Skip to main content
    Behest AI Logo
    Behest AI

    Privacy Policy

    Last Updated: May 30, 2026
    Effective Date: May 30, 2026

    At Behest Inc., doing business as Behest AI ("Behest AI," "Company," "we," "us," or "our"), a corporation incorporated under the laws of the State of Delaware and registered to do business in the State of California, we help enterprises take control of their AI — giving them visibility into how their teams and AI agents use AI, enforceable budgets and governance over AI spend, and the security controls that keep their data their own. Protecting the privacy and security of the information entrusted to us is fundamental to that mission.

    Table of Contents

    1. Definitions
    2. Scope and Applicability
    3. Personal Information We Collect
    4. How We Collect Personal Information
    5. How We Use Your Personal Information
    6. Legal Bases for Processing Personal Information
    7. Disclosure and Sharing of Personal Information
    8. Cookies and Similar Tracking Technologies
    9. Data Retention
    10. Data Security Measures
    11. Data Breach Notification
    12. Your Privacy Rights and Choices
    13. Controls for Do-Not-Track Features
    14. Specific Rights for California Residents
    15. Specific Rights for EU/EEA and UK Data Subjects
    16. Rights Under Other Jurisdictions
    17. International Data Transfers
    18. Third-Party Websites and Services
    19. Children's Privacy
    20. Changes to This Policy
    21. Governing Law and Dispute Resolution
    22. Contact Us
    23. How to Review, Update, or Delete Your Personal Information

    1. Definitions

    For purposes of this Policy, the following terms shall have the meanings ascribed below, unless otherwise required by applicable law:

    • Personal Information: Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
    • Sensitive Personal Information: Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning sex life or sexual orientation.
    • Services: Our Website, our AI governance and spend-control platform (including the Behest AI backend, related APIs and dashboards, and self-hosted deployments), and any related products, features, tools, or interactions provided by Behest AI.
    • Processing: Any operation or set of operations performed on Personal Information, whether automated or not.
    • Controller: The entity that determines the purposes and means of Processing Personal Information.
    • Processor: An entity that Processes Personal Information on behalf of a controller.
    • Data Subject: An identified or identifiable natural person to whom Personal Information relates.

    2. Scope and Applicability

    This Policy applies globally to all Personal Information we collect and process. In the event of a conflict between this Policy and applicable law, the more stringent requirement shall prevail to the extent of the conflict.

    We design our Services with privacy-by-design and privacy-by-default principles, ensuring data minimization, pseudonymization where feasible, and encryption of data in transit (TLS/HTTPS).

    3. Personal Information We Collect

    We collect only the Personal Information necessary to provide our Services, respond to inquiries, and comply with legal obligations.

    a. Personal Information You Provide to Us

    • Identifiers: Real name, postal address, email address, full IP address (Internet Protocol address), or other similar identifiers.
    • Customer Records Information: Name, address, telephone number, education, employment, financial information.
    • Professional or Employment-Related Information: Company name, job title, industry, business needs.
    • Commercial Information: Records of products or services considered or purchased.
    • Other Provided Information: Any additional data you voluntarily submit.

    b. Personal Information Collected Automatically

    • Internet Activity Information: Browsing history, search history, interactions with our Website.
    • IP Address Information: Full IP addresses are collected automatically when you visit our Website. We use IP addresses for analytics, security, fraud prevention, and to derive approximate geolocation data (country, region, city).
    • Geolocation Data: Approximate location derived from IP address, including country, region, and city-level data.
    • Inferences: Drawn to create profiles reflecting preferences or behavior.

    c. Personal Information from Third Parties

    From business partners, public databases, or professional networks to enhance client understanding.

    4. How We Collect Personal Information

    • Directly from You: Via Website forms, emails, phone calls, events.
    • Automatically: Through cookies, web beacons, pixels.
    • From Third Parties: As noted above, in compliance with applicable laws.
    • Passive Collection: Log files and server logs capture usage data.
    • Incomplete Form Submissions: On certain demo or contact forms, if you enter your email address and have accepted our marketing cookies, we may save the information you have entered (such as your email, name, and company) before you complete and submit the form, so that we can follow up with you or help you resume. We do not capture this information if you decline marketing cookies, and you can ask us to delete it at any time (see “How to Review, Update, or Delete Your Personal Information” below).

    5. How We Use Your Personal Information

    We Process Personal Information solely for the following legitimate business purposes:

    • To provide, maintain, and improve our Services.
    • To communicate with you, including administrative notices and marketing.
    • For internal analytics, research, and development.
    • To detect, prevent, and address security incidents or fraud.
    • To comply with legal obligations and enforce our terms.
    • For other purposes disclosed at collection or with your consent.

