How We Handle
Your Data.

What we store

Workflow configuration, automation logs, and aggregated KPI metrics. We cache operational data only as long as needed for processing — typically under 24 hours.

What we don't store

We don't store customer PII beyond what's required for the active workflow. Raw ticket content is processed in-memory and discarded after the automation completes.

Data residency

All processing happens on infrastructure within your preferred region. We support US, EU, and APAC data residency on request.

Least privilege

Every integration uses the minimum permissions required. We request only the API scopes needed for the specific workflows we build.

Secrets management

API keys and credentials are stored in encrypted vaults (never in code, never in logs). Rotated on a scheduled basis or on request.

Team access

Only engineers assigned to your account have access to your configuration. Access is logged and auditable.

Audit logs

Every automation run produces a timestamped audit log: what triggered it, what actions were taken, what was approved/rejected, and the outcome.

Monitoring

All production workflows are monitored for failures, latency, and anomalies. Alerts fire to our ops team within minutes.

Log retention

Audit logs are retained for 90 days by default. Extended retention available on Growth and Scale retainers.

Staging vs Production

All workflows are tested in a staging environment before going live. We never deploy untested automations directly to production.

Rollback

Every deployment is versioned. If a workflow causes issues, we roll back to the previous known-good version immediately.

Failure handling

Automations retry on transient failures with exponential backoff. Persistent failures trigger alerts and automatic fallback to manual processing.

Response time

Critical incidents: response within 1 hour (Scale) or 4 hours (Growth). Starter tier: next business day.

Post-incident

Every incident gets a written post-mortem with root cause, timeline, and preventive measures. Shared with your team within 48 hours.

No training on your data

We never use client data to train models — not ours, not third-party. Your data is used exclusively for your workflows.

Third-party AI providers

When we use LLMs (e.g., for draft replies), we use providers with enterprise data agreements that prohibit training on input data.

Explicit permission

Any new data usage or integration requires explicit written approval from your team. No surprises.