Privacy Policy
Last updated July 2, 2026
1. What We Collect
Account information you provide directly (name, work email, company name). Content from sources you connect (Gmail, Google Drive, Slack, Notion, file uploads) — we process this to extract structured knowledge ("skills") and to answer your team's questions. Usage data such as queries asked, features used, and login activity.
2. How We Use Your Data
We use your data to: operate and improve Theo; extract and index knowledge from your connected sources; generate answers to questions your team asks; detect gaps in documented knowledge; and communicate with you about your account. We do not sell your data.
3. AI Processing
Theo sends content from your connected sources to third-party AI providers (currently Anthropic for language understanding and answer generation, OpenAI for embeddings) in order to extract skills and answer questions. These providers process data under their own data-processing terms and do not use your data to train their models under our current agreements with them. [Confirm and link the actual DPA terms with each provider before publishing.]
4. Data Storage and Security
Data is stored using Supabase (PostgreSQL) with row-level security enforcing organization-level isolation. OAuth tokens and other sensitive credentials are encrypted at rest (AES-256-GCM) before storage. Access to production data is restricted to authorized personnel.
5. Data Sharing
We share data with: the AI providers described above, solely to provide the Service; infrastructure providers (Supabase, Vercel) that host the application; and other members of your organization, according to the access controls your organization configures. We do not share your data with third parties for their own marketing purposes.
6. Data Retention and Deletion
We retain your data for as long as your account is active. You can disconnect a source at any time, which removes the associated indexed content. You may request deletion of your organization's data by contacting us; we will delete or anonymize it within a reasonable period, except where retention is required by law.
7. Your Rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these rights, contact privacy@meettheo.ai.
8. Cookies
We use essential cookies to keep you signed in and to remember basic preferences. We do not currently use third-party advertising or tracking cookies.
9. Children's Privacy
Theo is not directed at individuals under 16 and we do not knowingly collect data from them.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated with reasonable notice.
11. Contact
Questions about this policy can be sent to privacy@meettheo.ai.