Privacy Policy

01 What we collect

When your workspace installs Brand Pilot, we store:

• Workspace metadata — Slack team_id, team_name, the user who installed the app, and the bot OAuth token Slack issues us. Stored in the installations table.
• Billing record — workspace plan (trial, starter, pro, cancelled, expired), trial-expiry timestamp, Stripe customer ID, Stripe subscription ID, and timestamps for payment-failure events. Stored in accounts.

When you use /monitor commands, we additionally store:

• Monitor configurations — the topics you track, the schedule, source list (Twitter, Reddit, Hacker News), engagement thresholds (minimum likes/retweets), brand-term lists, and any mute-until or pause timestamp. Stored in monitors and monitor_sources.
• Digest history — for each digest we send, we store the source post IDs that appeared so we can deduplicate future digests. Stored in digest_history and pruned automatically after 90 days.
• Audit log — coarse-grained records (install, uninstall, monitor create, monitor delete, data export) used to investigate abuse and meet audit obligations. Append-only.

We do not store:

• The full text of posts surfaced in your digests — we fetch them from the source platform's public API at digest time.
• Slack message contents from your channels. Brand Pilot only reads your /monitor slash-command inputs and the metadata Slack passes about button clicks.
• Direct messages from your channels.
• The contents of any Slack channel except the digests Brand Pilot itself posts.

02 What third parties receive

To make Brand Pilot work, the following data leaves our servers:

• Anthropic (Claude API) — when AI analysis is enabled for a monitor, we send the text and metadata of the social posts we just fetched to Anthropic for the analysis step. Anthropic processes this under their commercial terms. We do not send Slack messages or your account identifiers.
• Twitter API, Reddit API, Hacker News API — we send your monitor topic (the search term) to fetch matching posts. We never share your Slack identifiers or message content with these sources.
• Stripe — when you upgrade, billing data (workspace ID as metadata, email, card details) flows directly between you and Stripe. We see only the Stripe customer ID and subscription ID.
• Slack — all messages we post, button events, and slash-command requests pass through Slack APIs. Slack's privacy policy governs that channel.

03 How we secure your data

• All OAuth tokens and Stripe IDs are stored in MySQL with restricted access. Production access requires SSH key authentication.
• All HTTP traffic to Brand Pilot uses HTTPS.
• Slack request signatures are verified on every incoming webhook.
• Stripe webhook signatures are verified on every incoming event.
• Logs are structured JSON; we do not log OAuth tokens, API keys, or signing secrets.

04 How you can delete your data

• Uninstall the app from your Slack workspace. The app_uninstalled handler deletes your installations row, your accounts row, all monitors, all digest_history, and all monitor_sources. The audit_log retains the install/uninstall record for legal-hold reasons but contains no personal data beyond team_id.
• Run /monitor export at any time to receive a JSON download of every record we hold about your workspace.
• Email us at m97alim@gmail.com for any access, correction, or deletion request not covered above.

05 Data retention

• Digest history: 90 days (auto-pruned daily).
• Audit log: indefinite, but contains only event-type + team_id + optional non-sensitive details.
• Everything else: lifetime of the install. Deleted on uninstall.

06 Children

Brand Pilot is a business tool not directed at children under 16, and we do not knowingly collect data about them.

07 Changes to this policy

If we materially change this policy we will post an in-app notice via DM. Continued use after such a notice constitutes acceptance.

08 Contact

Questions about privacy? Email m97alim@gmail.com.