Section 01
Overview
Ongoing.AI is a B2B intelligence platform built around public business-level ecommerce signals, including apps, brands by domain, install signals, rankings, technology fingerprints, review topics, and related time-series data.
This Privacy Policy mainly describes the personal information we collect about users of the Service, such as account information, billing metadata, usage data, support messages, and workspace content.
Ongoing.AI is not a people-search service, contact-enrichment service, consumer-profile service, or personal-data brokerage service. The substrate is designed to describe businesses and ecommerce technologies, not individual consumers.
We do not sell personal information. We use personal information to operate the Service, secure accounts, process subscriptions, provide support, improve product quality, and meet legal obligations.
Section 02
Who we are
The controller of your personal information is Ongoing LLC, a California limited liability company and the operator of Ongoing.AI.
You can contact us at:
Ongoing LLC
400 Spectrum Center Dr, Floor 19
Irvine, CA 92618
United States
legal@ongoing.ai
Section 03
Scope of the substrate
Before describing the personal information we collect from users of the Service, it is important to explain the scope of the Ongoing.AI substrate.
What the substrate covers
Ongoing.AI is built from public business-level ecommerce signals. These may include:
- Shopify App Store listings;
- app developers and vendors as businesses;
- brand domains and storefront-level signals;
- app-install and technology fingerprints derived from public web pages;
- category and keyword rankings;
- review topics and aggregate sentiment;
- public business metadata;
- time-series observations of the above.
The substrate is a business-intelligence system. It is designed to help customers understand the Shopify and ecommerce ecosystem at the level of apps, vendors, domains, brands, rankings, technologies, and market movement.
What the substrate does not cover
Ongoing.AI is not designed to identify, profile, enrich, or sell information about individual people.
We do not intentionally extract, index, display, sell, or provide people-level personal information as a product output, including personal email addresses, phone numbers, postal addresses, private profiles, individual consumer records, or similar personal data.
Incidental personal information
Public business websites may sometimes contain incidental personal information, such as the name of a founder, employee, or public contact on an “About” page.
Where incidental personal information appears in source material, we use reasonable filtering, exclusion, and suppression practices intended to keep that information out of customer-facing substrate records. We do not build product features around people-level enrichment, and we do not sell personal information about individuals.
If you believe personal information has appeared in a customer-facing Ongoing record, contact legal@ongoing.ai. We will review the request and, where appropriate, suppress the information from customer-facing records and delete it from active systems, subject to legal obligations, security needs, backup retention, and standard operational retention periods.
Data broker status
Based on how the Service is designed and operated today, Ongoing does not operate as a consumer data broker. The substrate describes businesses, storefronts, apps, technologies, rankings, and public business signals. We do not sell personal information about consumers with whom we do not have a direct relationship.
Collection practices
Our collection systems are designed to access publicly available business information. We do not intentionally bypass authentication, paywalls, CAPTCHAs, or other technical access controls.
We use operational controls and rate limits intended to reduce unnecessary burden on third-party services. Ongoing generally displays derived signals, summaries, classifications, counts, and observations rather than republishing source material verbatim.
Section 04
Information we collect
We collect the following categories of information in connection with the Service.
Account information
When you create an account, we collect information such as your name, email address, password, and organization membership.
Passwords are hashed and are not stored in plain text.
Organization information
If you create or join an organization, we may collect organization name, role, subscription status, user memberships, workspace configuration, saved settings, API access, and related administrative information.
Billing information
When you subscribe to a paid plan, payment processing is handled by Stripe or another payment processor we may use from time to time.
We receive billing metadata needed to operate the subscription, such as customer ID, subscription plan, subscription status, billing country, tax information, payment status, and limited card details such as brand and last four digits.
We do not see or store your full payment card number.
Usage information
We collect information about how the Service is used, including pages viewed, dashboard actions, searches, queries, API calls, MCP usage, export activity, timestamps, workspace context, and related product events.
We use this information to operate the Service, debug issues, improve product quality, calibrate rate limits, detect abuse, and understand aggregate usage.
Technical information
We collect standard request and device metadata, including IP address, user agent, browser and device information, language, referrer, timestamps, and similar technical data.
Support, sales, and communications
If you contact us, request access, submit a form, respond to an email, or otherwise communicate with us, we collect the information you provide and the context needed to respond.
Content you provide
You may submit content to the Service, including organization details, prompts, uploads, configurations, notes, saved searches, API inputs, feedback, and similar materials (collectively, “Customer Content”).
We process this content to deliver the requested feature, operate your workspace, provide support, secure the Service, and improve product functionality.
Public business signals
Separately from the personal information described above, the substrate ingests public business-level ecommerce signals about apps, app developers, brand domains, install fingerprints, rankings, technologies, reviews, and related observations.
This substrate data is intended to describe businesses and ecommerce technologies, not personal information about you as a user of the Service.
