1. Introduction
Welcome to Appmetric Software Pvt Ltd ("Appmetric," "we," "us," or "our"). We build and operate Leo, an AI-powered autonomous coworker that integrates with your Slack workspace to help teams execute tasks, automate workflows, and improve day-to-day operations using artificial intelligence (the "Service").
This Privacy Policy describes the types of personal data we gather, the purposes for which we use it, how we may share it, and the steps we take to keep it secure. It also outlines the rights and choices available to you regarding your information. By accessing or using the Service, you acknowledge and accept the data practices outlined in this document.
We periodically review and update this Privacy Policy to ensure it stays current with applicable regulations and our own data governance practices.
Key Definitions
Customer Data refers to any information submitted to, generated by, or processed through the Service on your behalf. This includes connection credentials (such as OAuth tokens), workspace and user identifiers, workspace configuration settings, files stored within Leo, conversations and outputs produced by Leo, scheduled task configurations, approval records, and operational logs.
2. Information We Collect
We limit our data collection to what is reasonably necessary to deliver, maintain, and protect the Service.
A. Slack workspace and user details
When you install Leo or interact with the Service, we may collect and store:
- Workspace identifiers (such as your Slack team ID) along with limited metadata required to operate the integration.
- Admin contact information for the individual who installs Leo (name and email address as supplied by Slack).
- User identifiers for anyone who communicates with Leo (for example, Slack user ID, display name, and email if made available by Slack).
- Internal mapping records that link Slack user profiles to actions and permissions within the Service.
B. Integration and connection credentials
We retain credentials necessary to keep your integrations active, including:
- Slack OAuth tokens (access and refresh tokens), associated scopes, and expiration data.
- Credentials or tokens for any additional third-party tools you choose to connect through Leo.
- Integrations within Leo are shared at the workspace level. This means related credentials and tool settings may be accessible to authorized members of your workspace through Leo.
C. Content and files within Leo
To provide continuity and operate the Service, we store content such as:
- Workspace files created or uploaded in Leo (for example, company notes, team profiles, reports, task logs, and other documents).
- Conversation threads and messages exchanged between users and Leo, including AI-generated outputs and tool invocations.
- Approval and permission records related to actions that Leo requests authorization for.
- Scheduled task details (such as task titles, cron schedules, dependencies, and related configuration).
D. Slack message content
When you interact with Leo through Slack, we access message content from channels where Leo has been invited, direct messages sent to Leo, and thread replies. This content is used to process your requests, preserve conversation context, and deliver the Service.
E. Operational logs and usage information
We collect limited operational data to keep the Service running smoothly, including:
- Service logs, audit records, and security logs (such as timestamps, error details, and request metadata).
- Usage events needed for reliability monitoring and product improvement (for example, tasks completed, approvals processed, and feature usage signals).
F. Support communications
If you reach out to us via support tickets, email, or other channels, we collect the information you provide in those communications.
G. Website analytics and attribution data
When you visit our website, use product interfaces, or interact with checkout or signup flows, we may collect:
- Cookies, tracking pixels, and similar online identifiers used for analytics, advertising measurement, and referral tracking.
- Device and browser information, IP address, pages visited, and interaction events.
- Referral and attribution metadata tied to signup or billing events (for instance, campaign identifiers or partner discount codes).
Sensitive information
We do not intentionally collect sensitive personal data (such as financial account numbers, health records, or data concerning minors) unless such information is necessary for the Service and is provided directly by you.
3. How We Use Your Information
The information described above is used for the following purposes:
A. Delivering and operating the Service
- Verifying user and workspace identities.
- Keeping Slack and other connected integrations functional.
- Carrying out tasks, responding to requests, producing outputs, and maintaining conversation context within Leo.
B. AI processing for generating outputs
- Relevant portions of Customer Data may be processed by AI systems in order to generate responses, summaries, reports, and other outputs as directed by you.
- We do not use Customer Data for advertising purposes.
- We do not use Customer Data to train our own or any third-party foundation models.
C. Security, safety, and integrity
- Identifying and preventing fraud, abuse, and unauthorized access.
- Investigating incidents and maintaining appropriate audit trails.
D. Product improvement (aggregated or anonymized)
We may use aggregated or de-identified data (information that can no longer reasonably identify you) to analyze usage trends and improve the reliability and overall experience of the Service.
E. Communications
- Sending service-related messages (such as product updates, security alerts, and billing or account notifications).
- Providing customer support.
F. Analytics and attribution
- Measuring product and website usage, campaign effectiveness, and conversion events.
- Linking referral programs, partnerships, and discount programs to subscription and billing records.
- Preventing abuse, fraud, and misuse of marketing or referral programs.
G. Legal and regulatory compliance
Fulfilling our legal obligations, enforcing our Terms of Service, and protecting the rights, safety, and property of our users and Appmetric.
4. How We Share Information
We do not sell your personal data for monetary consideration.
