Operator 23

Home

About

Pricing

Try your first agents

Privacy Policy

Last Updated: March 5, 2026

Welcome to o23 ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of the data you entrust to our AI-powered automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (the "Service").

By accessing or using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect information that you provide directly to us, information we collect automatically, and information from third-party integrations.

A. Information You Provide

  • Account Data: When you register, we collect your name, email address, and authentication credentials (e.g., via Google OAuth or Magic Links).

  • User Content: We collect the natural language prompts, instructions, files, and data you provide to our AI agents to execute tasks.

  • Support Communications: Records of any correspondence if you contact us for technical support or inquiries.

B. Information Collected Automatically

  • Usage Data: We log your IP address, browser type, operating system, and details of how you interact with the Service (e.g., time spent, features used).

  • Agent Execution Logs: We maintain detailed logs of agent actions, including steps taken, API calls made to third parties, and execution outputs to ensure system reliability and auditability.

C. Information from Third-Party Integrations

  • OAuth Tokens: If you connect third-party services (e.g., Google Workspace, Slack, Notion), we store the access tokens required to perform actions on your behalf.

  • Integration Data: Our agents may read data from your connected accounts (e.g., email headers, calendar events, spreadsheet rows) strictly to perform the tasks you have requested.

2. How We Use Your Information

We process your data based on the following legal grounds: Performance of a Contract (to provide the service), Legitimate Interest (to improve our AI and secure our platform), and Consent (where required by law).

  • Service Provision: To execute the automations and tasks you describe.

  • Improvement & Personalization: To refine our AI agent's ability to understand your prompts and optimize execution flows.

  • Security & Troubleshooting: To detect, prevent, and address technical issues or fraudulent activity.

  • Communication: To send you service updates, security alerts, and administrative messages.

3. AI Processing and Automated Decision-Making

A. Model Providers

Our Service utilizes Large Language Models (LLMs) provided by third parties such as OpenAI and Anthropic. When an agent executes a task, relevant portions of your prompts and integration data may be sent to these providers.

B. Data Training

We do not sell your data to AI model providers. By default, we strive to use enterprise-grade API tiers that do not use your submitted data to train the provider's global models.

C. Automated Execution

While our agents operate autonomously to fulfill your requests, you maintain control via "Manual Trigger" settings. We do not use automated processing to make "legal or similarly significant" decisions about you without your direction.

4. Third-Party Integrations and APIs

A. Scoped Access (Least Privilege)

Our system is designed to request the minimum necessary permissions (Scopes) required for a task. For example, if an agent only needs to read emails, we will not request permission to delete them.

B. Google API Disclosure

o23's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Retention

  • Account Information: Retained as long as your account is active.

  • Execution Logs: Retained for a period of 30 to 90 days for troubleshooting and security auditing, unless a longer period is required by law.

  • OAuth Tokens: Stored until you disconnect the integration or close your account.

  • Deletion: Upon account closure, we will delete or anonymize your data within 30 days, except where retention is required for legal compliance.

6. Data Security

We implement enterprise-grade technical and organizational measures:

  • Encryption: All data is encrypted at rest using AES-256 and in transit via TLS 1.2+.

  • Isolation: We use Row-Level Security (RLS) to ensure that your data is logically isolated from other users.

  • Access Control: Access to our production databases is restricted to essential personnel and protected by multi-factor authentication (MFA).

7. International Data Transfers

o23 is based in [Your Country/Region, e.g., Sweden/USA]. Your information may be transferred to and processed in countries where our infrastructure providers (e.g., Supabase, Vercel) operate. For users in the EEA or UK, we ensure that such transfers are governed by Standard Contractual Clauses (SCCs) or other valid transfer mechanisms.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

  • Right to Access/Know: Request a copy of the personal data we hold about you.

  • Right to Deletion: Request that we erase your personal data.

  • Right to Rectification: Request that we correct inaccurate data.

  • Right to Opt-Out (CCPA): We do not "sell" or "share" your personal information for cross-contextual behavioral advertising as defined by the CCPA.

  • Right to Portability: Request your data in a structured, machine-readable format.

To exercise these rights, please contact us at [Your Contact Email].

9. Cookies and Tracking

We use essential cookies for authentication and session management. We may use analytical cookies (e.g., PostHog or Google Analytics) to understand how users interact with our site. You can manage your cookie preferences through your browser settings.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are made constitutes your acceptance of the new policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at:

o23 Legal Team
Email: info@o23.com
Website: o23.com

o23

Stockholm | New York
Ozsoy AB

About

Pricing

Terms of Service

Privacy Policy