CoAgency

Privacy Policy

Your privacy is important to us. This Privacy Policy explains how PullFlow, Inc. doing business as CoAgency, together with its affiliates and service providers, collects, uses, discloses, and protects personal information when you use our websites, products, services, and integrations, including CoAgency.ai and related applications, APIs, and private beta services.

This Privacy Policy applies to information we collect through:

  • CoAgency.ai and related websites
  • the CoAgency product, private beta, and associated applications
  • integrations and connected services you authorize, including third-party tools and workspace systems
  • communications with us, including support, sales, marketing, and research activities

By using CoAgency, you agree to the collection and use of information as described in this Privacy Policy.

Effective date: March 14, 2026 · Last updated: March 14, 2026

1. Who We Are

CoAgency is a product operated by PullFlow, Inc.

If you have questions about this Privacy Policy or our privacy practices, you may contact us at privacy@pullflow.com.

2. Information We Collect

We collect information in two broad categories:

  • Information you provide directly
  • Information collected automatically or from connected services

2.1 Information you provide directly

We may collect personal information you knowingly provide to us, including:

  • name
  • email address
  • phone number
  • company name
  • job title
  • account credentials and profile details
  • billing or transaction information, if applicable
  • communications you send to us
  • information you provide when requesting access, signing up, completing forms, participating in surveys, or interacting with support

2.2 Information collected automatically

When you access our websites or services, we may automatically collect certain information, including:

  • IP address
  • browser type and version
  • device type
  • operating system
  • pages viewed and actions taken
  • dates, times, and duration of visits or sessions
  • referring URLs and general usage data
  • crash data, diagnostics, logs, and performance information

2.3 Information from connected services and integrations

CoAgency is designed to connect to workplace tools and systems. If you authorize an integration, we may collect and process data from those connected services in order to provide the product.

Depending on the integrations you enable and the permissions you grant, this may include:

  • basic account and profile information
  • workspace metadata
  • email metadata and content
  • calendar metadata and event details
  • files, documents, comments, or attachments
  • messages, channels, threads, tickets, tasks, issues, pull requests, designs, and related collaboration artifacts
  • permissions, membership, and organizational structure data
  • usage and activity history associated with those systems

Examples of connected services may include Google Workspace, Slack, GitHub, Jira, Linear, Figma, Notion, and similar tools.

2.4 User content and workspace data

We collect and process content you or your organization submit to CoAgency, including prompts, instructions, documents, comments, messages, attachments, and workflow context, to provide search, coordination, automation, analytics, AI-assisted features, and other product functionality.

2.5 Transaction and account data

We may collect account administration records, subscription information, audit history, service configuration, onboarding details, and other business records created through your use of the service.

3. How We Use Information

We use personal information and workspace data for the following purposes:

  • to provide, operate, maintain, secure, and improve CoAgency
  • to create and manage accounts, workspaces, and integrations
  • to authenticate users and administer access controls
  • to deliver core product functionality, including shared context, coordination, workflow automation, analytics, and AI-assisted features
  • to respond to support requests, inquiries, and feedback
  • to communicate with you about the service, updates, security notices, and administrative matters
  • to send product news, research, marketing, or event communications where permitted by law
  • to monitor performance, troubleshoot errors, and prevent abuse, fraud, and security incidents
  • to enforce our terms, policies, and legal rights
  • to comply with legal obligations and lawful requests
  • to conduct internal research, quality assurance, and business operations consistent with this Privacy Policy

We may aggregate or de-identify information and use that aggregated or de-identified information for lawful business purposes.

4. Legal Bases for Processing

Where required by applicable law, we process personal information on one or more of the following legal bases:

  • performance of a contract with you or your organization
  • your consent
  • compliance with legal obligations
  • our legitimate interests, such as operating, securing, and improving our services, provided those interests are not overridden by your rights

5. AI Features and Model Use

CoAgency may offer AI-assisted features that process prompts, workspace content, and related context to generate outputs, recommendations, summaries, or automations.

