Legal
Privacy Policy
Last updated: 2026-06-30
This policy explains what personal information we collect, why, how long we keep it, and who we share it with. We operate as a US company and apply a single privacy program built to the strictest US state standard (California / CPRA), applied broadly.
Information we collect
- Account data: name, email, authentication data.
- Billing data: handled by Stripe (we don’t store card numbers).
- Content you index and conversations processed by your bots.
- Usage and diagnostic data (logs, traces) to operate the Service.
How we use it
To provide and secure the Service, process payments, prevent abuse, and improve reliability. We do not sell personal information.
Your rights & choices
Depending on your location you may have rights to access, correct, delete, or port your data. To exercise them, contact us. We respond within the timeframe required by applicable law (e.g. 45 days under California law).
Do Not Sell or Share / opt-out (US)
We do not sell or share personal information for cross-context behavioral advertising. We honor the Global Privacy Control (GPC) browser signal automatically as a valid opt-out where required.
EU / UK visitors
If you are in the EU/UK, GDPR / UK GDPR apply. Our legal bases include contract performance and legitimate interests, and you have the rights described above plus the right to lodge a complaint with a supervisory authority.
Retention & deletion
We retain data for as long as needed to provide the Service and meet legal obligations. You can delete conversations and request deletion of a tenant’s data.
Subprocessors
We use vetted subprocessors (hosting, LLM/embedding provider, payments). See our Subprocessor list.