Privacy Policy

Overview

Your privacy is fundamental to how we build Shabe SaaS—the new UI for SaaS. This policy explains how we collect, use, protect, and share your information.

Shabe AI Corp ("Shabe," "we," "our," or "us") operates app.shabe.ai and shabe.ai (the "Service"). This Privacy Policy governs your use of the Service and explains how we collect, use, disclose, and safeguard your information.

By using Shabe SaaS, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

Information We Collect

1. Information You Provide

• Account Information: Name, email address, phone number, company name, job title, and authentication credentials (managed via Clerk)
• Profile Information: Communication preferences, timezone, language, department, bio, and AI personalization settings (communication style, detail level, emoji preferences)
• Conversation Data: All messages, queries, and commands you send to Shabe AI, including conversation history and context. This is the primary data we store.
• Team Data: Team member information, roles, permissions, and team settings

Important: Shabe is a read-only query interface. We do not store your CRM data (contacts, accounts, deals, activities), emails, calendar events, or other data from connected services. We only query this data in real-time to answer your questions and do not retain it in our systems.

2. Information from Integrated Services (Read-Only)

Shabe provides read-only access to the following services. We query your data in real-time to answer your questions but do not store, sync, or retain this data:

• HubSpot: Contact, company, deal, activity, and forecasting data (read-only queries)
• Salesforce: Opportunity, contact, account, and activity data (read-only queries)
• Gmail: Email messages and metadata (read-only queries via Gmail API)
• Google Calendar: Calendar events and schedules (read-only queries via Calendar API)
• legacysocial: Post analytics and engagement data (read-only access)
• Slack: Channel and message data (read-only access)

Data Storage: We only store encrypted OAuth tokens necessary to authenticate with these services. We do not store any of your CRM data, emails, calendar events, or other content from these platforms.

3. Automatically Collected Information

• Usage Data: Feature usage, conversation metrics, query patterns, time spent, and interaction frequency
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: API requests, error logs, performance metrics, and system events
• Cookies and Similar Technologies: Session cookies, authentication tokens, preference cookies

How We Use Your Information

We use the collected information for the following purposes:

• Provide the Service: Process your queries, query your connected services in real-time (read-only), generate insights, and deliver AI-powered responses
• Personalization: Customize AI responses based on your communication preferences, role, and usage patterns
• Integrations: Query data from HubSpot, Salesforce, legacysocial, Slack, Gmail, and Google Calendar on your behalf (read-only access, no data storage)
• Analytics & Improvement: Analyze usage patterns, improve AI accuracy, develop new features, and enhance user experience
• Security: Detect fraud, prevent abuse, monitor security threats, and maintain system integrity
• Communication: Send service updates, feature announcements, support responses, and transactional emails
• Compliance: Meet legal obligations, enforce our terms, and respond to legal requests

Note: We do not use your CRM data, emails, or calendar events to train machine learning models. We only use aggregated, anonymized conversation patterns for service improvement.

AI & Machine Learning Data Usage

Shabe uses OpenAI's GPT-4 and proprietary machine learning models to power its intelligence features:

• OpenAI Processing: Your conversation queries are processed through OpenAI's API to generate responses. OpenAI does not use API data to train their models. Data sent to OpenAI is subject to OpenAI's privacy policy.
• Context & Memory: Conversation history (your queries and our responses) is stored to provide context-aware responses and improve your experience. You can request deletion at any time.

Important: We do not use your CRM data, emails, calendar events, or other data from connected services to train machine learning models. We only use your conversation history (queries and responses) for context and service improvement.

Information Sharing & Disclosure

We do not sell your personal information.

We may share your information in the following circumstances:

• Service Providers: OpenAI (AI processing), Convex (database hosting), Clerk (authentication), Vercel (hosting), Sentry (error monitoring), PostHog (analytics), Stripe (payment processing)
• Team Members: Conversation history and account data is shared with your authorized team members based on their permissions
• Integrated Services: We query data from services you connect (HubSpot, Salesforce, legacysocial, Slack, Gmail, Google Calendar) in real-time per your authorization. We do not sync or store this data.
• Legal Requirements: When required by law, subpoena, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• With Your Consent: Any other sharing with your explicit permission

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Authentication: Multi-factor authentication supported via Clerk
• Access Controls: Role-based permissions and team-based data isolation
• Monitoring: Real-time security scanning, intrusion detection, and audit logging
• Infrastructure: SOC 2 Type II compliant hosting (Vercel, Convex)

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

• Active Account Data: Retained while your account is active
• Conversation History: Retained to provide context-aware responses (you can request deletion at any time)
• OAuth Tokens: Encrypted tokens for connected services are retained while integrations are active, deleted immediately upon disconnection
• CRM/Email/Calendar Data: We do not store this data—it is only queried in real-time and not retained
• Audit Logs: Retained for 90 days (or longer if required by law)
• After Account Deletion: Conversation history and account data deleted within 30 days; some may be retained for legal/backup purposes up to 90 days

Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Request a copy of your data in a machine-readable format
• Opt-Out: Opt-out of marketing communications
• Restrict Processing: Request restriction of data processing
• Object: Object to processing based on legitimate interests

To exercise these rights, email us at info@shabe.ai

International Data Transfers

Shabe AI operates globally. Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and adequacy decisions.

Children's Privacy

Shabe AI is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.