top of page
AGREEMENT

Privacy Notice

Upgrade AI Privacy Notice


Last Updated: November 7, 2025

This Privacy Notice applies to the processing of personal information by Upgrade AI, Inc. (“we,” “us,” or “our”), including through our website and our online or offline offerings (collectively, the “Services”).

 

1. ABOUT Upgrade AI

Upgrade AI provides a platform of AI agents that help our business customers (“Customers”) automate accounting processes (the “Services”). As part of the Services, Customers may upload or connect financial records and related materials (“Customer Materials”), which can include general ledger, bank, AP/AR, payroll, and contract exports. Where Upgrade AI processes personal information contained in Customer Materials on a Customer’s behalf, Upgrade AI acts as a processor/service provider under the applicable Terms & Services agreement. If this Notice conflicts with the Terms & Services, the Terms & Services control.

 

2. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time at our sole discretion. If we do, we will post the updated Privacy Notice on our website and/or send other communications.

 

3. PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we obtain automatically when you use the Services, and personal information from third‑party sources, as described below.

A. Personal Information You Provide to Us Directly
 We may collect personal information that you provide to us, such as:

  • Account and Billing Information (Customer users). Name, work email, role, company, and billing details.

  • Customer Materials. Financial and operational data you or your organization provide to run the Services (which may incidentally include personal information about your employees, vendors, or customers).

  • Your Communications with Us. Contact details and the content of messages when you reach out for support or otherwise communicate with us.

  • Business Development & Events. Contact details you share at conferences, trade shows, or similar events.

  • Job Applications. Information you provide with an application (e.g., contact information, CV).

B. Personal Information Collected Automatically
We may collect certain information automatically when you use the Services, such as IP address, device and browser information, identifiers, usage telemetry, diagnostics, and log data.

Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of the Services. See “Your Privacy Choices and Rights” below for choices regarding these Technologies.

C. Personal Information Collected from Third‑Party Sources
We may collect information from integrations you enable (e.g., ERP, payroll, bank feeds, storage), identity/SAML providers, service providers that help us operate the Services, and publicly available sources.

 

4. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and for limited marketing, as described below.

A. Customer Materials (Processor Role)
When acting as a processor/service provider, we use Customer Materials only to provide the Services, as permitted by our contracts with the Customer or as required by law.

B. Provide the Services
We use personal information to fulfill our contract with you and provide the Services, such as:

  • Managing accounts and providing access to features;

  • Running agents on Customer Materials and (if authorized) writing back to connected systems;

  • Providing support and communicating about the Services.

C. Administrative Purposes
 We use personal information for:

  • Operating, maintaining, securing, repairing, and improving the Services;

  • Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible;

  • Analytics, quality assurance, and product development;

  • Creating de‑identified and/or aggregated information; and

  • Enforcing our agreements and policies, and complying with legal obligations.

For third‑party model providers we use, we configure zero data retention/no training settings where available.

D. Marketing
We may send limited B2B marketing communications as permitted by law. You may opt out at any time (see Section 9).

E. With Your Consent
We may use personal information for other purposes that are clearly disclosed at the time you provide it or with your consent.

F. Other Purposes
We also use personal information for other purposes as requested by you or as permitted by applicable law.

5. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in connection with a business transaction.

A. Disclosures to Provide the Services

  • Service Providers/Sub‑processors. Hosting, infrastructure, security, logging, analytics, email, support, and similar vendors.

  • Third‑Party AI/LLM Providers. We use providers such as OpenAI, Anthropic, Mistral, and Google DeepMind (Gemini) to power certain features; we apply zero‑retention/no‑training settings.

  • Integrations You Enable. ERPs, payroll, bank feeds, storage, and other systems you connect.

B. Disclosures to Protect Us or Others
We may access, preserve, and disclose information if we believe doing so is required or appropriate to: comply with law or legal process; protect rights, property, or safety; enforce our policies or contracts; collect amounts owed; or assist with an investigation of suspected or actual illegal activity.

C. Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, transition of service, or similar transaction, personal information may be transferred as part of that transaction.

No “sale” or “share.” We do not sell personal information and do not share it for cross‑context behavioral advertising.

6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

We may process and store information in the United States or other countries where we or our service providers operate. Where required by contract, we will follow agreed data‑location or transfer requirements.

 

7. RETENTION OF PERSONAL INFORMATION

We retain personal information as described in this Notice and as set out in our Customer agreements and DPA. When the agreement ends, upon Customer instruction, we delete Customer Materials, subject to routine backup and log retention for limited periods and legal requirements.

8. SECURITY

We use reasonable technical and organizational measures to protect information from unauthorized access, loss, misuse, or disclosure. These measures include access controls, encryption in transit and at rest where appropriate, network and infrastructure safeguards, and periodic reviews of our security practices. We maintain and improve these safeguards over time.

 

9. YOUR PRIVACY CHOICES AND RIGHTS

Email Communications. You can use the unsubscribe link in marketing emails to opt out. We may still send transactional or service messages.
“Do Not Track.” We do not respond to DNT signals.
Cookies. You can control cookies via your browser or device settings; some features may not function without them.
Rights. Depending on your location, you may have rights (e.g., access, correction, deletion, portability, restriction, objection).

  • When Upgrade AI acts as processor, we will implement or forward requests to the Customer (controller).

  • When Upgrade AI acts as controller (e.g., for our own business contacts), contact us as set out below.

 

10. THIRD‑PARTY WEBSITES/APPLICATIONS

The Services may contain links to or integrate with third‑party websites/applications. Those services are not controlled by us. Review their privacy policies before providing information.

11. CHANGES TO THIS NOTICE

We may update this Notice from time to time. We will post the updated version with a revised “Last Updated” date and provide additional notice where required.

 

12. CONTACT US

If you have questions about our privacy practices or this Privacy Notice, or to exercise your rights when we act as controller, please contact us.

bottom of page