Privacy Policy | Intelogos

1. Introduction and Scope

This Privacy Policy ("Policy") describes how Intelogos Inc. ("Company," "Intelogos," "we," "us," or "our") collects, uses, processes, stores, shares, and protects information when you use our workforce analytics and AI-powered performance management platform, including our website at https://intelogos.com, web application at https://team.intelogos.com, Background and desktop agents (desktop applications), APIs, integrations, and all related services (collectively, the "Service").

This Policy applies to all users of the Service, including: (a) organizational customers ("Customers") who subscribe to the Service; (b) employees, contractors, and agents of Customers whose activities are monitored through the Service ("Authorized Users" or "Monitored Users"); and (c) visitors to our website ("Visitors").

IMPORTANT — DUAL RELATIONSHIP NOTICE: Intelogos operates as a business-to-business (B2B) platform. When a Customer (employer) uses the Service to monitor Authorized Users (employees), the Customer is the data controller who determines the purposes and means of processing, and Intelogos acts as a data processor on behalf of the Customer. This means that the Customer — not Intelogos — is primarily responsible for ensuring that the collection and processing of Authorized User data complies with applicable law, including obtaining any required consents and providing any required notices to Authorized Users.

If you are an Authorized User whose employer uses Intelogos, your employer's privacy policies and monitoring disclosures govern how your data is collected and used. Please contact your employer for information about its monitoring practices and your rights regarding your data. Intelogos processes your data on behalf of and at the instruction of your employer.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, do not use the Service.

2. Information We Collect

2.1 Information Provided by Customers

When a Customer registers for and uses the Service, we collect information provided directly by the Customer, including:

Account Information: Company name, administrator name, email address, phone number, billing address, and job title.
Billing Information: Payment card details, billing address, and transaction history. Payment card details are processed by our third-party payment processor and are not stored on our servers.
Authorized User Information: Names, email addresses, job titles, departments, team assignments, and other organizational information provided by the Customer when setting up Authorized User accounts or deploying the Background Agent.
Configuration Data: Customer's settings, preferences, monitoring policies, team structures, project assignments, and integration configurations.

2.2 Activity Data Collected from Authorized Users

The core function of the Service is to collect detailed information about Authorized Users' computer activities through the Background Agent or browser-based tracking. The types of Activity Data we collect include, but are not limited to:

Application Usage: Names and identifiers of all applications and processes running on the Authorized User's device, including start/stop times and duration of use.
Website & Browser Activity: URLs of websites visited, page titles, browser names, and time spent on each website or page.
Window Information: Names and titles of all active windows, including document names, email subject lines, or other content that may appear in window titles.
Keyboard Activity Indicators: Whether the keyboard is active or idle during a given period. We do NOT capture actual keystrokes, key combinations, or the content of what is typed.
Mouse Activity Indicators: Whether the mouse is active or idle during a given period. We do NOT capture actual mouse clicks, cursor positions, movements, or screen content.
Time & Attendance: Login/logout times, active and idle periods, total work hours, break periods, and attendance patterns.
Project & Task Tracking: Time allocated to specific projects or tasks as configured by the Customer, including manual time entries.
System Information: Operating system, device type, device name, IP address, timezone, and system configuration relevant to the Service's operation.

IMPORTANT CLARIFICATION: The Service does NOT capture screenshots, screen recordings, actual keystroke content (what keys are pressed), mouse click content, webcam images, audio recordings, or the substantive content displayed on screen. However, window titles and website URLs may inadvertently contain sensitive or personal information (e.g., email subject lines, document titles, search queries).

Technical clarification on activity indicators: "Keyboard activity indicators" means binary active/idle status — the system detects whether any keyboard input occurred during a given time interval, but does not record which keys were pressed, typing patterns, key frequency, or any content. "Mouse activity indicators" means binary active/idle status — the system detects whether mouse movement or clicks occurred during a given interval, but does not record cursor positions, click targets, scroll behavior, or screen coordinates.

2.3 Data from Third-Party Integrations

When a Customer connects the Service to third-party platforms (such as project management tools, communication platforms, calendars, CRM systems, or other business applications), we may collect additional data from those platforms about Authorized Users' activities, including but not limited to: task completion data, communication metadata, calendar events, project progress, and other activity metrics. The scope of data collected from Third-Party Integrations depends on the Customer's configuration and the permissions granted. As we develop new integrations, the types and volume of third-party data collected may expand.

