Privacy Policy

1.1 Workspace Data

When you install Lisa in your Slack workspace, we collect:

• Workspace identifiers and configuration
• Authentication tokens (encrypted at rest)
• Messages sent to Lisa or in channels where Lisa is present
• User profiles (names, roles, timezone)
• Channel metadata

1.2 Third-Party Integration Data

When you connect third-party services through our Service, we collect OAuth tokens and relevant data from those services as needed to fulfill your requests. We access only the data necessary to provide the Service.

1.3 Usage Data

• Service interaction logs
• Feature usage statistics
• Error logs for debugging

We process your data based on:

• Contract performance — to provide the Service you requested
• Legitimate interests — to improve and secure the Service
• Consent — where explicitly provided

We use collected information to:

• Provide and operate the Service
• Process your requests and commands
• Generate insights and responses
• Improve Service quality and performance
• Ensure security and prevent abuse

Lisa uses third-party large language models (LLMs) to process your requests:

• Your messages are sent to our AI providers for processing
• Your data is NOT used to train AI models
• AI providers do not retain your data after processing each request
• We use techniques like Retrieval Augmented Generation (RAG) to minimize data exposure

• Data is stored on secure cloud infrastructure (AWS, US region)
• Sensitive data is encrypted at rest using AES-256 encryption
• All data transmission uses HTTPS/TLS
• Access to systems is restricted, logged, and audited

We do not sell your data. We share data only with:

• AI service providers — for processing (required for Service)
• Infrastructure providers — for hosting and operations
• As required by law — to comply with legal obligations

Your data may be processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

• Active workspace data: retained while you use the Service
• After uninstall: data deleted within 30 days
• Logs: retained for up to 90 days

Depending on your location, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Export your data (data portability)
• Object to or restrict processing
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at hello@gosync.ai

This Privacy Policy does not apply to third-party applications or services that integrate with our Service ("Third-Party Services"). When you connect Third-Party Services, those services operate under their own terms and privacy policies. We encourage you to review their policies before connecting.

Our Service is not directed to children under 16. We do not knowingly collect data from children.

We may update this policy. We will notify you of material changes via the Service or email. Continued use after changes constitutes acceptance.

For privacy questions or to exercise your rights:

Email: hello@gosync.ai

Website: gosync.ai