Privacy Policy - Caddie Sales Assistant

What we collect

When you use the Caddie Sales Assistant, we collect only the data necessary to provide the service:

Slack identity — Your Slack user ID, display name, and workspace ID, provided during OAuth installation.
OAuth tokens — Encrypted access tokens for Slack, CRM, email, and calendar integrations you choose to connect. We never store your passwords.
Conversation content — Messages you send to Caddie in Slack assistant threads, used to process your requests in real time.
skills.md configuration — Your agent customization file, stored so Caddie can personalize its behavior across sessions.
Usage metadata — Timestamps, tool invocations, and token counts for billing and reliability monitoring.
Feedback — Thumbs up/down ratings and optional comments you provide on Caddie's responses.

Your data is used exclusively to operate and improve the Caddie Sales Assistant:

Processing requests — Conversation content and connected tool data are passed to the AI model during your active session to generate responses. This data is not retained by the model provider after the request completes.
Personalization — Your skills.md file is loaded as context for every interaction so Caddie responds in your style and follows your playbook.
Service improvement — Aggregated, anonymized usage patterns help us improve reliability and add features. We never use your individual conversations to train AI models.
Support — If you contact us, we may reference your account data to diagnose issues.

Caddie enforces strict per-user data isolation:

All user data is protected by row-level security in our database (Supabase / PostgreSQL). No user can access another user's data.
Each user's CRM, email, and calendar connections use individual OAuth tokens. Caddie accesses only what you have authorized, scoped to your account.
Workspace administrators can see seat counts and member status but cannot access individual agent data, conversations, or skills.md files.

Conversation content — Retained for up to 90 days to support context and debugging, then automatically deleted.
OAuth tokens — Stored as long as your integration is active. Revoked immediately when you disconnect a service.
skills.md — Stored until you delete or modify it.
Account data — Retained until you request deletion or your workspace removes Caddie.

You can exercise the following rights at any time by emailing contact@hirecaddie.ai:

Access — Request a copy of all data we hold about you.
Correction — Ask us to correct inaccurate data.
Deletion — Request deletion of your account and all associated data. We will process deletion requests within 30 days.
Portability — Receive your skills.md and feedback data in a machine-readable format.
Revocation — Disconnect any integration at any time from within Slack. Revoking access immediately deletes the associated OAuth token.

We use the following third-party services to operate Caddie:

Anthropic — AI model provider (Claude). Processes conversation content per-request. Does not retain data for training. See Anthropic's privacy policy.
Supabase — Database hosting (PostgreSQL). Stores account data, skills.md, and usage metadata with row-level security. See Supabase's privacy policy.
Arcade — OAuth gateway for CRM and productivity tool connections. Handles token exchange and API calls. See Arcade's privacy policy.
Vercel — Application hosting. See Vercel's privacy policy.

We do not sell your data to any third party.

If you have questions about this privacy policy or how your data is handled, contact us at contact@hirecaddie.ai.