2.4 Website Visitor Data

When Visitors browse our website, we automatically collect: IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, device type, approximate location (based on IP address and timezone), and interactions with our website content. We collect this data using cookies, web beacons, pixels, and similar tracking technologies.

2.5 Google API Services Data

Customers may choose to connect their Google Workspace account to facilitate inviting Authorized Users. When connected, we access names and email addresses of users in the Customer's workspace solely for the purpose of streamlining user invitations. If the Customer invites a user from Google Workspace, we save that user's name and email to our platform. We do not share this data with other third parties. Intelogos' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Information

3.1 Service Delivery and Operation

To provide, operate, maintain, and improve the Service, including generating workforce analytics, productivity insights, performance assessments, time tracking reports, attendance records, and burnout predictions.
To process Activity Data through AI and machine learning algorithms to generate automated insights, scores, recommendations, and analytics for Customers.
To facilitate Third-Party Integrations and aggregate data from multiple sources as configured by the Customer.
To manage Customer accounts, process subscriptions, and handle billing.

3.2 AI and Automated Processing

Activity Data is processed using artificial intelligence and machine learning technologies, including third-party AI providers, to generate: productivity scores, performance analytics, work pattern analyses, burnout risk indicators, project time estimates, and other workforce insights. Customer acknowledges and agrees that AI-generated output may contain errors, inaccuracies, or biases, and should not be relied upon as the sole basis for employment decisions. See Section 10 for important disclaimers regarding AI processing.

3.3 Communication

To send service-related notifications, updates, security alerts, account information, and administrative messages. To send marketing communications (to Customers and Visitors only, not Authorized Users), which can be opted out of at any time.

3.4 Security and Fraud Prevention

To detect, prevent, and respond to security incidents, fraud, abuse, and violations of our Terms of Service.

3.5 Legal Compliance

To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3.6 Aggregated and De-identified Data

We may create aggregated, de-identified, or anonymized data from Activity Data and other information that does not identify any individual or Customer. We may use such data for any lawful purpose, including product improvement, research, benchmarking, analytics, and the development of new products and services, without restriction or compensation. Such data is not subject to this Privacy Policy.

4. Legal Bases for Processing

If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases:

4.1 For Customer and Visitor Data

Contractual Necessity: Processing is necessary to perform our contract with the Customer (i.e., to provide the Service).
Legitimate Interests: Processing is necessary for our legitimate business interests, including operating and improving the Service, marketing (with opt-out), and ensuring security, provided these interests are not overridden by data subjects' rights.
Consent: Where we rely on consent (e.g., for certain marketing communications or cookies), you may withdraw consent at any time.
Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

4.2 For Authorized User Data

The legal basis for processing Authorized User data is determined by the Customer (as data controller), not by Intelogos. Common legal bases that Customers may rely on include: (a) the Customer's legitimate interests in managing and monitoring its workforce; (b) the performance of the employment contract; (c) consent of the Authorized User, where required; or (d) compliance with a legal obligation. Customers are solely responsible for determining and documenting the appropriate legal basis for processing Authorized User data and for communicating this to Authorized Users.

5. How We Share Information

5.1 With the Customer

Activity Data and analytics generated from Authorized Users' activities are shared with the Customer (employer) and its designated administrators and managers in accordance with the Customer's configuration and access controls.

5.2 Service Providers and Sub-processors

We share information with third-party service providers who assist in providing the Service, including:

Cloud Infrastructure: Amazon Web Services (AWS) for data hosting and processing.
AI Providers: Third-party artificial intelligence and machine learning providers for processing Activity Data and generating insights. Customer Data transmitted to AI providers is subject to those providers' data processing terms and practices. While we contractually require our AI providers to maintain confidentiality and security, we cannot guarantee that AI providers will not use data to train or improve their models unless their terms explicitly prohibit such use.
Payment Processors: Third-party payment processors for handling subscription billing.
Analytics Providers: Website analytics services to understand how our website is used.
Communication Services: Email and notification delivery services.

We require all service providers to process data only on our instructions and to maintain appropriate security measures. A list of our current sub-processors is available upon request.

5.3 Third-Party Integrations

When a Customer connects the Service to Third-Party Integrations, data may flow between the Service and those third-party platforms. The sharing of data with Third-Party Integrations is initiated and configured by the Customer, and is subject to the third party's terms and privacy policies. We are not responsible for the privacy practices of third-party integration providers.

5.4 Legal Requirements

We may disclose information if required to do so by law, regulation, court order, subpoena, or other valid legal process. Where legally permissible, we will use commercially reasonable efforts to notify the Customer before disclosing Customer Data in response to legal process.