Certain identifiers and usage data may be shared with analytics, advertising measurement, and attribution partners to operate and improve the Service. Depending on where you are located, this activity may be classified as a "sale," "sharing," or "targeted advertising" under applicable law, and you may have the right to opt out.
We share information only to the extent necessary to provide and support the Service, and always subject to appropriate safeguards:
A. Service providers (subprocessors)
We work with third-party vendors who host and operate the Service and its underlying infrastructure (including hosting, data storage, monitoring, communications, support platforms, and billing systems). These vendors may process Customer Data on our behalf strictly to provide, secure, and support the Service.
Current subprocessors:
| Subprocessor | Service / Purpose | Data Potentially Processed |
|---|---|---|
| Slack | Primary platform integration (OAuth, messaging, app functionality) | Slack messages and metadata from channels/DMs where Leo is active |
| AWS (Amazon Web Services) | Cloud hosting, storage, and infrastructure | Service data, logs, and stored workspace content (as configured) |
| Cloudflare | CDN, DDoS mitigation, and edge security | Network metadata, request logs, and cached content where applicable |
| Vercel | Web hosting and frontend delivery | Request metadata, logs, and content needed to serve the application |
| Stripe | Payment processing and billing | Billing contact details and transaction metadata (payment card data is handled directly by Stripe) |
| Google Workspace | Integration (if enabled by customer) | Data accessed within the integration scopes authorized by the customer |
| Notion | Workspace and document integration (if enabled by customer) | Notion content authorized by customer |
| Intercom | Customer support tooling (if used) | Support communications, user identifiers, and troubleshooting content |
| PostHog | Product analytics (if enabled) | Usage events and identifiers (as configured) |
B. AI technology partners
When you use AI features within the Service, relevant portions of your data (such as the prompt and surrounding context needed to produce a result) may be transmitted to third-party AI providers for processing. We contractually require these providers to use your data exclusively for delivering the requested service and not for advertising or for training their general-purpose models.
- AI providers currently used: Anthropic and Google.
- Data residency: AI providers process data in the United States or other regions as specified under their enterprise and API terms.
- Provider-side retention: AI providers may temporarily hold data in accordance with their API retention policies for security and abuse prevention purposes. This data is not used for model training.
- Data isolation: Your data is processed in isolated API requests and is not visible to or shared with other customers.
- No training: Your data is not used to train or fine-tune any AI provider models.
C. Analytics partners
We may use analytics, advertising measurement, and attribution services (for example, PostHog, Google services, and other referral or attribution platforms where enabled) to understand how the Service is used, attribute signups and subscriptions, and improve the product experience. These tools may receive online identifiers, event metadata, and campaign or referral data. We do not use Slack message content for advertising. You can manage cookies through your browser settings.
D. Slack platform
The Service connects with Slack through Slack OAuth 2.0 and Slack APIs. Your use of Slack is governed by Slack's own terms and privacy policy. We access Slack data only after you grant permission through Slack's OAuth consent flow, and you may revoke that access at any time through Slack App Management. We confirm that Slack APIs are not used to develop, improve, or train generalized AI or ML models.
E. Legal requirements and protection
We may disclose information if compelled by law or valid legal process, or when we reasonably believe disclosure is necessary to:
- Meet legal obligations,
- Safeguard the rights and safety of our users and the general public,
- Prevent fraud or misuse, or
- Enforce our Terms of Service.
F. Corporate transactions
In the event that Appmetric is involved in a merger, acquisition, reorganization, financing, bankruptcy proceeding, or sale of assets, information may be disclosed to advisors and successor entities, subject to appropriate confidentiality obligations.
G. Third-party links
The Service may contain links to external websites or services. We are not responsible for the privacy practices of those third parties.
5. Data Storage and Security
A. Data center location
United States.
B. Hosting and storage
Customer Data is hosted with established cloud infrastructure providers in U.S. regions. We apply encryption at rest and in transit, enforce access controls, and use service monitoring appropriate to the sensitivity of the data.
C. Security safeguards
We maintain industry-standard security measures, including:
- Encryption in transit (TLS 1.2+ / 1.3),
- Encryption at rest (AES-256 with cloud-provider key management),
- Access controls (role-based access, multi-factor authentication, and least-privilege principles),
- Audit logging and infrastructure monitoring,
- Incident response procedures, including notification to affected customers and relevant authorities where required by law.
You are responsible for maintaining appropriate security within your own Slack workspace (for example, managing channel access and Slack admin permissions).
6. Data Retention
We keep Customer Data only for as long as it is needed to provide the Service, fulfill contractual obligations, and comply with applicable law.
A. Active systems
When an account is closed or we receive a verified deletion request, we remove Customer Data from active production systems within approximately 30 days.
B. Backups
Encrypted backups exist solely for business continuity purposes. Any remaining copies are purged as backups rotate on their normal cycle (currently approximately 35 days), after which they are automatically overwritten or deleted.
