What we collect. What we don't.

• Account info: email, name if you give us one, auth identifier from Supabase or Google OAuth.
• Job history: every prompt you send, the response we return, the model used, the credit cost, and the employee slug. Stored so you can review and rerun past work.
• Billing: Stripe processes payments. We store your customer id, subscription status, and charge history. We never see or store your card number.
• Integration tokens: when you connect a tool (Gmail, HubSpot, etc.) through Composio, the OAuth token is stored encrypted at rest by Composio. We only ever see a connection id.
• Usage analytics: page views, feature clicks, and conversion events via PostHog and Plausible. Neither uses tracking cookies across sites. See Cookies for details.
• Observability: if a crash happens, Sentry receives the stack trace and a small slice of request context (no prompt content).

When you sign in to ABN Studio or the ABN CoderVS Code extension, you’re using the same account, the same credit balance, and the same subprocessors as the webapp — with one important addition:

• Code you ask the AI to read or edit is sent to the LLM provider you picked(Anthropic, OpenAI, or Google). The provider is shown in the IDE’s model picker. We don’t have a hidden second hop.
• Terminal output and command results the agent captures during a turn are sent the same way. The agent only captures what you let it run.
• Sensitive files are your call to share.The IDE never sweeps your project folder or tracks files you didn’t open or attach. If a file is in the conversation, it’s because you (or a tool you approved) put it there.
• None of it trains a competing model. Our agreements with each provider forbid training on your content, and we audit those agreements at every renewal.
• You can revoke an IDE’s access any time at /app/api-keys — the IDE will silently re-prompt for sign-in next time.

• We never sell your data.
• We never train our own models on your prompts, outputs, or files. We never share your data with anyone for that purpose.
• We never let one user see another user's jobs. Row-level security on the database enforces it.
• We don't run ad cookies, cross-site trackers, or Meta pixels.

We use these processors to deliver the service. Each one operates under their own privacy terms. We maintain zero-data retention agreements or API-only access wherever available.

If we add or remove a subprocessor we'll update this page and (for paid plans) email 30 days in advance where material.

• Account + job history: retained while your account is active. Deleted within 7 days of account deletion.
• Stripe billing records: retained 7 years to comply with tax / anti-money-laundering law.
• Backups: rolling 30-day encrypted backups. We can't surgically delete from backups; restores would only occur under a disaster-recovery event.
• Observability (Sentry, PostHog): 90 days.

Under GDPR (EU/UK) and CCPA (California) you have the right to:

• Access / export: download every row we store about you at Settings → Your data → Export.
• Delete: permanently wipe your account + data at Settings → Your data → Delete account. This cascades through our DB and revokes auth.
• Correct:edit your profile info in Settings, or email us for anything you can't edit directly.
• Object / restrict: email privacy@automatebusiness.com and we'll action it within 30 days.
• Complain: you may file a complaint with your national data-protection authority.

Our servers run in the United States. If you're in the EU, UK, or elsewhere, your data crosses borders. We rely on Standard Contractual Clauses with our subprocessors. Enterprise customers can request a Data Processing Addendum.

The service is not directed at children under 18. We don't knowingly collect data from anyone under 18.

General questions: hello@automatebusiness.com. Privacy-specific: privacy@automatebusiness.com. Postal: Chosen Ascendance LLC, address on file with the Delaware Secretary of State.