1. Introduction
systemlevel.ai is a B2B advisory service helping small and medium businesses implement AI in their operations. This Privacy Policy describes how we collect, use, and protect information when you visit systemlevel.ai, use our services, or communicate with us.
2. Information We Collect
From visitors to systemlevel.ai
IP address, browser type, device info, pages viewed, and referrer — logged by our hosting provider for security and operations only. No analytics cookies. No behavioral tracking pixels.
From contact form submissions
Email address, message content, and the page you submitted from.
From customers
- Account info: name, email, role via Better Auth magic-link sign-in (we never see or store your password).
- Payment info: handled by Stripe. We receive customer ID, subscription status, plan, and billing email. We never see card numbers.
- Service usage: workflow runs and audit events tied to your account.
From admins
An audit log of admin actions: role changes, invitations issued, user deactivations.
3. How We Use Information
We use it to:
- Provide and operate the service
- Communicate about your account (magic links, billing notices, service updates)
- Respond to inquiries
- Comply with legal obligations
- Detect and prevent fraud or abuse
We do NOT:
- Sell your personal data
- Use your data to train AI models (default — see Section 5 for engagement carve-out)
- Send marketing emails (no marketing list)
- Share with advertisers
4. Third-Party Processors
Named processors
| Service | What they handle | Privacy policy |
|---|---|---|
| Stripe | Payment processing, subscription management | stripe.com/privacy |
| Resend | Transactional email (magic links, notifications) | resend.com/legal/privacy-policy |
Infrastructure providers
We also use US-based infrastructure providers (hosting, database, DNS) under contractual data protection terms. The names of these providers are available upon request via [email protected].
All processors are US-based.
5. AI-Specific Disclosures
5.1 systemlevel.ai does not operate AI models on your data (by default)
By default, systemlevel.ai does not operate AI models that process your data:
- We do not train AI models on your data
- We do not feed your data through large language models we operate
- We do not use AI to make automated decisions about you
Exception — when explicitly part of an engagement: If the engagement we have with you explicitly includes designing, building, or operating an AI system on your behalf — and this is documented in writing as part of the engagement scope — then we may operate AI on your data as the nature of that particular AI implementation for your business. This is the literal nature of the advisory work in those cases. The specifics of the implementation (which providers, what data flows, retention policies, your obligations vs ours) are documented in your engagement agreement before any data is processed, and are unique to your business and use case.
5.2 Internal team AI tool usage
Our team may use AI productivity tools (code assistants, drafting assistants, etc.) when delivering advisory work. When we do, we:
- Use providers with appropriate confidentiality terms (enterprise-tier accounts where available)
- Apply data minimization (we don't paste sensitive customer data into general-purpose AI services)
- Treat anything you tell us with the same confidentiality whether we use AI tools to process it or not
5.3 AI workflows we build or operate on your behalf
If part of an engagement involves designing or operating AI workflows that run on your behalf, those workflows may pass your data through third-party AI providers (such as OpenAI, Anthropic, or others). The specific providers, data flow, and retention policies will be documented in your engagement agreement and operational documentation before any data is processed. Your data flowing through those providers is governed by their respective terms.
5.4 Customer's own AI tool usage
When we recommend AI tools and you adopt them, your use of those tools — and what those tools do with your data — is governed by the tool provider's terms and privacy policy, not this one. We can help you evaluate those terms, but we cannot guarantee them on the providers' behalf.
5.5 Forward-looking commitment
This policy reflects our current practices. If we ever begin operating AI models that use customer data for training or model improvement, we will obtain explicit consent before doing so and update this policy in advance. We treat this as a meaningful commitment, not boilerplate.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account data | Active + 30 days post-closure |
| Subscription/billing records | 7 years (US tax requirements) |
| Contact form submissions | 2 years |
| Admin audit logs | 2 years |
| Workflow execution logs | 90 days |
| Hosting/server logs | 30 days (handled by hosting provider) |
7. Your Rights
All US users have these rights:
- Access your personal data
- Correct inaccurate data
- Delete your data (subject to legal obligations like billing retention)
- Port your data to another service
- Withdraw consent at any time
California residents (CCPA):
- Right to know what categories of personal information we've collected
- Right to delete personal information
- Right to opt out of the sale of personal information (we don't sell)
- Right to non-discrimination for exercising these rights
Other US state laws (Colorado, Virginia, Utah, Connecticut, and others):
Similar rights to CCPA — access, delete, portability, opt-out. We honor requests under these laws on the same timeline as CCPA requests.
To exercise any of these rights: email [email protected]. We'll respond within 30 days.
9. International Data Transfers
Our hosting infrastructure is US-based. If you access systemlevel.ai from outside the United States, your information will be transferred to and processed in the US. By using our services, you consent to this transfer.
10. Children's Privacy
systemlevel.ai is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe we have, contact us at [email protected] and we'll delete it.
11. Security
- HTTPS everywhere (TLS 1.2+)
- Data encrypted at rest by our hosting providers
- Magic-link authentication — no passwords to be breached
- Principle of least privilege for internal access
- Regular dependency updates and security reviews
No system is 100% secure. If a breach impacts your personal data, we'll notify you in accordance with applicable law.
12. Changes to This Policy
We may update this policy as our service evolves or to comply with new laws. The "Last updated" date at the top reflects when this version took effect. Material changes will be announced via email to active customers; minor changes (clarifications, broken-link fixes) won't.
13. Contact
- Privacy questions: [email protected]
- General contact: [email protected]
- Mailing address: 3300 N. Triumph Boulevard, Suite 100 — #1014, Lehi, UT 84043, USA