services securely.
  • Usage and Interaction Data: We monitor user interactions within the platform such as queries made, features accessed, time spent, frequency of use, and report downloads. This behavioral data is used to improve usability, optimize performance, and assist support.
  • Integration Data: If you choose to connect external platforms like Slack, Google Drive, Notion, Jira, GitHub, or others, we access only the data you permit, and only for the duration of your research query. This includes messages, documents, project metadata, and other authorized content. We never store more than is needed to complete your research task.
  • Web Research Content: Our agents crawl external web sources on your behalf, including scientific databases, news sites, and indexed repositories. While we don’t retain full pages, we store analysis, metadata, and references from research results temporarily to generate your reports.
  • Technical Information: We automatically collect information from your device such as IP address, browser type, operating system, referring URLs, and device identifiers. These help us ensure compatibility, monitor uptime, and prevent fraudulent behavior.
  • Support and Communication Logs: If you contact support or engage with our team, we retain the message content and your contact information for resolution tracking, internal documentation, and service improvement.
  • Cookies and Tracking Data: We use cookies and similar technologies to maintain session states, remember preferences, and track anonymized usage analytics. You may control these via your browser settings.

All data we collect is governed by principles of necessity, minimization, and security. We never collect more than is required to perform the specific task requested or to fulfill our contractual obligations to you.

How We Use Your Data

The information we collect is used strictly to support, enhance, and secure the BMD Agentic platform and its services. We never sell your data, and we only use it in ways that are aligned with the purpose of delivering intelligent, agentic research and analysis to you or your organization.

Specific uses include:

  • Running AI Pipelines: Your inputs are used to initiate multi-agent pipelines that perform complex research tasks. These pipelines involve orchestration, worker collaboration, external search, RAG analysis, and synthesis – all based on the data you provide or authorize.
  • Generating Reports: Your submitted queries and integration data are processed to produce structured outputs such as summaries, key insights, FAQs, sentiment analyses, and dynamic visualizations (e.g., Sankey diagrams, knowledge graphs).
  • Platform Functionality: We use your account and usage data to manage access, personalize your dashboard, track research history, and enable collaborative features within your organization.
  • Improving Service Quality: Aggregated and anonymized data may be used to identify pain points, enhance AI model accuracy, and fine-tune system performance across different domains and research styles.
  • Security & Compliance: We monitor technical activity and network-level signals to detect misuse, unauthorized access attempts, or potential security threats. We may also process data to comply with regulatory requirements.
  • Billing & Subscription Management: Billing data is used to manage renewals, send invoices, handle payment processing, and detect subscription inconsistencies.
  • Customer Support: Data from support requests helps us troubleshoot issues quickly, follow up on past tickets, and identify potential systemic improvements.
  • Legal Protection: In rare cases, we may use data to establish or defend our legal rights, respond to regulatory inquiries, or cooperate with lawful investigations.

All processing is done with the strictest access control, auditability, and purpose limitation in mind. Where applicable, we use pseudonymization and encryption to protect sensitive user-level data during these operations.

Analytics & Performance Monitoring

To continuously improve our platform and deliver a stable and efficient experience, BMD Agentic utilizes both first-party and third-party analytics systems. These systems help us understand how users interact with various features and identify any technical or functional issues in real-time.

Types of analytics data we collect include:

  • Page and Feature Usage: Metrics like time spent on key pages, clicks on feature modules, number of report generations, and frequency of pipeline executions.
  • User Journeys: Session-level data that shows how users navigate through the application, helping us optimize onboarding, research flow design, and user interface structure.
  • Error Logs & Performance Metrics: Information on failed executions, timeouts, server response times, and other performance-related signals. These are used by our engineering team to resolve bugs and improve processing pipelines.
  • Device and Environment Insights: Information on browsers, operating systems, screen sizes, and locales that helps us ensure cross-platform compatibility and a consistent user experience.

For this purpose, we leverage trusted tools including Google Analytics. These tools rely on cookies and anonymized identifiers. While these services help us analyze trends, they do not provide us with your exact identity or allow us to tie your behavior directly to your personal information unless you are logged in and interacting with identifiable elements of our platform.

All analytics data is used strictly for internal optimization and is never sold or shared with third parties for advertising or marketing. You may choose to limit the use of cookies via your browser settings or opt out of Google Analytics tracking where legally required.

Disclosure of Personal Information

Your privacy is central to how BMD Agentic is built. We do not sell, rent, or trade your personal data with third parties for commercial purposes. Any data disclosures are carefully limited and occur only under specific conditions outlined below.

We may share personal information with:

  • Authorized Service Providers: We engage trusted partners to perform essential functions such as payment processing, cloud infrastructure hosting, and email delivery. These partners have access only to the data necessary for their tasks and are bound by strict confidentiality agreements and data processing contracts.
  • Internal Operations Teams: Members of our support, engineering, and data operations teams may access your data only when required to troubleshoot, investigate abuse, or assist with a service-related inquiry. Access is controlled, logged, and role-based.
  • Enterprise Admins: For users under an enterprise account, designated administrators may be granted access to team-wide usage metrics, logs, and integration controls, but not to sensitive content unless expressly authorized.
  • Legal Compliance: We may disclose personal information if required by law, regulation, subpoena, or court order. We may also disclose information when we believe it's necessary to prevent fraud, protect our rights or safety, or address violations of our Terms of Service.
  • Business Transfers: In the event of a merger, acquisition, restructuring, or asset sale, your information may be transferred to a successor entity. In such cases, we will notify you before your personal data becomes subject to a new privacy policy.

