aibos.
Start building
§ Legal

Privacy Policy

Last updated: May 17, 2026 Effective date: May 17, 2026

This Privacy Policy explains how EA Limitless LLC ("we," "us," "our") collects, uses, shares, and protects information when you use AI Business OS (the "Service").

By using the Service, you consent to the practices described in this Policy.

1. Who We Are

We are the controller of personal information collected through AI Business OS.

2. Information We Collect

2.1 Information You Provide

Account information:

  • Email address
  • Display name (if provided)
  • Password (encrypted, never stored in plain text)
  • Profile information you choose to add

Business content:

  • Business ideas, descriptions, categories
  • AI prompts and inputs you submit
  • AI-generated outputs (plans, monetization roadmaps, automation blueprints, coaching responses)
  • Weekly check-in entries (wins, blockers, revenue, customer counts, hours)
  • Notes and other content you create

Payment information:

  • Processed and stored by Stripe (we do not store full payment card numbers)
  • Subscription status, plan tier, billing history
  • Billing email (if different from account email)

Communications:

  • Support inquiries and our responses
  • Feedback you submit
  • Email preferences

2.2 Information Collected Automatically

Authentication data (from Google OAuth, if used):

  • Name and email from your Google account
  • Profile photo URL (if provided by Google)
  • Google account ID

Usage data:

  • Pages visited, features used, generations made
  • Timestamps and frequency of actions
  • AI cost and token usage per generation
  • Streak counts and check-in history

Technical data:

  • IP address (used for security and rate limiting, not retained long-term)
  • Browser type and version
  • Device type and operating system
  • Referrer URLs

Cookies and similar technologies:

  • Authentication cookies (essential, cannot be disabled)
  • Session cookies (essential)
  • We do not use third-party advertising cookies or marketing pixels at this time

2.3 Information from Third Parties

  • Stripe: Payment status, billing events, subscription state changes
  • Google OAuth: If you sign in with Google, we receive the profile information you authorized
  • Resend: Email delivery status (delivered, bounced, opened — for transactional emails only)

3. How We Use Information

We use your information to:

  • Provide the Service: Create your account, generate AI plans and analyses, manage subscriptions, track progress
  • Process payments: Charge subscriptions, process refunds, manage billing
  • Communicate: Send transactional emails (welcome, quota warnings, payment notifications, weekly nudges, referral confirmations)
  • Improve the Service: Analyze usage patterns in aggregate, debug issues, develop new features
  • Prevent fraud and abuse: Detect suspicious activity, enforce our Terms, investigate violations
  • Comply with legal obligations: Respond to lawful requests, maintain records required by law
  • Provide support: Respond to your inquiries and resolve issues

We do not sell your personal information to third parties.

4. AI Processing and Third-Party AI Providers

When you use AI features of AI Business OS, your inputs (business ideas, prompts, check-in entries, context from prior generations) are processed by third-party AI providers including:

  • OpenAI (GPT-5 and related models)
  • Anthropic (Claude Sonnet, Claude Haiku, and related models)

Important disclosures:

  • These providers process your inputs to generate outputs we return to you
  • We send only the data necessary to generate the requested output
  • Per our agreements with these providers (or their default API policies), inputs sent through our API are not used to train their AI models
  • These providers may retain inputs for a limited period for safety/abuse monitoring (typically 30 days)
  • We do not control these providers' internal data handling beyond what is contractually agreed

By using AI features, you understand that your inputs are transmitted to third-party AI providers for processing.

5. Third-Party Services We Use

We share information with the following service providers as necessary to operate the Service:

ServicePurposeData shared
SupabaseDatabase, authentication, infrastructureAll Service data
StripePayment processingBilling email, payment method, subscription state
ResendEmail deliveryRecipient email, message content
OpenAIAI generationPrompts and context
AnthropicAI generation (fallback)Prompts and context
GoogleAuthentication (OAuth, optional)Login state
LovableHosting and deploymentService data via infrastructure

These providers are bound by their own privacy policies and our agreements requiring them to protect your information.

6. How We Share Information

We share information only as described in this Policy:

  • With service providers listed above, to operate the Service
  • For legal compliance when required by law, court order, or government request
  • To prevent harm to investigate suspected fraud, abuse, or safety threats
  • With your consent when you explicitly authorize sharing (e.g., the public sharing feature)
  • In business transfers if EA Limitless LLC is acquired or merges, your data may transfer subject to this Policy

Public sharing feature: If you opt to make an idea publicly viewable, the title, description, plan, monetization roadmap, and your first name (if provided) become accessible to anyone with the link. You control this through the share toggle on each idea.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service.

When you delete your account:

  • We delete your account data within 30 days
  • This includes your ideas, plans, monetization roadmaps, automation blueprints, coaching responses, check-ins, and profile data
  • Some data may persist longer for legitimate reasons:
    • Backup systems: Backups are retained for up to 90 days and rotate out
    • Stripe payment records: Stripe retains payment records as required by law (typically 7 years)
    • Resend email logs: Email delivery records may be retained by Resend per their policies
    • Anonymized aggregate data: Usage statistics may be retained in de-identified form
    • Legal/compliance records: Information required for tax, audit, or legal purposes

After deletion, your data cannot be recovered.

You may request account deletion by emailing contact@ealimitless.com.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

All Users

  • Access: Request a copy of the information we have about you
  • Correction: Update inaccurate information through your account settings or by contacting us
  • Deletion: Delete your account and request data deletion
  • Export: Export your business content as JSON
  • Email preferences: Opt out of non-essential emails through your account settings or unsubscribe links

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we have collected
  • Right to correct inaccurate personal information
  • Right to opt out of sale or sharing of personal information (note: we do not sell personal information)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising these rights

To exercise these rights, contact us at contact@ealimitless.com with subject line "California Privacy Request."

Other US State Residents

Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer privacy laws may have similar rights. Contact us at contact@ealimitless.com to exercise them.

International Users

If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

9. Security

We implement reasonable technical and organizational measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for database storage
  • Password hashing (bcrypt)
  • Role-based access controls
  • Regular security audits and updates
  • Service provider security commitments (Supabase, Stripe, etc.)

No system is perfectly secure. We cannot guarantee absolute security of your information. You are responsible for keeping your account credentials confidential.

If we become aware of a data breach affecting your personal information, we will notify you as required by applicable law.

To report a security vulnerability, contact contact@ealimitless.com with subject "Security."

10. Cookies

We use cookies and similar technologies to:

  • Keep you logged in (essential authentication cookies)
  • Remember your preferences (session cookies)
  • Detect security threats (security cookies)

We do not currently use:

  • Third-party advertising cookies
  • Marketing pixels
  • Cross-site tracking

You can control cookies through your browser settings. Disabling essential cookies will prevent the Service from working correctly.

11. Children's Privacy

The Service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a minor, we will delete it promptly.

If you believe a minor has provided us with personal information, please contact us at contact@ealimitless.com.

12. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.

13. Contact

For privacy questions or to exercise your rights:

EA Limitless LLC Email: contact@ealimitless.com Subject line: "Privacy" or specific request type

For all other inquiries, see our Terms of Service and Contact page.

← Back to AI Business OS