Privacy Policy that matches the real data flows.

• names, email addresses, login identifiers, profile fields, role assignments, workspace settings, and provider connection state

• users, workspace admins, onboarding flows, and authentication providers

• create and secure accounts
• manage workspace membership and permissions
• support onboarding and provider connection flows

• plan selections, subscription status, checkout state, provider customer identifiers, and payment-related account records

• customers, workspace admins, and billing providers such as Polar

• process subscriptions and account changes
• support billing operations, cancellations, refunds, and account recovery
• maintain financial and contractual records

• CRM records, lead data, contact details, opportunity stages, transaction context, notes, and qualification details

• customers and authorized users
• GoHighLevel, CSV imports, portal-intake payloads, forwarded lead emails, forms, and customer-enabled workflows

• provide customer-directed CRM and workflow functionality
• rank work, summarize context, prepare drafts, and sync with connected systems
• maintain operating history for the customer workspace

• draft emails, SMS content, inbox context, call or message notes, recipients, message subjects, send outcomes, and related metadata

• users, customer-uploaded content, connected inbox or CRM systems, and generated workflow drafts

• prepare and stage communications
• support approval-gated sending through connected providers
• maintain send, failure, and follow-up history

• approval decisions, audit-log entries, compliance timestamps, content hashes, routing metadata, run history, and provenance records

• product workflows, user actions, internal logging, and compliance or trust controls

• support approval-gated workflows
• show what happened and when
• investigate disputes, misuse, or system issues

• ephemeral ranking inputs, recommendation scores, customer-visible queue items, recommendation history where surfaced, and operator accountability metadata for why an item was shown

• product ranking logic, workflow state, connected-system updates, and user or operator actions

• surface the next best work inside the canonical queue
• retain visible recommendation history where the product exposes it
• preserve enough accountability evidence to explain why a recommendation was generated or suppressed

• vault files, PDFs, DOCX files, spreadsheets, images, templates, generated documents, extracted text, and related metadata

• users, customer uploads, generated outputs, Google Drive sync, and document workflows

• store and organize files
• generate exportable documents
• extract content and connect documents to contacts, properties, or workflows

• OAuth tokens, refresh metadata, provider status, scopes, synced calendar data, Drive metadata, Gmail summaries, portal source metadata, and import payloads

• customer-enabled integrations such as GoHighLevel and Google
• portal-intake providers, forwarded leads, and import files

• connect external systems
• sync data and status into the workspace
• power customer-requested workflows across providers

• saved prompts, generated outputs, summarization context, embeddings, retrieval indexes, and other derived AI-assistance artifacts where stored

• user prompts, generated workflows, retrieval pipelines, and optional embedding-enabled memory features

• support drafting, summarization, semantic retrieval, and continuity features
• keep certain generated outputs available in visible product surfaces
• preserve derived context needed to rehydrate workspace features while the workspace remains active

• analytics events, feature-usage metrics, prompt-token metrics, error logs, device or browser signals, IP-derived rate-limit keys, and push subscription or device-token records

• automatic collection through website and product use
• performance, monitoring, and security tooling

• operate, secure, and debug the product
• measure adoption and feature performance
• prevent abuse, monitor incidents, and improve reliability

• support requests, feedback submissions, bug reports, ratings, migration-assistance context, troubleshooting notes, temporary debug captures, and operator investigation notes

• users, workspace admins, and support interactions

• respond to support requests
• debug and maintain the service
• use voluntary feedback to improve product quality

• database backups, storage snapshots, disaster-recovery copies, and temporary restore artifacts created for continuity or incident recovery

• backup systems, storage replication, disaster-recovery workflows, and incident-response or restore operations

• support restoration after outages, corruption, or security events
• maintain business continuity and recoverability
• allow delayed purge after active-system deletion while backup media ages out or is overwritten

• waitlist signups, referral codes, marketing-form submissions, public contact details, traffic analytics, and public-site performance data

• website visitors, waitlist forms, landing pages, and marketing campaigns

• respond to inquiries and manage waitlist flows
• measure website traffic and performance
• communicate about launch, onboarding, and commercial activity

Account identity and workspace administration

Retained while the account or workspace remains active, then as needed for security, account recovery, and contractual recordkeeping.