All disclosures are made with a principle of data minimization. We ensure that the minimum necessary information is shared, only for legitimate operational or legal purposes, and only with recipients who meet our standards for data protection.

Data Security

We take the security of your data extremely seriously. At BMD Agentic, security is embedded into every layer of our system — from infrastructure to data handling — ensuring that your personal and organizational information is protected against unauthorized access, misuse, alteration, and loss.

Our data security measures include but are not limited to:

  • End-to-End Encryption: All data in transit is encrypted using TLS 1.2+ protocols. Sensitive data at rest is protected via AES-256 encryption mechanisms.
  • Authentication Controls: We enforce strong authentication with support for OAuth, SSO (SAML), and role-based access control (RBAC). Users can also enable 2FA for added protection.
  • Isolated Processing Environments: Research pipelines and agent executions are sandboxed and containerized, reducing risk in multi-tenant environments.
  • Intrusion Detection & Anomaly Monitoring: We maintain real-time threat detection systems and audit trails to detect abnormal behavior and enforce accountability.
  • Secure Integration Handling: OAuth-based authentication for external apps ensures limited-scope, tokenized access that can be revoked at any time by the user.
  • Access Logging: All access to sensitive data is logged and subject to audit. Logs are reviewed periodically for unauthorized or suspicious behavior.
  • Regular Security Testing: We perform vulnerability scans, third-party penetration tests, and code reviews to detect and patch potential weaknesses proactively.

While we follow best practices and deploy robust systems, no method of transmission over the internet or method of electronic storage is completely secure. In the unlikely event of a data breach, we will notify affected individuals and regulatory bodies as required by applicable law.

Data Retention

We retain your data only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements.

Retention periods may vary depending on the type of data and the context in which it was collected:

  • Account and Billing Information: Retained for the duration of your account and up to 7 years afterward, as required by financial and tax regulations.
  • User-Submitted Content: Research queries, uploaded documents, and connected integration data are stored temporarily during processing and deleted once reports are finalized — unless you explicitly choose to save results in your workspace.
  • Logs and Usage Metadata: Technical logs, access events, and session metadata are retained for a rolling period (typically 90 to 180 days) for diagnostics, auditing, and security monitoring.
  • Support Communications: Retained for up to 24 months to improve service quality, track resolution patterns, and detect systemic issues.

If you close your account or request deletion of your data, we will initiate a secure deletion process within 30 days, unless retention is required to comply with legal or contractual obligations.

Aggregate or anonymized data that cannot be linked back to an individual may be retained indefinitely for analytics and platform improvement purposes.

Your Rights

Depending on your location and applicable data protection laws (such as the GDPR, CCPA, or similar), you may have a number of rights regarding the personal data we hold about you. We are committed to upholding these rights and providing transparent mechanisms for you to exercise them.

These rights may include:

  • Right to Access: You can request a copy of the personal data we hold about you, along with an explanation of how and why we process it.
  • Right to Rectification: You may correct inaccurate or incomplete information we have about you.
  • Right to Erasure (“Right to Be Forgotten”): You can request the deletion of your personal data, subject to certain legal or contractual exceptions.
  • Right to Restriction of Processing: You may ask us to temporarily suspend processing of your data if you contest its accuracy or legality.
  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format for transfer to another provider.
  • Right to Object: You may object to certain types of data processing, including direct marketing or profiling based on legitimate interests.
  • Right to Withdraw Consent: If we process your data based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at privacy@bmdagentic.com. We may require verification of your identity before fulfilling your request. We aim to respond to all requests within 30 days, subject to any legal or operational constraints.

Children’s Privacy

BMD Agentic’s services are not intended for, nor directed to, individuals under the age of 16. We do not knowingly collect or solicit personal information from children. If you are under the age of 16, please do not attempt to use the platform, submit personal data, or create an account.

If we discover that we have collected personal information from a child without verifiable parental consent, we will take immediate steps to delete that information from our servers. This includes user-generated content, integration data, and any associated identifiers.

If you believe that a child may have provided us with personal information, please contact us at privacy@bmdagentic.com so we can investigate and take appropriate action.

We encourage parents and guardians to monitor their children’s internet use and to help enforce our Privacy Policy by instructing their children never to provide personal information through our platform or any website without parental consent.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal obligations, or for other operational, legal, or regulatory reasons. Any modifications will be posted on this page with an updated “Last Updated” date at the bottom of the policy.

In the event of material changes that could significantly affect your rights or the way we use your personal data, we will notify you in advance by reasonable means. This may include email notifications, in-app alerts, or prominent notices on our website or dashboard.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of the Service after changes have been made constitutes your agreement to the updated terms.

Last updated: June 3, 2025

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, we encourage you to reach out. We take privacy inquiries seriously and aim to respond within a reasonable timeframe, typically within 5–10 business days.

For privacy-related matters, data requests, or account-specific concerns, you can contact us at:

We build the best enterprise-grade AI solutions to help companies and individuals achieve their goals.

Products
Company
Resources

© 2025 BMD Agentic. All Right Reserved