Last updated: May 16, 2026
This policy describes how collabai (operated by Koliakos SA) collects, uses, stores, and protects your personal information and the business information you upload to the platform, including the Decision Board, simulator, and integrations.
The data controller is Koliakos SA («we», «collabai»). For privacy enquiries or to exercise your rights: hola@collabai.ar.
We collect data you provide when using the site and services: account and form information (name, email, LinkedIn, project stage, idea description, application and intake answers), strategic diagnosis data you purchase, site usage (pages visited, interactions), and—if you accept non-essential cookies—aggregated analytics events. On the Decision Board and related tools we may process: company profile (name, industry, country, stage), decisions (title, statement, context, objectives, stakeholders), evidence you upload (notes, links, PDFs and extracted text), AI-generated structured analyses, audit logs, connected context sources («Connect data»), workbench reports, and copilot conversation history. On the decision simulator (DSE) we process the decision posed, business context, assumptions, and enrichments you provide. If you use the integration API, we store API keys (hashed, not the plaintext secret after creation), usage metadata, and content you send via the API. On the optional short first-read diagnosis experience, answers may remain only in your browser local storage until you sign in or purchase. Payments are processed by Mercado Pago or Stripe as configured; we do not store full card data on our servers.
We use your data to: provide and improve our services (validation, strategic diagnosis, Decision Board, simulator, reports, copilot, and integrations), run AI analyses and simulations, authenticate your account, process payments, respond to enquiries, send relevant communications (you may unsubscribe), measure product usage, ensure security, and comply with legal obligations. Legal bases include, as applicable: contract performance, consent (e.g. non-essential cookies), legitimate interest in improving and securing the service, and legal obligations in Argentina, Brazil, Mexico, the United States, and other jurisdictions where we serve users.
collabai uses artificial intelligence via APIs to third-party large language models (LLMs); we do not operate our own hosted models. Content you upload to the Decision Board, simulator, copilot, or reports may be sent to those providers to generate analyses, questions, scenarios, or drafts. We do not directly control whether those providers use your data for model training or their exact processing locations. Typical or expected subprocessors at this stage: LLM providers (e.g. OpenAI, Anthropic, Google), cloud and database infrastructure (e.g. hosting and MongoDB), web search for evidence (e.g. Tavily, if enabled), payment gateways (Mercado Pago, Stripe), web analytics (e.g. Google Analytics, if you accept cookies), and email or scheduling services linked from the site. We recommend not uploading data categories that require special sectoral compliance (regulated health, full payment card data, etc.) unless we have a separate written agreement.
We use cookies and similar technologies for essential site operation and for analytics (e.g. Google Analytics). On first visit we show a cookie notice where you can accept or reject non-essential cookies (analytics), in line with GDPR, CCPA, and applicable laws (updated May 2026). You can set your browser to limit or refuse cookies; this may affect some site features.
We retain your data while your account or contractual relationship lasts, as needed to provide the service (including Decision Board, evidence, sources, and reports), resolve disputes, enforce agreements, and comply with legal obligations. After account cancellation or a deletion request, we may keep backup copies for a reasonable period before final deletion, unless law requires longer retention. Public report links remain accessible until you revoke the token or we remove the resource. You may request deletion at hola@collabai.ar; we will respond within reasonable timeframes under applicable law.
You may exercise rights of access, rectification, erasure, restriction, portability, and objection under the law that applies to you, including without limitation: Argentina (Ley 25.326 and AAIP), Brazil (LGPD), Mexico (LFPDPPP), California and other U.S. states (CCPA/CPRA and state privacy laws), and the GDPR if you reside in the EEA or UK. To exercise them: hola@collabai.ar. We do not sell your personal information. If we ever engage in «sale» or «sharing» as defined under California law, we will update this policy and offer opt-out mechanisms where required. You may lodge a complaint with your local data protection authority.
We may update this policy. The last updated date is shown at the top. For legal or privacy enquiries: hola@collabai.ar.
If you install the official Collabai Decision Interceptor extension, we only send to our servers text you explicitly select or paste in the popup, and—when you use the context menu—the page URL and title, to link the capture to your simulation. We do not read your browsing in the background or page content without a clear action from you. Captures are stored according to our usual security and retention practices.
Your data may be stored or processed outside your country (including the United States and other jurisdictions where our cloud and AI providers operate). Where required by law, we adopt reasonable safeguards (e.g. standard contractual clauses or other recognized mechanisms) for international transfers of personal data.
We apply reasonable technical and organizational measures (authenticated access, encryption in transit where appropriate, internal access controls). No system is 100% secure. If a security breach materially affects your personal data, we will notify you as required by applicable law and, where appropriate, competent authorities.
If you generate API keys to integrate external systems, we store a hash of the key and metadata (name, scopes, allowed companies, last use). Content you send via the API (sources, decisions, evidence) is treated like the rest of the Decision Board. Revoke keys from your account when you stop using an integration.
The services are not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor provided us data, contact hola@collabai.ar to request deletion.
You may upload strategic or confidential company information (plans, KPIs, risks, board decisions). That information may be sensitive for your business even if it is not «personal data» in the legal sense. Consider what you share and who receives public report links. collabai is not certified as a HIPAA, PCI-DSS, or equivalent processor unless we have a specific written agreement.