Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

At Gist, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Slack application and AI-powered summarization services.

1. Information We Collect

1.1 Slack Message Content

When you use our Service, we process:

• Message Content: Text content from Slack conversations that you choose to summarize
• Thread Data: Message threads, replies, and conversation context
• Channel Information: Channel names and metadata (but not private channel content unless explicitly authorized)
• Timestamp Data: When messages were sent and received
• User Mentions: References to users within processed conversations

1.2 Authentication and Account Information

• Slack OAuth Tokens: Secure tokens that allow us to access your authorized Slack workspace
• Workspace Information: Slack workspace identifiers and basic configuration
• User Identifiers: Slack user IDs and basic profile information
• Authorization Scopes: Permissions you've granted to our application

1.3 Integration Data

• Notion Integration: When connected, OAuth tokens and database identifiers for saving summaries
• Usage Analytics: How you use our features, frequency of summarization requests
• Error Logs: Technical logs for troubleshooting and service improvement

1.4 Website and Subscription Information

• Contact Information: Email addresses for account management and support
• Billing Information: Payment data processed securely through Stripe (we do not store full payment details)
• Website Usage: Pages visited, browser information, and interaction patterns

2. How We Use Your Information

2.1 Core Service Functionality

• AI Processing: We process your Slack message content using OpenAI's GPT models to generate summaries, extract action items, and identify key decisions
• Real-time Summaries: Continuously update summaries as new messages are added to threads
• Scheduled Summaries: Generate and deliver summaries based on your configured schedule
• Integration Services: Save summaries to your connected Notion databases or other authorized platforms

2.2 Service Improvement

• Feature Development: Analyze usage patterns to improve our AI models and user experience
• Performance Optimization: Monitor service performance and reliability
• Security Monitoring: Detect and prevent unauthorized access or abuse

2.3 Communication

• Service Updates: Notify you of important changes to our service
• Account Management: Send billing notifications, security alerts, and subscription information
• Customer Support: Respond to your inquiries and provide technical assistance

3. Information Sharing and Third-Party Services

3.1 AI Processing Partners

• OpenAI: We use OpenAI's GPT models to process your message content. Our agreement with OpenAI explicitly prohibits them from training their models using your data
• Data Processing: Message content is sent to OpenAI for analysis but is not permanently stored by them

3.2 Infrastructure and Security Providers

• Google Cloud Platform: We use Google Cloud services for secure data processing and storage
• Google Secret Manager: User tokens and sensitive data are encrypted and stored using Google's secure key management
• Stripe: Payment processing is handled by Stripe; we do not store complete payment information

3.3 User-Authorized Integrations

• Notion: When you authorize Notion integration, we share summaries with your Notion workspace according to your configuration
• Slack: We interact with Slack APIs to read authorized content and post summaries back to your workspace

3.4 We Do Not Sell Your Data

We never sell, rent, or trade your personal information or message content to third parties for marketing or advertising purposes.

4. Data Storage and Security

4.1 Data Processing

• Transient Processing: Message content is processed temporarily to generate summaries and is not permanently stored unless required for service functionality
• Summary Storage: Generated summaries may be stored to enable features like revision history and scheduled updates
• Secure Transmission: All data is transmitted using industry-standard encryption (TLS 1.2+)

4.2 Security Measures

• Encryption: User tokens and sensitive data are encrypted both in transit and at rest
• Access Controls: Strict access controls limit who can access your data within our organization
• Regular Security Audits: We conduct regular security assessments and vulnerability testing
• Compliance: We follow industry best practices for data security and privacy

4.3 Data Location

• Primary Storage: Data is primarily stored in secure cloud infrastructure within the United States and European Union
• Cross-Border Transfers: Any international data transfers comply with applicable data protection regulations

5. Data Retention

5.1 Retention Periods

• Message Content: Processed transiently and not permanently stored unless required for service functionality
• Generated Summaries: Retained for the duration of your subscription plus 90 days for backup purposes
• Account Information: Retained for the duration of your account plus 7 years for legal and accounting purposes
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement

5.2 Data Deletion

• Account Deletion: You may request complete deletion of your data by contacting support@getthegist.app
• Automatic Deletion: Inactive accounts are automatically deleted after 2 years of inactivity
• Legal Requirements: Some data may be retained longer if required by law or for security purposes

6. Your Privacy Rights

6.1 Access and Control

• Data Access: Request a copy of the personal information we hold about you
• Data Portability: Request your data in a machine-readable format
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)

6.2 Communication Preferences

• Opt-out: Unsubscribe from marketing communications at any time
• Notification Settings: Control which service notifications you receive
• Data Processing: Where legally required, you can object to certain data processing activities

6.3 Slack Workspace Control

• Authorization Management: You can revoke Gist's access to your Slack workspace at any time through Slack's app management
• Data Scope: You control which channels and conversations Gist can access through Slack's permission system

7. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

8. International Data Transfers

If you are located outside the United States, please note that your information may be transferred to, stored, and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for any international data transfers.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

10. European Data Protection Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Lawful Basis: We process your data based on contract performance, legitimate interests, and consent
• Data Protection Officer: Contact our data protection team at privacy@getthegist.app
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to your registered email address
• Providing notice through our Slack application

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us:

---

Note: This Privacy Policy applies to our Slack application and related services. For website-only interactions (such as waitlist signup), we collect only basic information necessary for communication and service delivery.