Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

We collect information you provide directly to us when you create an account, connect integrations, or communicate with us. This includes:

  • Account information such as your name and email address.
  • Integration credentials and OAuth tokens required to connect third-party services on your behalf. These are encrypted at rest using AES-256-GCM.
  • Message content and metadata processed by the AI agent to fulfil your instructions. We do not sell or share this content with third parties.
  • Usage data such as feature interactions, error logs, and performance metrics.
  • Billing information processed securely by our payment provider.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Sidekick service.
  • Authenticate your identity and protect your account.
  • Execute agent actions on your behalf across connected integrations.
  • Send transactional emails (e.g. email verification, billing receipts).
  • Monitor for abuse, security incidents, and service outages.

3. Data Sharing

We do not sell your personal data. We share data only with the third-party services you explicitly authorise through our integrations (e.g. Slack, Gmail, GitHub). We may also share data with infrastructure providers (database hosting, cloud compute) who are contractually bound to keep it confidential.

4. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or tax obligations.

5. Security

We implement industry-standard security controls including TLS for data in transit, AES-256-GCM encryption for credentials at rest, regular key rotation, and role-based access controls. Despite these measures, no system is perfectly secure and we cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (right to erasure / right to be forgotten).
  • Restrict or object to certain processing activities.
  • Data portability — export your data in a machine-readable format.

To exercise any of these rights, email us at privacy@sidekick.ai.

7. Cookies

We use essential session cookies required for authentication. We do not use third-party advertising cookies or tracking pixels.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect.

9. Contact

Questions about this policy? Contact our privacy team at privacy@sidekick.ai.