    7. Disclosure and Sharing of Personal Information

    We do not sell, rent, or trade Personal Information. Disclosures are limited to:

    • Service Providers and Processors: Trusted vendors that process Personal Information on our behalf under binding contracts, limited to what is necessary to provide our Services. Our key sub-processors are listed below.
    • Affiliates and Subsidiaries: For internal operations.
    • Business Partners: With consent, for joint offerings.
    • In Business Transfers: During mergers or acquisitions.
    • Legal Requirements: To comply with laws, subpoenas, or government requests.
    • With Consent: For any other disclosed purpose.

    Key Sub-Processors

    We rely on the following categories of service providers to operate our Website and business. Each processes Personal Information only as needed for the purpose described and under contractual confidentiality and data-protection obligations:

    • Google LLC / Google Cloud: Website and application hosting, infrastructure, database storage (including our lead and contact records), bot/spam protection (reCAPTCHA), and website analytics (Google Analytics 4).
    • Meta Platforms, Inc.: Advertising delivery and conversion measurement on Facebook and Instagram, via the Meta Pixel and Meta Conversions API (see Section 8).
    • OpenAI, L.L.C.: Advertising delivery and conversion measurement for ads shown in ChatGPT, via the OpenAI Ads measurement pixel (see Section 8).
    • PostHog, Inc.: Product and website analytics to help us understand usage and improve the Website.
    • Calendly LLC: Scheduling of demos and meetings you request.
    • Resend (Plus Five Five, Inc.): Sending transactional and notification emails (for example, responses to your form submissions).
    • Payload CMS: Content management for our Website and blog.

    This list may change as our Services evolve. To request the current list of sub-processors, contact us at info@behest.ai.

    8. Cookies and Similar Tracking Technologies

    We use cookies, pixels, and similar technologies for essential functionality, performance analytics, and targeted marketing. You may manage preferences via browser settings or our cookie banner. We honor opt-out signals and do not track across third-party sites without consent.

    Google Analytics: When you accept analytics cookies, we use Google Analytics 4 (GA4) to collect and analyze website usage data. Google Analytics collects full IP addresses along with other information such as page views, user interactions, device information, and approximate geolocation data derived from IP addresses. This data helps us understand how visitors use our Website and improve user experience. Google Analytics may also collect information through cookies and similar technologies. For more information about how Google uses data, please visit Google's Privacy Policy.

    PostHog (Product Analytics): When you accept analytics cookies, we use PostHog to understand how visitors navigate and interact with our Website — such as pages viewed, clicks, and feature usage — so we can improve it. PostHog requests are routed through our own domain, and we configure PostHog so that it does not set tracking cookies until you accept analytics cookies. For more information, see PostHog's Privacy Policy.

    Meta Pixel and Conversions API (Advertising): We use Meta advertising technologies to measure the effectiveness of our advertising on Meta platforms (Facebook and Instagram) and to reach relevant audiences. This works in two ways:

    • Browser-based Meta Pixel. The Pixel loads only when you accept marketing cookies. It records actions on our Website (such as page views and form submissions) and Meta cookie identifiers. If you decline marketing cookies, the Pixel does not load.
    • Server-side Conversions API. When you submit a demo or contact request, we also send a server-side “Lead” event to Meta Platforms, Inc. so we can measure that conversion. This event contains a hashed (pseudonymized) version of the details you submitted (such as your email address and name) together with technical identifiers (your IP address, browser user-agent, and any Meta cookie identifiers). We send only hashed or pseudonymized identifiers — never your details in plain text.

    To opt out of this advertising measurement — including the server-side Lead event — email us at info@behest.ai, and we will exclude you. Declining marketing cookies and enabling Global Privacy Control (see Section 13) stop the browser-based Pixel. For California residents, this advertising activity is “sharing” for cross-context behavioral advertising; see Section 14 for how to exercise your opt-out right. For more information about Meta's practices, see Meta's Privacy Policy.

    OpenAI Ads (Advertising): We use the OpenAI Ads measurement pixel to measure the effectiveness of ads we run in ChatGPT. The pixel loads only after you accept marketing cookies. When you submit a demo request or book a call, it sends a conversion event (such as a lead or a scheduled appointment), together with an ad-click identifier stored in a first-party __oppref cookie, to OpenAI, L.L.C. We do not send your name or email address through this pixel. If you decline marketing cookies, the pixel does not load. For California residents, this activity is “sharing” for cross-context behavioral advertising; see Section 14 to exercise your opt-out right. For more information, see OpenAI's Privacy Policy.

    Calendly (Scheduling): If you book a demo or meeting with us, we use Calendly to schedule it. Calendly processes the name, email address, and scheduling details you provide in order to set up and manage the meeting. For more information, see Calendly's Privacy Policy.

    9. Data Retention

    We retain Personal Information only as long as necessary. Specific periods:

    • Marketing and inquiry data: Up to 2 years from last interaction.
    • Account or contract data: Duration of relationship plus 7 years for legal/tax purposes.
    • Demo and contact leads captured on our landing pages (including incomplete submissions): automatically deleted after 90 days, unless you become a customer or ask us to delete them sooner.
    • Log data: Up to 1 year for security.

