Privacy Policy

Last updated: September 5, 2025

This Privacy Policy explains how Ressl AI ("Ressl AI", "we", "our", or "us") collects, uses, discloses, and protects information when you access or use our websites, applications, and related services (collectively, the "Services"). This Policy also describes your choices and rights with respect to your information. If you use our Services on behalf of an organization, that organization is our customer (the "Customer") and this Policy describes how we process information as a service provider on their behalf.

Scope

This Policy applies to information we process in connection with the Services, including when you connect third‑party systems such as Salesforce, Slack, or Jira. Our processing of information as a processor/service provider for a Customer is governed by our agreement with that Customer. If you are an end user of a Customer, please direct privacy questions to your organization’s administrator.

Information We Collect

• Account and Profile Information: name, email address, organization, role, and identifiers provided by your identity provider (e.g., Auth0). We may also receive settings, preferences, and profile details you choose to provide.
• Connected Services Data: when you connect third‑party services (e.g., Salesforce, Slack, Jira), we process data authorized by you or your organization, which can include metadata, configuration information, content necessary to provide the Services, and related context (e.g., Salesforce object metadata and configuration, Slack channel identifiers and messages if explicitly authorized, Jira issue metadata). The scope depends on the permissions you grant during connection.
• Usage Data and Device Information: pages viewed, features used, actions taken, timestamps, IP address, device identifiers, browser type, operating system, and similar technical information.
• Cookies and Similar Technologies: we use cookies and local storage to operate and improve the Services. Where enabled by your organization, we use analytics (e.g., PostHog) to understand aggregate usage and improve performance. You can control cookies through your browser settings.
• Support and Communications: information you provide in support requests, surveys, feedback, and emails or messages with us, including attachments you submit.

How We Use Information

• Provide, operate, maintain, and improve the Services.
• Authenticate users, secure accounts, and prevent fraud and abuse.
• Enable and manage connections to third‑party services at your direction.
• Process and analyze data to deliver requested features and insights.
• Provide customer support and respond to inquiries.
• Monitor performance, fix issues, and develop new features.
• Comply with legal obligations and enforce our agreements.

AI and Model Providers

To deliver functionality, the Services may process inputs (e.g., prompts, configuration, and relevant context from connected systems) with AI model providers under confidentiality and data protection terms. We do not permit third‑party model providers to use your content to train their models for the benefit of others. Where configurable by the Customer, we follow the Customer’s retention and data‑sharing preferences.

Legal Bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we process personal data on the following legal bases: (i) performance of a contract (to provide the Services); (ii) legitimate interests (e.g., to secure and improve the Services); (iii) compliance with legal obligations; and (iv) consent, where required.

How We Share Information

• Service Providers and Subprocessors: cloud hosting, security, analytics, customer support, email, and identity providers (e.g., Auth0, PostHog) that process data on our behalf under contractual obligations of confidentiality and security.
• Third‑Party Services You Connect: when you or your organization connect services like Salesforce, Slack, or Jira, we exchange data as necessary to enable the integration at your direction.
• Compliance and Safety: to comply with law, legal process, or to protect rights, safety, and property.
• Business Transfers: in connection with a merger, acquisition, financing, or sale of assets.

International Data Transfers

We may transfer, store, and process information in countries other than where it was collected. Where required, we use appropriate safeguards for cross‑border transfers, such as Standard Contractual Clauses or other lawful mechanisms.

Data Retention

We retain information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Customers may control retention settings for certain categories of data associated with their organization.

Security

We implement technical and organizational measures designed to protect information, including encryption in transit, access controls, and monitoring. No system is completely secure; you are responsible for maintaining the security of your credentials and connected accounts.

Your Rights and Choices

• EEA/UK/Swiss Individuals: you may request access, correction, deletion, restriction, or portability of your personal data, and object to processing where applicable. You may also lodge a complaint with a supervisory authority.
• California Residents: you may exercise rights under the CCPA/CPRA, including access, deletion, correction, and opting out of certain data sharing. We do not sell personal information as defined by the CCPA/CPRA.
• Other Regions: you may have similar rights under local laws. Please contact us to exercise your rights. Where we process data on behalf of a Customer, we will direct your request to the relevant Customer.
• Analytics Choices: you can manage cookies in your browser and, where offered, adjust in‑app analytics settings.

Children

The Services are not intended for children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to request deletion.

Changes to This Policy

We may update this Policy to reflect changes to our practices. If we make material changes, we will provide notice as required by law. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

Contact Us

To ask questions or exercise your rights, contact us via your Ressl AI account team or at privacy@ressl.ai.