Only the portions reasonably tied to the user or workspace are suitable for ordinary export.

Account closure can remove active access and certain settings first; some account-state evidence may remain for legal, fraud, or security reasons.

Commercial and financial records

Retained according to the active commercial relationship and later finance, tax, refund, dispute, or legal obligations.

Limited billing or subscription detail may be provided, but processor-side payment records remain partly governed by the billing provider.

Not an ordinary immediate-delete category; closure may stop future billing while preserving required records.

Customer-visible business records

Usually follows the customer record or workspace lifecycle until deleted, migrated, or removed at the customer's direction.

Primary export target in usable formats because these are core business records customers actually need.

Record-level deletion, workspace deletion, or processor-directed deletion should target these records early, subject to downstream-source realities and linked audit evidence.

Visible drafts, message history, and send outcomes

Visible message records generally follow workspace lifecycle; staged drafts may be shorter-lived than completed or sent records.

Drafts, message history, and visible send outcomes are meaningful export targets where the product holds them.

Deleting a record or workspace should suppress future use in active surfaces first; linked provider-side copies may remain in connected messaging systems.

Ephemeral scoring, visible queue history, and accountability metadata

Ephemeral scoring or ranking inputs can be short-lived, while visible queue items or accountability evidence may remain as long as needed to explain product behavior.

Customer-visible recommendation or queue history may be exportable; hidden intermediate scores or unstable ranking inputs are not promised as ordinary exports.

Visible queue records may follow record or workspace deletion, while hidden accountability metadata may persist longer on a constrained path.

Run-ledger and approval accountability records

Retained as needed to preserve proof of generation, review, approval, send, failure, and dispute history.

Customer-visible approval history may be exportable, but hidden hashes, operator notes, or internal abuse-review artifacts are not generally part of ordinary exports.

Often handled through narrower deletion or redaction rules than ordinary workspace content, especially where approval evidence needs to remain trustworthy.

Hosted documents and generated files

Usually follows workspace lifecycle unless a file is copied from or remains present in an external source system.

High export priority because files and generated documents are customer-visible and already map to real product exports.

Deleting the hosted file removes active access first, then follows storage and backup purge timing.

Visible AI content and hidden retrieval artifacts

Visible prompts or outputs generally follow workspace lifecycle; embeddings or derived indexes may persist only while the feature remains active or until a later purge job removes them.

Visible prompts or outputs may be exportable where stored in ordinary surfaces; embeddings, intermediate vectors, or unstable retrieval artifacts are not promised in ordinary exports.

Customer-visible artifacts should follow ordinary deletion paths first, while derived indexes may purge later on a delayed operational path.

Connection secrets, sync metadata, and imported payloads

Retained while the integration remains connected and for a limited period after disconnect where needed for troubleshooting, fraud review, or sync reconciliation.

Imported business records may be exportable, but provider tokens, secrets, or raw connection diagnostics are not ordinary export targets.

Disconnecting an integration can revoke active access and remove stored tokens first, while imported records and external source copies may remain subject to separate deletion paths.

Product analytics and operational logging

Retained according to internal operational need, security need, and troubleshooting value rather than the same trigger used for customer-visible records.

Raw analytics and telemetry are not the primary customer export target.

May age out or be purged under internal telemetry processes, subject to incident, abuse, or legal preservation needs.

Support cases and troubleshooting artifacts

Retained while the case remains open and then as needed to document prior support, product issues, or misuse investigations.

Support correspondence tied to the requester may be retrievable, but temporary debug captures and internal operator notes are not generally ordinary export targets.

Can be narrowed or delayed when needed to preserve evidence of support, abuse, security review, or product defects.

Continuity and recovery copies

Retained until backup media expires, rotates, or is overwritten under the continuity program in force at the time.

Not an ordinary user export target.

Active-system deletion does not immediately purge backup copies; backup deletion is delayed until the relevant media expires or is overwritten unless a special restore or legal hold changes the path.