    10. Data Security Measures

    We implement robust technical, administrative, and organizational measures to protect Personal Information:

    • Encryption: Data in transit (TLS/HTTPS) and at rest.
    • Access Controls: Role-based access, multi-factor authentication.
    • Network Security: Firewalls, intrusion detection/prevention systems.
    • Physical Security: Secure data centers with access restrictions.
    • Employee Training: Mandatory privacy and security awareness programs.
    • Incident Response: Comprehensive plan for detecting and mitigating breaches.
    • Audits: Regular internal security reviews and assessments.

    11. Data Breach Notification

    In the event of a Personal Information breach, we shall notify affected individuals and relevant authorities without undue delay, typically within 72 hours of awareness. Notifications will include breach details, impacted data, mitigation steps, and protective advice.

    12. Your Privacy Rights and Choices

    You have rights over your Personal Information, exercisable by contacting us at info@behest.ai. Rights include:

    • Access/Know: Obtain details of your Personal Information.
    • Correction/Rectification: Amend inaccuracies.
    • Deletion/Erasure: Request deletion, subject to exceptions.
    • Restriction: Limit Processing in certain cases.
    • Portability: Receive data in a structured format.
    • Objection: Object to Processing based on legitimate interests.
    • Withdraw Consent: At any time.

    13. Controls for Do-Not-Track Features and Global Privacy Signals

    We honor Do-Not-Track ("DNT") signals, Global Privacy Control ("GPC"), and other universal opt-out mechanisms. Enabling these signals opts you out of cookie- and pixel-based sale/sharing and targeted advertising on our Website. To also opt out of server-side advertising measurement (see Section 8), email us at info@behest.ai.

    14. Specific Rights for California Residents Under CCPA/CPRA

    As a Delaware-incorporated entity doing business in California, we comply with the CCPA as amended by the CPRA. California residents have the right to:

    • Know what Personal Information we collect, use, and disclose
    • Delete Personal Information, subject to exceptions
    • Correct inaccurate Personal Information
    • Opt out of the “sharing” of Personal Information for cross-context behavioral advertising
    • Limit the use of Sensitive Personal Information
    • Non-discrimination for exercising these rights

    We do not “sell” your Personal Information for money. However, our use of advertising technologies such as the Meta Pixel and Meta Conversions API (see Section 8) may constitute “sharing” of Personal Information for cross-context behavioral advertising under the CPRA.

    Your California Privacy Choices. To opt out of this sharing, you can (1) enable the Global Privacy Control (“GPC”) signal in your browser, which we honor for cookie- and pixel-based sharing; (2) decline marketing cookies in our cookie banner; or (3) email us at info@behest.ai to opt out of all advertising-related sharing, including server-side conversion measurement. We will not discriminate against you for exercising these rights.

    15. Specific Rights for EU/EEA and UK Data Subjects Under GDPR/UK GDPR

    We process as controller for Website data. Rights include all those listed in Section 12, plus:

    • Lodge complaints with supervisory authorities (e.g., ICO in UK)
    • Right to human intervention in automated decisions

    For privacy and data protection questions, our data protection contact is reachable at info@behest.ai.

    16. Rights Under Other Jurisdictions

    For users in the Middle East (e.g., UAE) or Asia (e.g., Singapore), we comply with local laws, providing equivalent rights to access, correction, and withdrawal. Contact us for jurisdiction-specific details.

    17. International Data Transfers

    Personal Information is primarily processed in the United States. For transfers from EU/EEA, UK, or other regions, we use approved mechanisms:

    • Standard Contractual Clauses (SCCs)
    • UK International Data Transfer Agreements
    • Binding Corporate Rules (if applicable)
    • Consent or other derogations where necessary

    18. Third-Party Websites and Services

    Our Website may link to third-party sites. We are not responsible for their privacy practices; review their policies independently.

    19. Children's Privacy

    Our Services are intended for business professionals and do not target individuals under 16. We do not knowingly collect Personal Information from minors. If discovered, we will promptly delete it.

    20. Changes to This Policy

    We may amend this Policy to reflect changes in practices, technology, or law. Material changes will be notified via email or Website posting, with a revised "Last Updated" date. Continued use post-update constitutes acceptance.

    21. Governing Law and Dispute Resolution

    This Policy is governed by Delaware law. Disputes arising hereunder shall be resolved through binding arbitration in Delaware under American Arbitration Association rules.

    22. Contact Us

    Behest Inc. d/b/a Behest AI

    Email: info@behest.ai

    23. How to Review, Update, or Delete Your Personal Information

    As detailed in Section 12, email info@behest.ai to exercise rights. We facilitate prompt compliance.

    At Behest AI, control over your AI is not merely a commitment—it is the foundation of what we build, ensuring your data stays yours, your AI spend stays visible and governed, and control stays unequivocally in your hands.

    Enterprise Token FinOps: Enforce hard budgets and attribute costs per session.

    Learn more