5.5 Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, information may be transferred to the successor entity. We will notify Customers of any such transfer and any choices they may have regarding their data.

5.6 With Consent

We may share information with third parties when we have consent to do so or when directed by the Customer.

5.7 Aggregated Data

We may share aggregated, de-identified data that does not identify any individual or Customer with any third party for any purpose.

6. Data Security

6.1 Security Measures

We implement commercially reasonable administrative, technical, and physical safeguards to protect information, including:

Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent).
Access controls and role-based permissions to limit access to data.
Regular security assessments and vulnerability testing.
Employee security training and background checks.
Incident response and data breach notification procedures.
Secure software development practices.
Physical security at data center facilities (managed by AWS).

6.2 Security Certifications

We will, upon Customer's reasonable request and no more than once per calendar year, provide a summary of our information security program and any applicable third-party security certifications or audit reports (such as SOC 2 Type II).

6.3 Data Breach Response

In the event of a confirmed data breach affecting Customer Data, we will: (a) notify the Customer without undue delay after becoming aware of the breach; (b) provide commercially reasonable cooperation to assist the Customer in meeting its breach notification obligations; and (c) take appropriate steps to contain, investigate, and remediate the breach. Notification to individual Authorized Users is the Customer's responsibility.

7. Data Retention

7.1 Retention During Subscription

We retain Customer Data and Activity Data for the duration of the Customer's Subscription Term.

7.2 Retention After Termination

Following termination or expiration of a subscription: (a) Customer Data is available for export for thirty (30) days; (b) after the export period, Customer Data is deleted from active production systems within ninety (90) days; and (c) Customer Data in backup systems is deleted in the ordinary course of backup rotation, not to exceed one hundred eighty (180) days from production deletion.

7.3 Aggregated Data

De-identified, aggregated, or anonymized data may be retained indefinitely and is not subject to deletion requests.

7.4 Legal Hold

We may retain data beyond the standard retention periods if required by applicable law, legal process, or to resolve disputes and enforce agreements.

8. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data:

8.1 For All Users

Access: The right to request a copy of the personal data we hold about you.
Correction: The right to request correction of inaccurate or incomplete data.
Deletion: The right to request deletion of your personal data, subject to legal retention requirements.
Opt-out of Marketing: The right to opt out of marketing communications at any time.

8.2 Additional Rights Under GDPR (EEA/UK)

Restriction of Processing: The right to request restriction of processing in certain circumstances.
Data Portability: The right to receive your data in a structured, commonly used, machine-readable format.
Objection: The right to object to processing based on legitimate interests.
Withdraw Consent: The right to withdraw consent at any time, where processing is based on consent.
Automated Decision-Making: The right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
Lodge a Complaint: The right to lodge a complaint with a supervisory authority.

8.3 Additional Rights Under CCPA/CPRA (California)

Right to Know: The right to know what personal information we collect, use, disclose, and sell.
Right to Delete: The right to request deletion of personal information.
Right to Correct: The right to request correction of inaccurate personal information.
Right to Opt-Out: The right to opt out of the sale or sharing of personal information. We do not sell personal information.
Non-Discrimination: The right not to be discriminated against for exercising privacy rights.

8.4 For Authorized Users

If you are an Authorized User whose employer uses Intelogos, please direct privacy requests to your employer first. Your employer, as the data controller, is responsible for responding to your privacy rights requests. We will assist your employer in fulfilling such requests as required by applicable law.

8.5 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at privacy@intelogos.com. We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA/CPRA requests). We may need to verify your identity before processing your request.

9. International Data Transfers and Jurisdiction-Specific Provisions

9.1 International Data Transfers

Information collected through the Service may be transferred to and processed in the United States and other countries where we or our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions.

For transfers of personal data from the EEA, UK, or Switzerland to the United States or other countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, including: Standard Contractual Clauses (SCCs) approved by the European Commission; UK International Data Transfer Addendum; and any other approved transfer mechanisms under applicable law.

9.2 CCPA/CPRA Compliance (California)

For California residents: We do not "sell" personal information as defined by the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA. California residents may exercise their rights under the CCPA/CPRA by contacting us at privacy@intelogos.com.

9.3 GDPR Compliance (EEA/UK)

For individuals in the EEA and UK: We provide the rights and protections described in Section 8.2. We offer Data Processing Addendums (DPAs) for Customers who require them (see Section 13). We support Customers in conducting Data Protection Impact Assessments (DPIAs) before deploying employee monitoring. Intelogos will provide reasonable cooperation in connection with DPIAs upon request.

