Privacy Policy

What we collect

• Account data — email address, name, hashed password.
• Tool credentials — OAuth tokens for the tools you connect (Jira, Linear, Notion, etc.). Stored encrypted (AES-256 Fernet) in our database.
• Conversation history — messages you send and agent responses, stored per workspace for context. Encrypted at rest.
• Audit log — which tools were called, when, and with what parameters (sensitive values are redacted before logging).
• Usage metadata — request counts and timestamps for rate-limiting and usage analytics.

How we use it

• To run the agent and call the tools you've connected on your behalf.
• To show you your conversation history and audit log in the dashboard.
• To send transactional emails (password reset, email verification).
• To detect abuse and enforce rate limits.

We do not sell your data. We do not use your data to train AI models.

Third parties

We send requests to third-party APIs (OpenAI, your connected tools) on your behalf. Those providers have their own privacy policies. We also use Sentry for error monitoring and Resend for transactional email.

Data retention

Conversation history and audit events older than 90 days are automatically deleted. You can delete your account and all associated data at any time from Settings.

Security

OAuth tokens and credentials are encrypted at rest using AES-256 (Fernet). All data is transmitted over HTTPS. JWTs are short-lived (30 days) and signed with a server-side secret.

Your rights

You can export or delete your data at any time. To delete your account, go to Settings → Delete account. For any other requests, contact privacy@onlyai.app.

Contact

privacy@onlyai.app