C. Data exports
Where legally permitted, customers may request an export of their data prior to deletion.
D. Derived and transformed data
Derived data (such as indexes, embeddings, or other internal representations) will be removed or disassociated from Customer Data when the underlying Customer Data is deleted, subject to backup retention schedules and legal requirements.
7. Your Rights and Choices
Depending on your location, you may be entitled to the following rights:
A. Access and correction
You may request access to the personal data we hold about you and ask us to correct any information that is inaccurate or incomplete.
B. Deletion
You may request that we delete your personal data (including workspace files, conversation threads, and related records). For workspace-level Customer Data, we may require the request to come from an authorized workspace administrator or account owner. In some cases, we may direct individual members to their workspace administrator.
Upon receiving a verified deletion request, we will remove Customer Data from active systems within approximately 30 days. Backups will be purged on their normal rotation cycle (approximately 35 days).
C. Revoking access and disconnecting Slack
You can revoke Leo's access to Slack at any time through Slack App Management. Once revoked, we immediately stop collecting new Slack data. Please note that revoking access or uninstalling does not automatically delete previously stored data. If your account is deleted or closed, or we receive a verified deletion request, we remove previously stored data as described in Section 6. You may also contact us directly to request deletion.
D. Marketing preferences
If you have opted into marketing communications, you may opt out at any time using the unsubscribe link in any marketing email or by contacting us. You will continue to receive essential service-related communications regardless.
E. Data portability (where applicable)
Where required by law (for example, under the GDPR), you may request a copy of your data in a commonly used, machine-readable format.
F. Authorized agents (where applicable)
Where permitted by law (for example, in certain U.S. states), you may designate an authorized agent to submit requests on your behalf. We will verify identity and authority as required.
G. U.S. state privacy rights (where applicable)
Residents of certain U.S. states may have rights to know, access, delete, correct, and opt out of certain data processing activities, including "sale," "sharing," or targeted advertising as defined under applicable state law. You may exercise these rights by contacting us at privacy@pulsecrew.com. We will not discriminate against you for exercising your privacy rights.
To help us process your request, please include sufficient identifying information for verification purposes. After receiving a verifiable request, we will respond within the timeframe required by applicable law (typically 45 days, with a permitted extension where allowed).
If we deny your request in whole or in part, you may appeal by contacting us at privacy@pulsecrew.com with "Privacy Appeal" in the subject line within the timeframe required by applicable law. We will review and respond to appeals within the legally required period.
H. Additional EEA/UK rights (where applicable)
If you are located in the European Economic Area or the United Kingdom, you may also have the right to object to certain types of processing, request that we restrict processing, and lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at privacy@pulsecrew.com.
8. Children's Privacy
The Service is designed for business use and is not directed at children. We do not knowingly collect personal data from individuals under the age of 18 (or the applicable age of majority in their jurisdiction, if higher). If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a minor has provided personal data to us, please contact privacy@pulsecrew.com.
9. International Users and GDPR/UK GDPR
Appmetric Software Pvt Ltd is headquartered in India and may process personal data in the United States or other jurisdictions. If you are located in the EEA or UK, we process personal data under one or more lawful bases, including:
- Performance of a contract (delivering the Service you have requested),
- Consent (for example, Slack installation via OAuth and certain non-essential cookies or advertising technologies where required by law),
- Legitimate interests (security, fraud prevention, and improving reliability and product analytics where permitted), balanced against your rights and freedoms.
Where cross-border data transfers are necessary, we rely on appropriate safeguards such as Standard Contractual Clauses.
If required by applicable law, we will appoint an EU or UK representative and update this Policy with their contact details.
10. Slack Marketplace Compliance
Leo accesses the following types of Slack data:
| Data Type | Purpose |
|---|---|
| Messages in channels where Leo is present | Process requests and deliver AI-powered assistance |
| Direct messages sent to Leo | Respond to direct interactions |
| Thread replies | Preserve context for ongoing tasks |
| User profile information | Identify users and personalize interactions |
| Channel information | Understand context and enforce permissions |
| File metadata and files (when requested) | Process attachments, uploads, and downloads |
Our commitments
- We use Slack data solely to provide and operate the Service.
- We do not sell Slack data.
- We do not use Slack data for advertising.
- We confirm that Slack APIs are not used to develop, improve, or train generalized AI or ML models.
- We do not use Customer Data to train our own or any third-party foundation models.
Revoking access
You can uninstall Leo or revoke access at any time through Slack App Management. After revocation, we stop collecting new Slack data immediately. Uninstalling or revoking access does not by itself delete previously stored data. If your account is closed or we receive a verified deletion request, we remove previously stored data as described in Section 6 (Data Retention).
11. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time. If we make material changes, we will notify you through appropriate channels (for example, by notifying workspace administrators or emailing the address associated with your account). The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please reach out to:
Email: privacy@pulsecrew.com
Entity:
Appmetric Software Pvt Ltd