Privacy Policy

Last updated: March 11, 2026

1. Introduction

Ketchbot Inc. (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Ketchbot, you consent to the data practices described in this policy.

2. Information We Collect

Account Information: Name, email address, organization name, and password (hashed) provided during registration.

Integration Data: When you connect third-party tools (Slack, Jira, GitHub, etc.), we access and process messages, comments, ticket data, PR information, and other content from those services solely to provide the Service. This data is processed in real-time and stored as organizational knowledge.

Usage Data: We collect information about how you interact with the Service, including pages viewed, features used, and session duration, to improve the product.

AI Usage Metrics: When you use AI features, we record token counts (input and output), the model used, task type, and timestamps for each interaction. This data is used for billing, usage tracking, and service improvement. It does not include the content of your messages.

Payment Information: Payment details are processed directly by Stripe and are never stored on our servers. We receive only non-sensitive billing information (last 4 digits, expiry, billing address) from Stripe.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process commitment extraction, decision capture, and pattern detection
  • To send escalation notifications and follow-up reminders
  • To track token consumption and calculate credit charges for billing
  • To process credit purchases, auto-reloads, and manage billing
  • To communicate product updates, security notices, and support responses
  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations

4. How We Do NOT Use Your Information

  • We do NOT train AI models on your data. Your organizational data is never used to train, fine-tune, or improve any machine learning models.
  • We do NOT share your data across organizations. Each organization's data is strictly isolated.
  • We do NOT sell your personal information to third parties under any circumstances.
  • We do NOT write to your connected tools (Slack, Jira, etc.) unless explicitly requested by a user. All write actions are audit-logged.

5. Data Storage & Security

All data is stored on enterprise-grade cloud infrastructure. We employ the following security measures:

  • AES-256-GCM encryption at rest for all API tokens and credentials
  • TLS 1.3 encryption for all data in transit
  • AES-256-GCM encryption for all API keys and tokens
  • Row Level Security (RLS) ensuring complete organizational data isolation
  • Automated daily backups with point-in-time recovery
  • No plaintext secrets in logs, error reports, or debugging output

6. Data Sharing & Third Parties

We share data only with the following categories of third-party service providers, and only to the extent necessary to operate the Service:

  • Cloud Infrastructure Provider: Database hosting and authentication
  • Stripe: Payment processing
  • Google AI (Gemini): AI processing for commitment extraction and pattern detection (prompts are sent; no fine-tuning occurs on your data)
  • Connected integrations: Data is read from your authorized services (Slack, Jira, GitHub, etc.) via OAuth; we follow the minimum permissions model

We may disclose information if required by law, subpoena, or other legal process, or if we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., audit logs, billing records). Organizational knowledge data is deleted upon request with certification provided.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request export of your data in a machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request limitation of processing under certain conditions

To exercise any of these rights, contact us at privacy@ketchbot.com.

9. Cookie Policy

We use essential cookies only — specifically, HTTP-only session cookies for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No personal data is stored in cookies.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for any cross-border data transfers in compliance with applicable data protection laws.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where possible, via email. Your continued use after changes become effective constitutes acceptance.

13. Contact Us

For privacy-related inquiries, contact our Data Protection team at privacy@ketchbot.com.

Ketchbot Inc.
Registered in Delaware, United States