9.4 Responding to Data Subject Requests

Customers are responsible for responding to data subject rights requests from their Authorized Users. Intelogos will provide commercially reasonable assistance to Customers in fulfilling such requests, subject to applicable fees for assistance beyond standard self-service capabilities.

10. Disclaimers and Limitation of Liability

10.1 No Guarantee of Data Accuracy

INTELOGOS MAKES NO WARRANTY OR REPRESENTATION REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, OR TIMELINESS OF ANY DATA COLLECTED, PROCESSED, OR GENERATED BY THE SERVICE, INCLUDING ACTIVITY DATA, AI-GENERATED INSIGHTS, PRODUCTIVITY SCORES, PERFORMANCE ASSESSMENTS, BURNOUT PREDICTIONS, AND OTHER ANALYTICS. DATA COLLECTION MAY BE AFFECTED BY TECHNICAL LIMITATIONS, SOFTWARE CONFLICTS, NETWORK CONDITIONS, DEVICE CONFIGURATIONS, AND OTHER FACTORS BEYOND INTELOGOS' CONTROL.

10.2 No Guarantee of Security

WHILE INTELOGOS IMPLEMENTS COMMERCIALLY REASONABLE SECURITY MEASURES, NO SYSTEM IS COMPLETELY SECURE. INTELOGOS DOES NOT GUARANTEE THAT INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR SAFEGUARDS. INTELOGOS SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, OR BREACH OF, CUSTOMER DATA OR AUTHORIZED USER DATA, EXCEPT TO THE EXTENT DIRECTLY CAUSED BY INTELOGOS' GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.

10.3 AI Processing Disclaimer

AI-GENERATED OUTPUT (INCLUDING PRODUCTIVITY SCORES, PERFORMANCE ASSESSMENTS, BURNOUT PREDICTIONS, AND RECOMMENDATIONS) IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND MAY CONTAIN ERRORS, INACCURACIES, OR BIASES. AI OUTPUT SHOULD NOT BE USED AS THE SOLE OR PRIMARY BASIS FOR EMPLOYMENT DECISIONS, DISCIPLINARY ACTIONS, TERMINATIONS, PROMOTIONS, OR ANY OTHER MATERIAL DECISIONS AFFECTING INDIVIDUALS. CUSTOMERS ARE SOLELY RESPONSIBLE FOR REVIEWING, VALIDATING, AND INDEPENDENTLY VERIFYING AI-GENERATED OUTPUT BEFORE TAKING ANY ACTION BASED THEREON. INTELOGOS SHALL HAVE NO LIABILITY FOR ANY DECISION OR ACTION TAKEN BASED ON AI-GENERATED OUTPUT.

10.4 Third-Party Processing Disclaimer

INTELOGOS IS NOT LIABLE FOR THE ACTS OR OMISSIONS OF THIRD-PARTY SERVICE PROVIDERS, INCLUDING AI PROVIDERS, CLOUD INFRASTRUCTURE PROVIDERS, AND PROVIDERS OF THIRD-PARTY INTEGRATIONS. THIS INCLUDES, WITHOUT LIMITATION, ANY USE OF DATA BY THIRD-PARTY AI PROVIDERS FOR MODEL TRAINING OR IMPROVEMENT, ANY SECURITY BREACHES AT THIRD-PARTY PROVIDERS, AND ANY INTERRUPTIONS OR ERRORS IN THIRD-PARTY SERVICES.

10.5 Customer Liability

INTELOGOS SHALL HAVE NO LIABILITY FOR: (A) CUSTOMER'S FAILURE TO COMPLY WITH APPLICABLE LAWS REGARDING EMPLOYEE MONITORING, DATA PROTECTION, OR PRIVACY; (B) CUSTOMER'S FAILURE TO PROVIDE REQUIRED NOTICES TO OR OBTAIN REQUIRED CONSENTS FROM AUTHORIZED USERS; (C) ANY EMPLOYMENT DECISION MADE BY CUSTOMER BASED ON DATA OR ANALYTICS FROM THE SERVICE; (D) ANY CLAIM BY AN AUTHORIZED USER, EMPLOYEE, CONTRACTOR, REGULATOR, OR THIRD PARTY AGAINST CUSTOMER ARISING FROM CUSTOMER'S USE OF THE SERVICE; OR (E) ANY HARM, DAMAGE, OR LOSS RESULTING FROM CUSTOMER'S USE OF THE SERVICE IN VIOLATION OF APPLICABLE LAW OR THIS POLICY.

