Privacy Policy
We are uncompromising about trust, respect and integrity and process your Personal Data in accordance with the following principles.
1. Introduction
At SlateStack AI, we are committed to protecting your privacy and data.
This Privacy Policy explains what data we collect, how we use it, how we protect it, and the rights available to you as a user of our platform.
Our platform powers multi-channel automation and intelligent agents through the MCP (Multi-Channel Processor). The system includes integrations with email, WhatsApp, Slack, CRM systems, voice AI, and RAG-based chat interfaces, designed for use by B2B service businesses.
We apply rigorous security and compliance standards to all data processed through our infrastructure
2. What We Collect and How We Use It
We only collect and process data that is necessary to deliver and improve our services.
This may include:
Business contact information such as company name, email address, and phone number
Customer data from CRM or email systems, including names, email content, or metadata
Message or voice inputs processed through chat or voice agents
Activity and engagement data, including timestamps and session metadata
Browser and device information for analytics and security
For example, if you connect your Gmail account, we will access email content and metadata only for the purpose of reply classification or re-engagement triggers.
We do not sell or use your data for advertising.
3. AI Processing and Model Use
SlateStack AI uses third-party language models, including OpenAI and Gemini, to process and generate intelligent responses.
These models may receive transient inputs such as email content, chat history, or voice transcripts to fulfill user-initiated tasks.
We do not use your data to train public models.
All AI usage is routed through secure APIs and remains under strict scope control. Logged data is only retained for debugging or performance analysis unless you explicitly enable persistent context features.
4. Integrations and Third-Party APIs
To provide automation services, SlateStack connects with third-party tools, including:
Cloud and database services (Google Cloud, Supabase, ChromaDB)
Communication systems (Twilio, VAPI.ai, WhatsApp, Slack)
Productivity and CRM platforms (Gmail, Airtable, Notion, LinkedIn)
All data transfer occurs via secure OAuth2 or API key authentication. Third-party services are bound by their own privacy policies. We do not allow advertising integrations or sell access to partner platforms.
5. Memory and Context Retention
Session context is stored temporarily during AI interactions to enable accurate follow-ups, task routing, and workflow execution.
Longer-term memory is only enabled when:
You explicitly opt in for persistent logging
A business rule requires it (e.g., CRM enrichment or meeting booking)
You can request deletion of memory logs or context history at any time by contacting support@slatestackai.com.
6. Data Storage and Retention
SlateStack uses secure, cloud-based infrastructure to store and manage data.
This includes:
Operational data in Supabase/PostgreSQL with controlled access
Vector and file data stored via ChromaDB or encrypted S3
Retention period of 12 months by default, unless otherwise requested
All data at rest is encrypted using AES-256 and in transit via HTTPS/TLS protocols. Data can be deleted or exported upon request.
7. International Data Transfers
SlateStack operates globally. Your data may be processed or stored in India, the United States, or the European Union.
We apply GDPR-compliant safeguards for international transfers, including Standard Contractual Clauses (SCCs) when applicable.
8. Security Practices
We implement technical and organizational measures to secure your data:
End-to-end encryption (AES-256 for storage, TLS 1.2+ for transit)
OAuth2 and token-based authentication for all APIs
Role-based access control (RBAC) within internal systems
Secure hosting via containerized infrastructure (Docker, Render)
Regular vulnerability scans and access audits
We actively monitor and respond to any security incidents.
9. User Rights
You may exercise the following rights at any time, subject to verification:
Access your personal or business data
Request corrections or updates
Request deletion of all data associated with your account
Request export of data in portable formats (e.g., CSV or JSON)
Restrict certain types of processing
Withdraw consent for optional data features
To request any of these, email us at support@slatestackai.com. We will respond within 72 hours.
10. Breach Notification Policy
In the event of a data breach that affects your information:
We will notify affected users via email within 72 hours
We will provide the nature and scope of the breach
We will outline remedial steps and containment measures
Our infrastructure includes logging, alerts, and incident protocols designed to detect and mitigate such issues promptly.
11. Legal and Regulatory Compliance
SlateStack complies with the following data protection laws and frameworks:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
India IT Act and DPDP Bill 2023
HIPAA best practices (where relevant to client use cases)
We offer Data Processing Agreements (DPAs) to clients upon request. All data processing is limited to the scope of services delivered.
12. Cookies and Tracking
Our website and embedded chat UI may use:
Essential cookies for authentication and session management
Functional cookies to remember your preferences
Optional analytics scripts (e.g., Plausible) that do not fingerprint users
We do not use advertising or retargeting cookies. You may opt out of all non-essential cookies using your browser or through our cookie banner.
13. Contact and Support
If you have any questions about this Privacy Policy or need assistance with your data rights, contact us at:
Email: support@slatestackai.com
Response Time: Within 72 business hours
We also honor opt-out requests for marketing communications and will provide alternate means of access to your data upon request.
14. Responsibilities of Business Clients
If your organization uses SlateStack’s platform to process end-user data through:
Uploaded CSV files
API or webhook integrations
CRM connections
You are considered the data controller and SlateStack is your data processor.
You are responsible for obtaining any necessary consent or legal basis from your users or employees whose data is passed through our platform.
We can execute a Data Processing Agreement (DPA) to define roles, security standards, and compliance protocols if required.
15. Changes to This Policy
This Privacy Policy may be updated periodically to reflect:
Platform changes
Regulatory updates
Infrastructure or vendor changes
All changes will be posted at https://www.slatestack.com/privacy. If the changes are significant, we will notify you via email or in-app alert.
Your continued use of our services after changes indicates your acceptance of the revised policy.