Privacy Policy
Smartoo helps teams build and run apps with AI. We collect the data we need to run the service, keep it secure, and improve the product. This page explains what we collect, why we share it with trusted providers, and how you can contact us about your data.
Who We Are
Smartoo is operated by the Smartoo team (contact below). If Smartoo is transferred to a dedicated Smartoo legal entity, we may update this policy to reflect that. If you use Smartoo on behalf of a business, that business is usually the controller of workspace data; we process data as described here to provide the service.
What We Collect
- Account: Name, email, password (stored securely), profile details you add, and team membership.
- Content you add: Text, files, knowledge items, app data, and similar material you or your team put in Smartoo.
- AI usage: Prompts and context you send to AI features are processed to generate responses. Do not submit secrets to AI prompts unless intended and authorized; integration credentials are stored and used only to provide connected features.
- Connections: When you connect third-party services (for example GitHub or email), we store tokens or credentials as needed to sync data you authorize, as described in-product.
- Technical data: IP address, device/browser type, logs, diagnostics, and security signals.
- Billing: Payment-related information is handled by our payment provider; we do not store full card numbers on our servers.
- Analytics (optional): If you accept non-essential cookies, we use analytics tools to understand usage. You can change app analytics anytime in Team Settings → Privacy.
How We Use Data
We use data to:
- Provide, secure, and troubleshoot Smartoo
- Process AI requests and run workflows you configure
- Send service and transactional email (for example invitations and billing)
- Improve reliability and product experience, including optional analytics if you allow it
- Meet legal obligations and enforce our Terms
AI and Large Language Models
When you use AI features, prompts, files, app data, and related context may be sent to AI providers we use to generate responses. These providers process data to provide their services to us, subject to their own security terms and data processing commitments. We may change or add AI providers over time. Do not submit personal data you do not have a right to share, or highly sensitive information, unless your organization has approved that use.
Cookies and Analytics
Essential cookies keep you signed in and run the platform. If you click Accept on our cookie notice, we may load analytics tools, such as PostHog and Google Analytics on our marketing site, and PostHog in the app to measure product and website usage. In the app, this may include privacy-masked session replay to understand bugs and improve usability. We mask form inputs where supported and do not intentionally use replay to collect passwords, payment card details, or secrets. If you choose Continue without analytics, we do not load those tools on that browser until you opt in.
Who We Share With
We use service providers (“subprocessors”) to host Smartoo, send email, process payments, run AI, store files, and (if you allow) analytics. They may process data on our instructions.
| Provider | Role |
|---|---|
| Hosting / infrastructure | Run the application and databases |
| Microsoft Azure (OpenAI) | AI inference |
| SendGrid | Transactional email |
| Stripe | Payments and billing |
| Amazon S3 (or compatible storage) | File and attachment storage |
| PostHog | Product analytics and session replay (if you accept) |
| Google Analytics | Marketing website analytics (if you accept) |
| Google / Microsoft / GitHub | Sign-in, integrations, or developer tools as you enable them |
| Optional integrations | Third-party services you connect, such as chat, email, calendar, payment, storage, or developer tools |
| LangSmith (optional) | AI tracing and debugging when enabled for your workspace |
The exact providers in use can change as we improve Smartoo. Ask us for the current list anytime at the email below.
International Transfers
We may process and store data in Asia-Pacific, the United States, the European Union, or other regions where we or our providers operate. We use appropriate safeguards where required, such as standard contractual clauses offered by providers.
Retention
We keep account and workspace data while your account is active. Deleted workspaces are removed from active systems promptly, with backups expiring on their normal cycle. Security logs are usually kept up to 12 months. Billing records may be kept for tax and accounting requirements. Inactive or unpaid workspaces may be suspended and deleted after notice.
Your Choices and Rights
Depending on where you live, you may have rights to:
- Access or export a copy of your personal data
- Correct inaccurate data
- Delete or restrict certain processing
- Object to processing or withdraw consent for optional analytics
- Lodge a complaint with a data protection authority
To make a request, email [email protected]. We may need to verify your identity. We will respond within a reasonable time (typically within 30 days). Some requests may be limited if we must keep data for legal or security reasons.
Children
Smartoo is for adults. We do not knowingly collect personal data from anyone under 18.
Contact
Questions about this policy: [email protected]