Privacy Policy

Last Updated: January 2026

1. Introduction

Gamut Agent ("we," "us," or "our") provides an Autonomous Due Diligence Engine (the "Service"). We are committed to protecting your privacy and the confidentiality of your investment strategies. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our autonomous deal flow engine and related services.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1. Information You Provide

When you use the Service, we collect:

Account Information: Name, email address, organization name, and authentication credentials (stored securely via Firebase Authentication)
Billing Information: Processed securely through Stripe; we do not store full credit card details
Investment Theses: Specific criteria, constraints, and logic rules you input into the Agent (e.g., "SaaS companies in SF with >20 engineers")
Feedback Data: Rejections, approvals, and reasoning you provide to the "Memory Bank" for reinforcement learning

2.2. Information We Collect from Third Parties (The "Intelligence Layer")

To perform due diligence, our Agents aggregate data from:

Publicly Available Web Data: We employ autonomous agents to crawl and index publicly available business websites, LinkedIn profiles, and public databases
Data Partners: We utilize third-party enrichment providers (e.g., People Data Labs, Clearbit) to verify firmographic details
Digital Footprints: DNS records, HTTP headers, and technical infrastructure signals

Important Note on Business Data: Our Service focuses on commercial entities, not individuals. While some business contact information (B2B data) may be processed, our intent is corporate intelligence, not consumer profiling.

We do not control the privacy practices of third-party data providers. We recommend reviewing their respective privacy policies.

2.3. Usage and Technical Data

We automatically collect information about how you interact with the Service:

Deal flow pipeline data (companies discovered, approved, or discarded)
API usage patterns and performance metrics
Device information, IP address, and browser type

3. How We Use Your Information

We use the collected information to:

Execute Missions: Process your queries through our "Defense-in-Depth" architecture to identify and verify targets
Build Institutional Memory: Use your feedback (e.g., "False Positive" flags) to tune the specific parameters of your dedicated workspace
Prevent Hallucinations: Use data to verify the existence of digital assets via our proprietary Hallucination Firewall™
Process Payments: Handle subscription billing and manage your account
Communicate: Send service updates, security alerts, and respond to your inquiries
Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
Comply with Legal Obligations: Meet regulatory requirements and respond to lawful requests

4. AI & Third-Party Subprocessors

Gamut Agent is an "AI-Native" application. To provide our Service, strictly necessary data is transmitted to the following Large Language Model (LLM) providers for inference:

Google Cloud Vertex AI: For US-based inference and reasoning
OpenAI / DeepSeek: For specific regional or complex reasoning tasks

Model Training Policy: We do NOT use your proprietary Investment Theses or private Deal Flow to train foundational models shared with other customers. Your "Memory Bank" is logically isolated to your tenant. The constraints and preferences you teach the Agent are used only to improve recommendations within your workspace, not to train models that benefit other users.

This isolation ensures that your investment strategies remain confidential and are not used to improve the Service for your competitors.

5. Web Scraping & Compliance

Our autonomous agents adhere to strict ethical guidelines when accessing publicly available business data:

Public Data Only: We only access and index publicly available business information from company websites, public databases, and professional networks
Respect robots.txt: We respect robots.txt protocols where applicable
Rate Limiting: We limit request rates to prevent load on target servers
Relevant Data Only: We only extract data relevant to business verification (e.g., team size, product description, funding stage)
No Personal Data: Our focus is on corporate intelligence (B2B data), not individual consumer data

If you believe we have accessed data inappropriately, please contact us at privacy@gamutagent.ai.

6. Data Storage and Security

6.1. Infrastructure

Your data is stored on Google Cloud Platform infrastructure, which provides:

Encryption at rest (AES-256) and in transit (TLS 1.3)
Data isolation per team/organization
SOC 2 Type II compliance
99.9% uptime SLA

We employ a "Defense-in-Depth" security model. However, no method of transmission over the Internet is 100% secure.

6.2. Data Retention

Mission History: We retain logs of your searches and deep dives to allow you to review past decisions.

Memory Bank: We retain your constraint preferences indefinitely to ensure the Agent maintains its learned behavior within your workspace.

Right to Delete: You may request the deletion of your account and associated "Memory Bank" data by contacting privacy@gamutagent.ai. We will delete your personal information within 30 days of your request, subject to legal retention requirements.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers: With trusted third parties who assist in operating the Service (e.g., Google Cloud, Stripe, data enrichment providers), subject to strict confidentiality agreements
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
With Your Consent: When you explicitly authorize us to share information

8. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information through your account settings or by contacting us
Deletion: Request deletion of your account and associated data
Data Portability: Export your deal flow pipeline data in a machine-readable format
Opt-Out: Unsubscribe from marketing communications (service-related emails will continue)

To exercise these rights, contact us at privacy@gamutagent.ai.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

Maintain your authentication session
Remember your preferences
Analyze usage patterns to improve the Service

You can control cookies through your browser settings. Note that disabling cookies may limit certain features of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) for EU data transfers
Compliance with applicable data protection laws (GDPR, CCPA, etc.)

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification for significant changes

Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, please contact:

Email: privacy@gamutagent.ai
Organization: Gamut Intelligence Lab