Data and Privacy

What is CAO Studio and why am I logging into it?

CAO Studio is a digital workspace that supports Creating Agile Organizations workshops, assessments, diagnostics, and organization design work.

You are logging into CAO Studio to access your workspace, enter workshop data, use CAO Brain support, generate summaries or reports, and continue your organization design work over time.

What information does CAO Studio collect?

CAO Studio collects the information needed to provide the service, such as:

• Your name and email address
• Your login and access information
• Your workspace, engagement, and workshop data
• Inputs you provide in tools such as DSMs, Heat Maps, assessments, diagnostics, and reports
• AI prompts and generated outputs when you use CAO Brain
• Basic usage and audit information, such as activity logs, errors, and security events

This data is used to provide the service, improve the user experience, support security, and help you continue your work across sessions.

Depending on how you use CAO Studio, you may enter information about your organization, such as:

• Strategic goals
• Capabilities
• Product groups or value areas
• Organizational units
• Dependencies between teams or activities
• Current-state observations
• Workshop findings

Design options and recommendations

You should avoid entering unnecessary personal data, confidential employee information, or sensitive personal information unless it is required for the specific engagement and allowed under your organization's data policies.

How is CAO Studio data different from a public AI assistant account?

CAO Studio is a separate application. Your CAO Studio account manages your access to CAO Studio workspaces, workshops, reports, and CAO Brain functionality.

When CAO Brain or AI-supported analysis is used, relevant input is processed by an external LLM service provider to generate summaries, analysis, or recommendations. The specific provider is listed on the Subprocessors / LLM Providers page (/subprocessors). You do not need a separate AI provider account to use CAO Studio.

CAO Studio remains the place where your workspace data, workshop inputs, and generated outputs are managed. The current list of sub-processors is available on request from info@creatingagileorganizations.com.

Is CAO Studio secure? Where is my data stored?

CAO Studio is designed with security and privacy in mind.

Data is hosted in the European Union. CAO Studio uses security measures such as access control, encrypted connections, audit logging, and secure infrastructure practices to protect your information.

Access to your workspace is restricted to authorized users. CAO Studio also includes security controls to help detect and prevent misuse, including safeguards around AI usage.

Does CAO Studio use my data to train AI models?

CAO Studio uses AI to help analyze, summarize, and structure the information you provide in the application.

The purpose of AI processing is to support your work inside CAO Studio, such as creating summaries, identifying patterns, and generating recommendations grounded in the Creating Agile Organizations approach.

For the exact terms that apply to AI processing, please refer to the CAO Studio Privacy Policy, Terms of Use, and any applicable data processing agreement.

Who can see my data?

Your data is visible only to authorized users with access to the relevant CAO Studio workspace or engagement.

CAO Studio administrators may access limited data when needed for support, security, troubleshooting, or legal compliance.

We do not sell your data.

How long is my data kept?

CAO Studio keeps your data for as long as needed to provide the service, support your engagement, meet legal obligations, resolve disputes, and maintain security.

Some records, such as audit logs or billing-related information, may need to be retained for legitimate business, legal, or security reasons.

How do I delete my data or account?

To request deletion of your CAO Studio account or workspace data, contact: info@creatingagileorganizations.com

Your request will be handled in accordance with applicable privacy laws and CAO Studio's data retention policies.

Some data may need to be retained for legitimate business, legal, compliance, or security purposes, but personal information will be deleted where legally permissible.

Do I need a separate AI provider account to use CAO Studio?

No. You do not need a separate AI provider account to use CAO Studio.

CAO Studio provides access to AI-supported functionality inside the application. The AI processing is performed under our contract with the current LLM service provider. The current list of subprocessors (including the LLM provider) is on the Subprocessors / LLM Providers page (/subprocessors). You only need a CAO Studio account with the right access permissions.

The same questions, answered for the Release 1 Local Client + CAO Server deployment. In this mode the CAO Studio application runs locally on your own machine or your consultancy's own infrastructure. A small central CAO Server provides AI-supported functionality only — it processes requests transiently and never stores your client or workshop data.

What is CAO Studio and why am I logging into it?

CAO Studio is the same digital workspace for Creating Agile Organizations workshops, assessments, diagnostics, and organization design work. In this deployment, the application runs on your local computer or your consultancy's own server. You are logging into your local CAO Studio installation to access your workspace, enter workshop data, use CAO Brain support, generate summaries or reports, and continue your organization design work over time.

What information does CAO Studio collect, and where does it live?

CAO Studio collects the same kinds of information as the SaaS version — your name and email, login and access information, workspace / engagement / workshop data, inputs you provide in tools such as DSMs, Heat Maps, assessments, diagnostics and reports, AI prompts and generated outputs when you use CAO Brain, and basic usage / audit information.

