legal
Last updated 2026-07-10. This is a template for a real product and not legal advice — have counsel review before commercial use.
Account data (name, email), the content you create, usage and audit logs, and standard technical data (IP, device) needed for security and operation.
To operate the service, secure it, bill it, and generate your organization's intelligence layer. We do not sell personal data.
Your content and, for the intelligence layer, your organization's shareable brains are sent to our AI sub-processor (Anthropic) to generate explanations, diagrams, and the company knowledge graph. Content is processed to provide the service, not to train third-party models.
DigitalOcean (EU hosting), Anthropic (AI), Cloudflare (CDN/WAF), Stripe (payments), Resend (email). See the trust page.
Primary data is stored in the EU (Frankfurt). Audit logs are retained 12 months; sessions 30 days; backups 35 days.
Access, portability, correction, and erasure. Export or delete your data any time from Settings → Compliance, or email us.
Encryption in transit (TLS) and secrets encrypted at rest, per-org isolation, audit logging, SSO/2FA, and least-privilege access.
We use strictly-necessary cookies for sign-in and security only.
Questions: [email protected]