Section 05
How we use information
We use personal information for the following purposes:
- to operate, maintain, secure, and improve the Service;
- to create and authenticate accounts;
- to manage organizations, permissions, subscriptions, and billing;
- to provide dashboards, APIs, MCP access, exports, and workspace features;
- to provide customer support and respond to inquiries;
- to send transactional emails related to account, billing, security, product access, and service updates;
- to send product or marketing communications where permitted, with the ability to unsubscribe;
- to monitor performance, debug errors, investigate incidents, and maintain reliability;
- to detect abuse, enforce rate limits, prevent fraud, and enforce our Terms and Acceptable Use Policy;
- to analyze aggregate usage and improve product design;
- to comply with legal, tax, accounting, security, and regulatory obligations;
- to protect the rights, safety, and integrity of Ongoing, our customers, users, vendors, and third parties.
Where applicable privacy laws require a legal basis, we rely on the following legal bases:
- Performance of a contract for account access, subscriptions, billing, support, and requested Service features.
- Legitimate interests for security, abuse prevention, product improvement, analytics, debugging, and business operations.
- Consent for certain marketing communications or non-essential cookies where required.
- Legal obligation for tax, accounting, compliance, and lawful requests.
Section 08
Retention
We keep personal information for as long as reasonably necessary to provide the Service, operate accounts, maintain subscriptions, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and maintain security.
Account and organization data are generally retained while your account or organization remains active.
Billing and transaction records may be retained as needed for tax, accounting, compliance, and dispute-resolution purposes.
Logs, telemetry, and operational records are retained on rolling windows appropriate for security, debugging, reliability, and abuse prevention. Aggregate or de-identified analytics may be retained longer where they do not reasonably identify an individual.
When an account is closed, we delete, de-identify, or anonymize personal information that is no longer required, subject to legal obligations, legitimate business needs, security requirements, backup retention, and standard operational retention periods.
Section 09
Security
We use administrative, technical, and organizational safeguards designed to protect personal information.
These include TLS for data in transit, platform-provided encryption at rest for managed databases and object storage, hashed passwords, access controls, audit logging, production monitoring, vendor review, and least-privilege operational practices.
No system can be guaranteed to be perfectly secure. If we become aware of a security incident affecting your personal information, we will investigate and provide notice where required by law.
For more detail, see our Security page.
Section 10
Your rights & choices
Depending on where you live, you may have rights to:
- access personal information we hold about you;
- correct inaccurate personal information;
- request deletion of personal information;
- object to or restrict certain processing;
- request a portable copy of your personal information;
- withdraw consent where processing is based on consent;
- opt out of marketing communications;
- appeal or challenge certain privacy decisions where applicable.
You can exercise these rights by emailing legal@ongoing.ai.
We may need to verify your identity before fulfilling a request. We may also decline or limit a request where permitted by law, including where information must be retained for security, fraud prevention, legal compliance, tax, accounting, dispute resolution, or legitimate business purposes.
Marketing choices
You can unsubscribe from marketing emails using the unsubscribe link in the email or by contacting us at legal@ongoing.ai.
Transactional emails related to account access, billing, security, legal notices, and core Service operation may still be sent even if you opt out of marketing messages.
California privacy rights
If you are a California resident, you may have rights under California privacy laws to know, access, correct, delete, and receive information about certain disclosures of personal information.
California residents may also have the right to opt out of “sale” or “sharing” of personal information and to limit the use of sensitive personal information in certain circumstances.
Ongoing does not sell personal information, and we do not use personal information for cross-context behavioral advertising. Based on how the Service is designed and operated today, Ongoing does not operate as a consumer data broker because the substrate describes businesses, not consumers, and we do not sell personal information about consumers with whom we do not have a direct relationship.
California residents may exercise applicable rights by contacting legal@ongoing.ai.
Section 11
International users
Ongoing is operated from the United States. Our vendors and service providers may process information in the United States, the European Union, and other jurisdictions.
If you access the Service from outside the United States, your information may be transferred to, stored in, or processed in a jurisdiction that may not provide the same level of data protection as your home country.
Where required, we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses or other lawful transfer mechanisms.
Section 12
Children
Ongoing is a B2B service and is not directed to children.
We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to Ongoing, contact legal@ongoing.ai and we will take appropriate steps to delete it.
Section 13
Changes to this Policy
We may update this Privacy Policy from time to time.
The effective date at the top indicates when the current version became effective. If we make material changes, we will provide reasonable notice, such as by email, in-product notice, or a notice on the Service.
Your continued use of the Service after the effective date of an updated Privacy Policy means the updated Policy applies to your use of the Service.
Section 14
Contact
Privacy questions and requests: legal@ongoing.ai
Security reports: security@ongoing.ai
General inquiries: use the contact page.
Ongoing LLC
400 Spectrum Center Dr, Floor 19
Irvine, CA 92618
United States
legal@ongoing.ai