When AI features are used:

  • we process relevant data to provide the requested functionality
  • outputs may be generated by third-party model providers or infrastructure providers acting on our behalf
  • AI-generated content may be inaccurate, incomplete, or inappropriate for a specific use case and should be reviewed by a human before being relied upon

Model training commitment: We do not use customer Google Workspace data to develop, improve, or train generalized AI or machine learning models.

We may also maintain contractual restrictions with certain subprocessors regarding training on customer data, subject to the terms of those providers.

6. Google Workspace and Google API Data

If you choose to connect Google Workspace or other Google services to CoAgency, we will access, use, store, and process Google user data only as needed to provide or improve user-facing features that you or your organization request and authorize.

Depending on the permissions granted, this may include access to data such as:

  • basic profile information
  • email metadata and email content
  • calendar information
  • files, documents, and related metadata
  • workspace structure and sharing information

We use Google Workspace data to support features such as:

  • connecting your tools and workspace context
  • searching and retrieving authorized work information
  • summarization, coordination, and workflow assistance
  • synchronization across connected systems
  • user-requested automation and AI-assisted actions
  • security, reliability, and abuse prevention

Limited Use commitment: If our use of Google user data is subject to the Google API Services User Data Policy, we will comply with that policy, including the Limited Use requirements. In particular:

  • we do not use Google Workspace APIs to develop, improve, or train generalized AI or machine learning models
  • we do not sell Google user data
  • we do not use Google user data for advertising
  • we do not allow humans to read Google user data except as necessary for security, support, legal compliance, or with your explicit direction or consent

7. Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

  • remember preferences and sessions
  • understand product and website usage
  • measure performance and marketing effectiveness
  • improve security and reliability

You can control cookies through your browser settings, although disabling certain cookies may affect functionality.

8. How We Share Information

We may disclose personal information or customer data:

  • to service providers and subprocessors that help us operate the service
  • to hosting, analytics, communications, customer support, payment, security, monitoring, and infrastructure providers
  • to integration providers when necessary to enable requested features
  • to our employees, contractors, advisors, and affiliates who need access for legitimate business purposes and under appropriate confidentiality obligations
  • in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of some or all of our business or assets
  • to comply with applicable law, regulation, legal process, or enforceable governmental request
  • to protect our rights, users, systems, and the public
  • with your consent or at your direction

We do not sell personal information in the ordinary sense of the term.

9. Third-Party Service Providers

Third-party services we may use include providers for:

  • cloud hosting and infrastructure
  • analytics and product telemetry
  • error logging and monitoring
  • communications and email delivery
  • payments and billing
  • AI and machine learning infrastructure
  • customer support and CRM

Examples may include Amazon Web Services, Google Cloud, PostHog, SendGrid, Stripe, OpenAI, Anthropic, and similar providers that help us operate the service.

Our providers may change over time.

10. International Data Transfers

We and our service providers may store and process information in the United States and other countries where we or our providers operate.

If you access CoAgency from outside the United States, you understand that your information may be transferred to, stored in, and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, we take reasonable steps to provide appropriate safeguards for such transfers.

11. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide the service
  • maintain security and audit logs
  • comply with legal, tax, accounting, and regulatory obligations
  • resolve disputes and enforce agreements

Retention periods vary depending on the type of data, the nature of the relationship, and legal or operational requirements. We may delete or de-identify information when it is no longer needed.

12. Security

We use commercially reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your credentials and for using appropriate security practices within your organization.

13. Your Rights and Choices

Depending on where you live and subject to applicable law, you may have the right to:

  • access personal information we hold about you
  • correct or update inaccurate information
  • request deletion of your information
  • object to or restrict certain processing
  • withdraw consent where processing is based on consent
  • request portability of certain information
  • opt out of marketing communications
  • appeal a decision we make regarding a privacy request, where applicable

To exercise these rights, contact us at privacy@pullflow.com.

We may need to verify your identity before responding. Some rights may be limited by law, technical feasibility, security requirements, or our obligations to other users or organizations.

If your employer or organization administers your CoAgency account, you may need to direct certain requests to that organization first.

← Back to CoAgency