Legal

Privacy Policy

Effective June 14, 2026 · Draft v1.0 pending counsel review.

1. Overview

This Privacy Policy explains how Levee Investments LLC d/b/a CommunityOS ("CommunityOS," "we," "us," or "our") collects, uses, shares, and protects personal data in connection with the CommunityOS platform, websites, and services (the "Service"). This policy applies to visitors to communityos.so and to customers using the Service.

2. Data we collect

From Customer accounts: name, work email, company name, billing address, payment information (handled by our payment processor), authentication credentials, and any content Customer chooses to upload, configure, or store within the Service.

From Customer scans: public profile data on X (Twitter) accounts that Customer scans through the Service. This includes public usernames, display names, follower counts, recent public posts, public engagement metrics, and similar information that the X platform makes publicly available via its API.

From website visitors: IP address (anonymized), browser type, referring page, pages viewed, and approximate location (country and region). Collected via Google Analytics 4 with IP anonymization enabled and Google Signals disabled.

3. How we collect data

Directly from Customer when an account is created or the Service is used. Automatically when a visitor browses the site, via cookies and analytics described below. From the X Developer API when a Customer initiates a scan, in accordance with the X Developer Agreement.

4. How we use data

To operate, secure, and improve the Service. To process scans and produce archetype scoring on behalf of Customer. To bill, send service-related communications, and respond to support requests. To detect and prevent fraud, abuse, and violations of our Terms of Service. To comply with legal obligations.

CommunityOS does not sell personal data, and does not share Customer Data with third parties for advertising purposes.

5. Public X profile data

CommunityOS processes public profile data on X accounts that Customer chooses to scan, acting as Customer's data processor for that activity. We only access information that X makes publicly available through its API. We do not access private messages, protected accounts, or any data behind a privacy setting.

Individuals whose public X profile data is processed by CommunityOS on a Customer's behalf may request access, correction, or deletion of their data by contacting the Customer that initiated the scan, or by contacting access@communityos.so for routing.

6. Cookies and analytics

The site uses essential cookies to maintain session state and remember preferences. Analytics is provided by Google Analytics 4 with the following privacy settings hardened: IP anonymization enabled, Google Signals disabled, ad personalization signals disabled. No advertising or marketing pixels are deployed on the marketing site.

EU and UK visitors will be presented with a cookie consent banner before non-essential cookies are set, in compliance with ePrivacy and applicable national rules.

7. Data sharing

We share personal data only as needed to operate the Service and only with the following categories of recipient: payment processors (for billing), email providers (for transactional and service email), cloud infrastructure providers (for hosting and database storage), and analytics providers (with privacy hardening as above).

We do not sell personal data. We will disclose personal data when required by law, valid legal process, or a good-faith belief that disclosure is necessary to protect the rights, property, or safety of CommunityOS, our customers, or others.

8. Data retention

Account data is retained for as long as the account is active and for a reasonable period afterward as required by tax, accounting, and audit obligations. Scan data is retained for the duration of the Customer's subscription and for 60 days following termination, after which it is permanently deleted unless retention is required by law.

Aggregated and anonymized data that cannot be linked to a person may be retained indefinitely for research, methodology improvement, and benchmarking.

9. Your rights

Subject to applicable law, you have the right to access the personal data we hold about you, to request correction of inaccurate data, to request deletion of your data, to restrict or object to processing, to data portability, and to withdraw consent where processing is based on consent. To exercise any of these rights, contact access@communityos.so. We respond to verified requests within 30 days, or the period required by applicable law.

EU and UK data subjects may lodge a complaint with their supervisory authority. California residents have the additional rights provided by the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt out of any sale of personal information (we do not sell personal information).

10. Security

We apply administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit and at rest, principle-of-least-privilege access controls, audit logging on sensitive operations, and regular security reviews. No system can guarantee absolute security; in the event of a breach affecting personal data, we will notify affected parties as required by applicable law.

11. International transfers

CommunityOS operates infrastructure in multiple regions. Personal data may be transferred to, processed in, and stored in countries outside your country of residence, including the United States. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses and applicable adequacy decisions.

12. Children's data

The Service is intended for use by businesses and is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under the applicable age of consent, we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced at communityos.so/privacy with the effective date updated at the top of the page. For Customer accounts, we will send notice of material changes by email at least 30 days before the new policy takes effect.

14. Contact

For privacy questions, requests, or complaints, contact access@communityos.so. The legal entity controlling personal data processing under this policy is Levee Investments LLC d/b/a CommunityOS.