Ingram Cloud

Privacy Policy

Last updated: 2026-06-14

This Privacy Policy explains how Ingram Cloud collects, uses, shares, and protects personal data when you use our services. It is part of our Terms of Service.

Ingram Cloud is operated by Ingram Technologies SRL ("Ingram Cloud", "we", "us", "our"). Questions regarding this Privacy Policy should be sent to privacy@ingram.tech.

Who We Are and Our Role

Ingram Cloud is a platform for building, hosting, and running AI agents. You design reusable agents and run one per-end-user clone — a "smith" — over our public API and console.

For account, billing, support, and product-usage data about your own account, Ingram Cloud acts as a data controller.

When you build agents and run smiths that process personal data of your end-users and their third parties (for example their contacts, colleagues, customers, or correspondents, and any external accounts a smith connects), you generally act as the data controller and Ingram Cloud acts as your data processor for that data.

If you need a separate data processing agreement (DPA), contact legal@ingram.tech.

Personal Data We Collect

Depending on how you use the Service, we may collect:

  • Account and contact data: name, email, organization details, login credentials.
  • Billing data: subscription plan, billing address, VAT information, payment status, and limited payment metadata from payment providers.
  • Platform configuration: the agents you design, the smiths you run, and the prompts, tools, channels, and connected accounts you configure.
  • Smith and connected-account data: with your configuration, the data your smiths process on your behalf — such as end-user identifiers, messages, threads, memory, and the content and metadata of any external accounts your smiths connect — so the platform can run your agents.
  • Platform activity data: the runs your agents execute, the tool calls they make, model usage, events, and related logs.
  • Technical and usage data: IP address, device/browser information, app events, error logs, and security events.
  • Support and communication data: messages, support tickets, and feedback you send us.

We do not sell your personal data and we do not use the contents of the accounts your smiths connect for third-party advertising.

How We Use Personal Data

We use personal data to:

  • provide, operate, and maintain the Service, including running the agents and smiths you configure;
  • authenticate users and secure accounts;
  • process subscriptions, payments, and invoices;
  • deliver support, service notices, and transactional communications;
  • detect, prevent, and investigate fraud, abuse, or security incidents;
  • comply with legal and regulatory obligations;
  • improve product performance, reliability, and user experience.

Legal Bases Under GDPR

Where GDPR applies, we rely on one or more of the following legal bases:

  • Performance of a contract: to provide the Service you requested.
  • Legitimate interests: to secure, monitor, improve, and support the Service.
  • Legal obligation: to comply with tax, accounting, law-enforcement, or other legal requirements.
  • Consent: where consent is required (for example connecting an external account, or certain optional communications or cookies).

AI-Assisted Features

Ingram Cloud runs AI agents, and its core features rely on AI-assisted processing (for example understanding instructions, recalling memory, calling tools, and generating replies). Relevant inputs may be processed by approved AI model providers strictly to provide that functionality. Where you supply your own model-provider keys ("BYOK"), the relevant inputs are processed by that provider under your own account and agreement with them.

We do not permit the AI providers we operate to use your data to train their general-purpose models. AI-generated outputs can be incomplete or inaccurate and should be reviewed before use.

How We Share Personal Data

We may share personal data with:

  • Service providers and subprocessors that host infrastructure or provide functionality (such as database hosting, application hosting, AI processing, and payment processing);
  • Services your smiths connect, when you direct a smith to act through them;
  • Professional advisers (for example legal, accounting, or audit advisers) under confidentiality obligations;
  • Competent authorities when required by law, regulation, court order, or valid legal request;
  • Corporate transaction parties in connection with a merger, acquisition, financing, reorganization, or sale of assets.

Our primary infrastructure providers currently include DigitalOcean, Vercel, Anthropic, and Stripe.

International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we use appropriate safeguards required by applicable law, such as adequacy decisions and/or Standard Contractual Clauses.

Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy, including:

  • while your account is active;
  • as needed to provide the Service and support;
  • as required by applicable legal retention obligations;
  • as necessary to resolve disputes and enforce agreements.

When data is no longer required, we delete or anonymize it within a reasonable period, except where legal retention obligations apply. You can disconnect a connected account or delete a smith at any time, which stops further processing of that data.

Cookies and Tracking

We use strictly necessary cookies and similar technologies for authentication, session management, security, and core product functionality.

We may use privacy-respecting analytics to understand service usage and improve the product. We do not use third-party advertising cookies.

Security

We use reasonable technical and organizational safeguards to protect personal data, including encryption in transit (TLS), access controls, and security monitoring.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

If we identify a personal data breach, we will take appropriate mitigation steps and provide legally required notifications.

Your Rights

If you are in the EEA (and in other regions where similar rights apply), you may have the right to:

  • access your personal data;
  • rectify inaccurate personal data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request data portability;
  • withdraw consent (where processing is based on consent).

To exercise these rights, contact privacy@ingram.tech. We may need to verify your identity before processing your request.

Where required by law, we will respond to verified requests within applicable legal timelines.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) or your local supervisory authority.

Children's Privacy

The Service is not intended for anyone under 18, and we do not knowingly collect personal data from children.

Business Transfers

If Ingram Cloud or substantially all of its assets are acquired, personal data may be transferred as part of that transaction, subject to applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by email.

How to Contact Us

For privacy questions or rights requests: privacy@ingram.tech

For support: support@ingram.tech

For legal matters: legal@ingram.tech