Privacy Policy

Data we store. Company name, strategic objective, generated board results, and a vector embedding of the objective — scoped to your authenticated account via Row Level Security. We practice data minimization and request no PII.

Third-party tokens. Integration tokens (e.g., NetSuite OAuth) are AES-256-GCM encrypted before storage and used only to perform actions you authorize. You may disconnect at any time, which revokes stored tokens.

AI processing. Objectives and context are sent to model providers (Groq, and optionally an embeddings provider) to generate outputs. Live web-search signals may be retrieved to ground analysis.

Audit logging. Security-relevant actions (connections, queries) are logged for accountability and are visible only to you.

Your rights. You may request export or deletion of your data. Deleting your account cascades removal of your boards and connections.

This is template language for review by your counsel before production launch.