Compliance

Overview

Shabe AI Corp designs Shabe SaaS for business users and supports common data protection expectations (including GDPR-oriented rights for individuals in scope). This page summarizes our posture; it is not an exhaustive legal agreement. Enterprise customers may request a Data Processing Agreement (DPA) and additional documentation.

Roles

For customer content and personal data you submit or connect through the Service, you are typically the data controller (or equivalent) for your organization's data, and Shabe acts as a processor (or service provider) in providing the Service. For account, billing, and certain operational data about your use of Shabe, Shabe may act as a controller for its own business purposes (for example invoicing and security).

Categories of Personal Data

Depending on how you use the Service, processing may include: account and profile data; conversation and usage data; synced CRM and activity data derived from integrations; OAuth tokens; billing and subscription metadata; support communications; and technical logs. See the Privacy Policy for detail.

Subprocessors

We use third-party services to host and operate the product. Representative categories and providers include:

• Cloud application & database: Vercel, Convex
• Authentication: Clerk
• AI: OpenAI (and potentially other model providers if added)
• Payments: Stripe
• Email delivery: Resend
• Observability & analytics: Sentry, PostHog
• Workflows (where enabled): Inngest

We will update this list as our stack evolves. Material changes may be reflected in the Privacy Policy and, where required, through direct notice.

International Transfers

Data may be processed in the United States and other countries where subprocessors operate. Where GDPR (or similar law) applies, we rely on appropriate safeguards such as Standard Contractual Clauses or other mechanisms recognized under applicable law, consistent with our agreements with customers and vendors.

Data Subject Rights

Individuals may request access, correction, deletion, restriction, objection, or portability where applicable. Contact info@shabe.ai. In-product controls for privacy preferences may be available at Settings → Privacy where enabled for your account.

Retention

Retention periods depend on the category of data (conversations, synced integration data, logs, billing records). We describe high-level retention in the Privacy Policy; configurable retention features may be offered in the product over time.

No Sale of Personal Information

We do not sell personal information as defined under U.S. state privacy laws. We use subprocessors strictly to provide and improve the Service.

Certifications

Individual infrastructure vendors may hold certifications (for example SOC 2 reports). A certification held by a vendor does not automatically mean Shabe has completed the same audit. Enterprise customers should rely on contractual terms, questionnaires, and vendor documentation for formal assurance.