The difference is where that data lives:

• Stays on your local installation only — user accounts on your local deployment; your client and customer organisation data; engagements; workshop inputs and outputs; uploaded documents; client-specific AI embeddings and the local vector store they live in; generated reports, design options, recommendations, and Go See sections; the local audit log of administrator actions.
• Lives on the central CAO Server (no client data) — the CAO Brain orchestration logic, the CAO theory knowledge base used to ground recommendations, server-side system prompts, the AI provider access logic and provider API key, your license record, and operational telemetry such as latency and error rate (which contain no personal or client information).
• Transiently processed on the CAO Server, never persisted — the request payload your local installation sends when you use CAO Brain (the question, the relevant engagement-evidence excerpts, sanitised engagement metadata). The CAO Server uses this to call the AI provider, returns the response, and discards the payload after responding. No database write, no log entry containing client content, no analytics event containing client content.

You should still avoid entering unnecessary personal data, confidential employee information, or sensitive personal information unless it is required for the specific engagement and allowed under your organization's data policies.

How is CAO Studio data different from a public AI assistant account?

Same answer as the SaaS version. CAO Studio is a separate application; your CAO Studio account manages your access to your local CAO Studio workspaces, workshops, reports, and CAO Brain functionality. When CAO Brain or AI-supported analysis is used, relevant input is processed via the central CAO Server's contract with the current LLM service provider to generate summaries, analysis, or recommendations. You do not need a separate AI provider account to use CAO Studio. The current list of subprocessors is on the Subprocessors / LLM Providers page (/subprocessors).

Is CAO Studio secure? Where is my data stored?

Your client and workshop data is stored locally on your own installation — your machine, your consultancy's infrastructure, or wherever you have installed the CAO Studio application. CAO Studio uses security measures such as access control, encrypted local storage, audit logging, and secure infrastructure practices to protect this information; you remain responsible for the security posture of the host environment (disk encryption, backups, physical access).

The central CAO Server is hosted in the European Union. It only handles the AI processing leg of your requests; it does not store your client or workshop data. The CAO Server uses access control, encrypted connections, and operational monitoring to protect the AI processing path.

Access to your local workspace is restricted to authorized users of the local installation. CAO Studio also includes security controls — including the same prompt-injection safeguards used in the SaaS version — to help detect and prevent misuse of AI functionality.

Does CAO Studio use my data to train AI models?

CAO Studio uses AI to help analyze, summarize, and structure the information you provide in the application. The purpose of AI processing is to support your work inside CAO Studio, such as creating summaries, identifying patterns, and generating recommendations grounded in the Creating Agile Organizations approach.

In this deployment, AI processing happens via the central CAO Server's AI provider relationship — typically configured with zero-data-retention (ZDR) and no-training terms so the AI provider does not retain or train on the content of your requests. The exact terms that apply to AI processing are documented in the CAO Studio Privacy Policy, Terms of Use, and any applicable data processing agreement.

Who can see my data?

Your client and workshop data is visible only to authorized users of your local CAO Studio installation. CAO Studio administrators cannot access the contents of your local workspace; the central CAO Server has no persistent copy of it.

Limited operational data on the CAO Server — such as license-key fingerprint, request latency, and error rate (which contain no personal or client information) — may be reviewed when needed for support, security, troubleshooting, or legal compliance.

We do not sell your data.

How long is my data kept?

Your local CAO Studio data is kept for as long as you keep it. You control the retention period on your own installation. Deleting the application or the local data files removes the data.

Operational records on the central CAO Server — such as audit logs of API calls (with license-key fingerprints, latency, and error information but no client content) and license / billing records — may be retained for legitimate business, legal, or security reasons.

How do I delete my data or account?

To delete your local CAO Studio workspace data, remove the data files or the application from your local installation. Standard removal procedures for your host environment apply.

To request deletion of your CAO Studio license record or account on the central CAO Server, contact: info@creatingagileorganizations.com.

Your request will be handled in accordance with applicable privacy laws and CAO Studio's data retention policies. Some operational records on the CAO Server (such as license history or security audit logs that contain no client content) may need to be retained for legitimate business, legal, compliance, or security purposes, but personal information will be deleted where legally permissible.

Do I need a separate AI provider account to use CAO Studio?

No. You do not need a separate AI provider account to use CAO Studio. CAO Studio provides access to AI-supported functionality inside the application via the central CAO Server. The AI processing is performed under the CAO Server's contract with the current LLM service provider. The current list of subprocessors (including the LLM provider) is on the Subprocessors / LLM Providers page (/subprocessors). You only need a CAO Studio license that lets your local installation reach the CAO Server.