Privacy Policy

1. Introduction

SharpSana, operated by Individual Entrepreneurship "Assylkhan.unicorn", registered in Kazakhstan (IIN/BIN: 060325550423) ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use SharpSana — an AI coworker for your whole startup that connects to the tools you already use, forms persistent memory across your company's work, answers grounded in your real data, and acts back into your tools. This policy covers the SharpSana web application, dashboard, Slack and Telegram bots, Model Context Protocol (MCP) servers, browser extensions, integrations, APIs, and website (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (via GitHub or Google OAuth)
• Username, display name, and profile picture
• OAuth provider identifiers (e.g., GitHub User ID, Google ID)
• Workspace, team, and role assignments inside SharpSana

2.2 Integration & Connected Tool Data

SharpSana works by forming memory across the tools your team already uses. When you connect a tool via OAuth (read-only by default unless you explicitly grant write scopes), we may access, index, and store data from that tool to power chat, search, insights, and write-back actions. Depending on which integrations you enable, this may include:

• GitHub: repository contents, source code, commit history, issues, pull requests, branches, and metadata
• Linear / Jira / ClickUp / Trello: tickets, projects, comments, statuses, assignees, and workflow metadata
• Slack: channel messages, threads, direct messages with the bot, user identities, and workspace metadata (only for channels and conversations the bot is invited to)
• Telegram: messages and chat metadata for chats where the Sharpsana bot is added
• Notion: page content, comments, and database entries from connected workspaces
• Google Drive: file contents and metadata for files you select
• Gmail: email messages, threads, drafts, and metadata for accounts you connect
• Google Calendar: events, attendees, and scheduling metadata
• PostHog: product analytics events, funnels, and feature usage data
• Other integrations: data from any additional third-party tools you choose to connect

You can disconnect any integration at any time from your dashboard. Disconnecting revokes our access and stops new ingestion; you can also request deletion of previously ingested data.

2.3 Project Materials & Uploaded Content

We store content you upload or create inside SharpSana, including:

• Documents, notes, briefs, PRDs, and project materials
• Customer interview transcripts, recordings, and research inputs
• Roadmaps, tasks, sprints, and planning artifacts
• Vector embeddings derived from your content (for semantic search and memory)
• Persistent memory entries derived from messages, events, and decisions across your connected stack

2.4 Conversations & AI Interactions

We collect the content of your interactions with our AI, including:

• Chat messages with AI agents in the web dashboard
• Conversations with the SharpSana bot in Slack and Telegram
• Tool calls, plans, drafts, and other AI-generated artifacts
• Requests sent through MCP servers from your IDE

2.5 Usage & Device Data

We automatically collect information about how you use SharpSana:

• Feature usage, tool adoption, and navigation patterns
• Device and browser information, IP address, and approximate location
• Error logs, crash reports, and performance metrics
• Cookies and local-storage identifiers (see Section 6)

2.6 Billing Information

When you subscribe to a paid plan, our payment processor collects billing details (name, email, billing address, payment method). We receive subscription status, plan, and limited transaction metadata, but we do not store your full payment card details.

3. How We Use Your Information

• Provide the Service: To index your stack, form persistent memory, run semantic search, answer questions grounded in your real data, and execute actions you approve.
• AI Analysis: To send relevant context (code, documents, messages, tickets, embeddings) to large language model providers (such as Google Gemini and Anthropic Claude) to generate answers, insights, plans, drafts, and recommendations.
• Write-Back Actions: When you instruct SharpSana to act, we use your integration tokens to draft replies in Gmail, post messages in Slack, file or update tickets in Linear/Jira, create or edit pages in Notion, and perform similar reviewable side effects in your connected tools.
• Bots & Assistants: To operate the Slack and Telegram bots and MCP servers in the channels, chats, and IDEs where you deploy them.
• Improve the Platform: To analyze aggregated usage patterns and improve our indexing, retrieval, and orchestration. We do not use your private content to train public foundation models.
• Security & Abuse Prevention: To detect, investigate, and prevent fraud, abuse, and unauthorized access.
• Communication: To send service updates, security alerts, billing notices, and support replies.
• Legal Compliance: To comply with applicable laws, regulations, and lawful requests.

4. Third-Party Services and Data Sharing

We rely on third-party providers to operate SharpSana. Your data may be processed by:

4.1 Hosting & Infrastructure

We run our application and worker services on Google Cloud Platform (including Cloud Run) and Vercel. Primary data, authentication, and file storage are provided by Supabase. Data is stored in encrypted databases and object storage hosted in our cloud providers' data centers.

4.2 AI & LLM Providers

We use third-party AI providers, primarily Google (Gemini) and Anthropic (Claude), to generate responses, insights, and code. To do this, we send relevant portions of your content, chat history, and integration data to their APIs. We do not authorize these providers to use your data to train their public models. Please review each provider's privacy policy for details on how they handle data submitted via their API.

4.3 Integration Providers

When you connect a third-party tool (GitHub, Linear, Jira, ClickUp, Trello, Slack, Telegram, Notion, Google Drive, Gmail, Google Calendar, PostHog, and others), data flows between SharpSana and that provider under their own terms and privacy policies. Your use of those integrations is also governed by the policies of the respective provider.

4.4 Payment Processing

We use Polar as our payment processor to handle subscriptions, checkout, and customer portal access. Payment card details are handled directly by the processor; we do not store full card numbers. Limited billing metadata (plan, status, customer ID) is stored to operate your subscription.

4.5 Analytics, Logging & Monitoring

We use product analytics and error-monitoring tools (such as Sentry/PostHog-style tooling) to understand usage and detect issues. These tools may receive limited usage and device data and pseudonymous identifiers.

4.6 Sale of Data

We do not sell, rent, or trade your personal information or your content to third parties.

5. Data Storage, Security & Retention

We apply industry-standard security measures including TLS encryption in transit, encryption at rest provided by our cloud database and storage providers, scoped OAuth tokens stored with restricted access, and least-privilege access controls for our team. We never see or store the passwords of accounts you connect through OAuth.

We retain your data for as long as your account is active or as needed to provide the Service. You can disconnect integrations, delete specific content, or delete your account and all associated data at any time from your dashboard. Some records (such as billing history or security logs) may be retained for a limited period as required by law or for legitimate business operations.

Because SharpSana operates globally, your data may be processed and stored in countries other than your own, including the United States, the European Union, and other regions where our providers operate.

6. Cookies & Local Storage

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences (such as theme), measure feature usage, and detect abuse. You can control cookies through your browser settings; disabling certain cookies may impact functionality.

7. Your Privacy Rights

Depending on your jurisdiction (including under GDPR and CCPA), you may have the right to access, correct, export, restrict, or delete your personal data, withdraw consent for processing, or object to certain uses. To exercise these rights, contact us at the email below. We will respond within the timeframes required by applicable law.

If your organization administers your SharpSana workspace, your workspace administrator may also have access to and control over your account data.

8. Children's Privacy

SharpSana is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

9. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our Service, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by email or in-product notice. Your continued use of the Service after changes become effective constitutes acceptance.