10.6 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INTELOGOS' TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY OR THE PROCESSING OF PERSONAL DATA HEREUNDER SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID BY THE CUSTOMER TO INTELOGOS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY. IN NO EVENT SHALL INTELOGOS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, GOODWILL, OR REPUTATION.

The limitations in this section reflect the allocation of risk between the parties, are an essential element of the basis of the bargain, and shall apply regardless of the form of action, whether in contract, tort, strict liability, or otherwise.

11. Children's Privacy

The Service is not directed at, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information. If you believe we have inadvertently collected information from a minor, please contact us at privacy@intelogos.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, applicable law, or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date. We will use commercially reasonable efforts to notify Customers of material changes (e.g., by email or in-app notification). Continued use of the Service after the updated Policy takes effect constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

13. Data Processing Addendum

For Customers subject to the GDPR, UK GDPR, or other data protection laws that require a written data processing agreement (including GDPR Article 28), Intelogos provides a Data Processing Addendum (DPA) that governs our processing of personal data on behalf of the Customer. The execution of a DPA is mandatory for Customers processing personal data of individuals in the EEA, UK, or Switzerland. The DPA includes: the subject matter and duration of processing; the nature and purpose of processing; the types of personal data processed; the categories of data subjects; the obligations and rights of the data controller; sub-processor management requirements; data breach notification obligations; audit rights; data deletion/return obligations; and international transfer safeguards. Customers may request a DPA by contacting privacy@intelogos.com. The DPA, once executed, is incorporated into and forms part of the Terms of Service.

14. Automated Decision-Making and Profiling

The Service uses automated processing, including AI and machine learning algorithms, to analyze Activity Data and generate workforce analytics such as productivity scores, performance assessments, burnout risk indicators, and work pattern analyses. This processing constitutes profiling as defined under GDPR Article 4(4).

However, Intelogos does not make automated decisions that produce legal effects or similarly significant effects on Authorized Users (as contemplated by GDPR Article 22). All AI-generated output is provided to the Customer as informational and analytical tools. Any decisions regarding Authorized Users — including employment, compensation, disciplinary, or other personnel decisions — are made by the Customer, not by Intelogos. Intelogos does not automate hiring, firing, promotion, or disciplinary decisions.

Customers are solely responsible for ensuring that their use of AI-generated output complies with applicable laws regarding automated decision-making and profiling, including providing transparency to Authorized Users about the existence and logic of profiling, and ensuring meaningful human review of any decisions that significantly affect Authorized Users.

15. Background Agent

The Background and desktop agents are desktop applications that must be installed on Authorized Users' devices to enable activity monitoring. Key information about the Background Agent:

Installation: The Background Agent is installed by the Customer or its IT administrators. Installation typically requires administrative privileges on the device. Intelogos does not install the Background Agent on any device without the Customer's initiation.
Operation: The Background Agent runs as a background process and collects Activity Data as described in Section 2.2. It operates during periods when the device is in use and transmits collected data to our servers over encrypted connections.
Visibility: The Background Agent appears as a standard application process in system process managers, task managers, and installed application lists. It is not designed to be hidden, to function as a rootkit, or to evade security software. Authorized Users may be able to detect the Background Agent through standard system monitoring.
BYOD Considerations: If the Customer deploys the Background Agent on devices owned by Authorized Users (Bring Your Own Device), the Customer is solely responsible for: obtaining appropriate authorization from the device owner; ensuring monitoring is limited to work-related activities; and complying with applicable laws regarding monitoring of personal devices. Intelogos cannot technically distinguish between work and personal activity on a device.
Uninstallation: The Customer is responsible for removing the Background Agent from all devices upon termination of the Service or upon an Authorized User's departure. Intelogos may, but is not obligated to, remotely disable the Background Agent upon subscription termination.
Data Outside Work Hours: The Background Agent may collect data whenever the device is in use, which may include periods outside normal work hours. The Customer is responsible for configuring monitoring schedules and for compliance with applicable laws regarding off-hours monitoring. Intelogos provides configuration options to limit monitoring to specific hours, but the Customer is responsible for setting and maintaining these configurations.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Intelogos Inc.
251 Little Falls Drive
Wilmington, DE 19808
United States

General inquiries: team@intelogos.com
Privacy-specific inquiries: privacy@intelogos.com
Data subject requests: privacy@intelogos.com

If you are located in the EEA or UK and believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.