Privacy Policy

At Squad, we take your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information.

Last Updated: January 30, 2025

🔒

IMPORTANT: AI Processing & Data Sharing

Your workspace conversations are processed by artificial intelligence. All messages sent to or observed by AI Employees are transmitted to Anthropic's Claude API for processing. AI Employees use proactive monitoring, which means they observe all messages in channels where they are present (not just @mentions).

⚠️ Do NOT share Protected Health Information (PHI), payment card data, Social Security numbers, or other prohibited sensitive data in your workspace.

1. Introduction

This Privacy Policy describes how Avery Intelligence, Inc. (doing business as "Squad") ("we", "us", or "our") collects, uses, and shares information about you when you use our website, platform, and services (collectively, the "Service").

The Service is an AI-powered platform that processes workplace conversations through large language models. This creates unique privacy considerations that we detail throughout this policy.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Important: Please also review our Terms of Service, particularly Section 5.1 (Prohibited Data Types), which lists sensitive data that must NOT be input into the Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Information You Provide

  • Account Information: Name, email address, company name, billing information, and account credentials
  • Workspace Content: This is the most significant data we collect. It includes:
    • All messages posted in channels where AI Employees are present
    • Thread replies and reactions in monitored channels
    • Files, images, and attachments shared in accessible channels
    • Direct messages TO AI Employees (e.g., @mention messages)
    • Channel names, descriptions, and membership information
  • Configuration Data: Custom agent training data, personas, and workspace settings you configure
  • Support Communications: Information you provide when contacting our support team

What Workspace Content EXCLUDES:

  • Private direct messages between human users (unless an AI Employee is explicitly added to the DM)
  • Channels where AI Employees are not invited or do not have access
  • Content explicitly marked as private or restricted by platform permissions

2.2 Information We Collect Automatically

  • Usage Data: How you interact with the Service, including features used, AI Employee interactions, timestamps, frequency of use, and command patterns
  • Device Information: Browser type, operating system, IP address, device identifiers, and general location information (city/region level)
  • Performance Data: Response times, error logs, API latency, and system performance metrics
  • Cookies and Tracking: We use cookies and similar technologies to maintain sessions, authenticate users, and improve user experience

2.3 Proactive Monitoring Disclosure

🤖 CRITICAL: Proactive AI Monitoring

AI Employees use "proactive monitoring" powered by OODA (Observe-Orient-Decide-Act) loop architecture. This means:

  • Continuous Observation: AI Employees observe ALL messages posted in channels where they are present, not just messages that @mention them
  • Context Building: AI builds understanding of conversations, decisions, and team dynamics through continuous monitoring
  • Autonomous Engagement: Based on observations, AI may proactively initiate conversations or offer insights without being explicitly asked
  • Scope of Monitoring: If an AI Employee is added to a channel, it can observe all past and future messages in that channel

You control which channels AI Employees can access. To prevent monitoring of sensitive conversations, do not invite AI Employees to those channels.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain the Service: Enable AI Employees to function, process conversations, and maintain context through our semantic memory system
  • Improve and Optimize: Analyze usage patterns to enhance AI Employee performance, fix bugs, and develop new features
  • Personalization: Customize AI Employee responses based on your workspace context, preferences, and interaction history
  • Communication: Send service updates, security alerts, billing notifications, and respond to support requests
  • Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, bot loops, and security incidents
  • Compliance: Fulfill legal obligations and enforce our Terms of Service

Important Note on AI Training & Data Usage:

We do NOT use your proprietary workspace content to:

  • Train general-purpose AI models that benefit other customers
  • Build products or features for your competitors
  • Sell or license your data to third parties

We MAY use your data for:

  • Improving AI Employee responses specifically for YOUR workspace (personalization)
  • Aggregate, anonymized analysis for product development (no individual identification)
  • Debugging, quality assurance, and system performance optimization
  • Security monitoring and abuse detection across the platform

3.1 Anthropic Data Processing

⚠️ CRITICAL: Third-Party AI Processing

This is one of the most important disclosures in this Privacy Policy. Please read carefully.

EVERY conversation with AI Employees is sent to Anthropic PBC's Claude API for processing.

This means:

  • When you or your team members send a message that an AI Employee observes, that message (along with relevant context) is transmitted to Anthropic's servers
  • Anthropic's infrastructure processes your messages to generate AI Employee responses
  • Anthropic temporarily stores your messages during processing and may retain logs for their operational purposes
  • We rely on Anthropic's security practices to protect your data during transmission and processing

Anthropic's "No Training" Commitment:

Anthropic has publicly committed not to train their general AI models on customer API data. However, this commitment has limited exceptions for safety systems, legal compliance, and security investigations.

By using Squad, you acknowledge and consent to the transmission of your workspace data to Anthropic for AI processing.

4. Data Storage and Security

We implement industry-standard security measures to protect your information:

  • Encryption:
    • Data in transit: TLS 1.3 encryption for all network communications
    • Data at rest: AES-256 encryption for all stored data
    • Database encryption: Google Cloud Firestore automatic encryption
  • Multi-Tenant Isolation: Your data is strictly isolated from other customers using unique tenant identifiers
  • Infrastructure Security: Hosted on Google Cloud Platform (SOC 2 Type II, ISO 27001 certified)
  • Access Controls: Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA) required for employee access

Important Security Limitation:

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services and Data Sharing

We share your information with third parties only in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers:

  • Google Cloud Platform: Data hosting, storage (Firestore), compute infrastructure
  • Anthropic PBC: AI language model API (Claude) for powering AI Employees
  • Payment Processors: Stripe, Inc. for billing and payment processing
  • Analytics Providers: Tools for understanding Service usage and performance

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal processes.

6. Data Retention

We retain your information for as long as necessary to provide the Service:

  • Account Data: Retained while your account is active, plus 30 days after termination
  • Workspace Content: Stored indefinitely while your account is active; deleted within 30 days of account termination
  • Usage Data & Logs: Retained for 24 months for analytics and troubleshooting
  • Billing Records: Retained for 7 years for tax compliance and accounting purposes

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a structured, machine-readable format

GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR including the right to lodge a complaint with your national data protection authority.

CCPA/CPRA Rights (California Users)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) including the right to know what personal information we collect and the right to deletion.

How to Exercise Your Rights

Email us at: privacy@squadhq.com

We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA)

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries outside of your country of residence, specifically the United States.

Primary Data Location:

  • All customer data is primarily stored in Google Cloud Platform's us-central1 region (Iowa, USA)
  • We do NOT intentionally transfer or store customer data outside the United States

When we transfer personal data from the EU/EEA to the United States, we use European Commission-approved Standard Contractual Clauses (SCCs).

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at privacy@squadhq.com. We will delete such information within 48 hours of verification.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email at least 30 days before the changes take effect
  • Display a prominent notice in the Service

Your continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Avery Intelligence, Inc.

1300 El Camino Real
Suite 100 #66
Menlo Park, CA 94025
United States

Contact Information:

Privacy Inquiries: privacy@squadhq.com

General Support: hello@squadhq.com

Your privacy matters to us. We are committed to transparency and protecting your personal information.

By using Squad, you acknowledge that you have read and understood this Privacy Policy, including the disclosure that your workspace conversations are processed by Anthropic's AI systems and that AI Employees proactively monitor accessible channels.

Back to Home