Legal
Security
Last updated: template — not yet reviewed
Template — replace with counsel-reviewed text. The structure below reflects the sections this document needs; the wording is placeholder copy, not a legal document you can rely on.
1. Project isolation
Every project's data is separated at the storage layer: the knowledge graph and vector search index apply a project-scoped filter to every read and write, so one project can never retrieve another project's content, even within the same organization.
2. Data processing
Data in transit is encrypted (TLS). Credentials for connected tools are stored encrypted and are never exposed to the frontend or logged in plaintext. Access to production data is limited to the operations required to run the Service.
3. Controlled write-back
Selected workflows, including meeting follow-through issue creation, support explicit human review before write-back. Other connector actions follow the project's configured policy and can be allowed, denied, or held for approval. Approval decisions and actors are logged.
4. Subprocessors
Infrastructure, vector storage, and LLM inference are provided by vetted subprocessors under data processing agreements. A current list is available on request — see Contact below.
5. Retention
Data is retained only as long as your project is active or as required to preserve the audit trail of approved actions. See the Privacy Policy for retention periods by data category.
6. Reporting a concern
If you believe you've found a security issue, please report it through the contact page rather than filing a public issue.