Privacy Policy

Last Updated: July 23, 2025

1. Introduction

At Zelinda ("Company", "we", "our", "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we look after your personal data when you use our Slack-integrated AI data analysis service, and tells you about your privacy rights and how the law protects you.

2. The Data We Collect

We collect different kinds of personal data, which we have grouped as follows:

  • User Profile Data includes name, email, Slack profile information, role, and team membership.
  • Authentication Data includes Slack user ID, team ID, workspace information, and access tokens.
  • Database Connection Data includes encrypted connection credentials and configuration for your data warehouses (PostgreSQL, MySQL, Snowflake, BigQuery, Redshift).
  • Query Plans includes data acquisition plans (SQL queries, table requirements, approval status).
  • Analytics & Performance Data includes query execution metrics, response times, success rates, and usage statistics.
  • Processing Logs includes request processing status, error messages, and debugging information.
  • Database Schema Data includes table structures, column information, and available objects for query generation.
  • Team Management Data includes user invitations, role assignments, and consent records.

3. Critical Privacy Protection: No Raw Message Storage

What We Do NOT Store:

  • ❌ Raw Slack message text or conversation content
  • ❌ Database query results (sent directly to Slack)
  • ❌ Your actual business data from connected databases
  • ❌ Unprocessed or unstructured query requests

What We DO Store:

  • ✅ User profiles and team membership information
  • ✅ Encrypted database connection credentials and configurations
  • ✅ Data acquisition plans and their approval status
  • ✅ Performance analytics and usage metrics
  • ✅ Database schema information for query generation
  • ✅ Processing logs for debugging and system monitoring

4. How We Use Your Data

We use your personal data in the following ways:

  • To authenticate you through Slack OAuth and manage your user profile
  • To process your business questions in memory without storing raw message content
  • To create temporary data acquisition plans that you must approve before execution
  • To connect to your authorized data warehouses using encrypted, read-only credentials
  • To execute approved SQL queries and send results directly to Slack
  • To store database schema information for accurate query generation
  • To track system performance and usage for service optimization
  • To provide customer support and respond to your inquiries
  • To detect, prevent and address technical issues and security threats

5. User Control & Approval Workflow

You are in complete control:

  • Query Approval: Every data query requires your explicit approval before execution. You see exactly what will be accessed and why.
  • Plan Transparency: All data acquisition plans show the SQL query, required tables, estimated complexity, and security considerations.
  • Logs Dashboard: Team admins can view and delete processing logs, analytics data, and query plans individually or in bulk.
  • Settings Dashboard: Team admins can delete ALL company data including users, connections, and metadata.
  • Data Export: Download your stored data including user profiles, query plans, and analytics at any time.
  • Consent Withdrawal: Withdraw consent at any time to immediately disable the service and begin data deletion.

6. AI and Machine Learning Disclosure

Important AI & Privacy Protections:

  • No Training Data: Your data is NEVER used to train AI models. We comply with Slack's strictest developer policies.
  • Memory-Only Processing: Your messages are processed in memory without storing raw text content.
  • Query Plan Storage: Data acquisition plans are stored with approval status and can be deleted by admins.
  • AI-Generated Content: Our AI generates data acquisition plans and factual data answers. While we strive for accuracy, AI responses may contain errors.
  • OpenAI API: Processed question context (not raw text) may be sent to OpenAI API to generate query plans.
  • Human Oversight: Our AI system includes safety checks and query validation to prevent unauthorized database operations.

7. Data Security

We implement multiple layers of security to protect your data:

  • AES-256-GCM Encryption: Database credentials are encrypted using military-grade encryption with authentication tags.
  • Read-Only Database Access: All database connections use read-only credentials with query validation to prevent data modification.
  • SQL Query Validation: All queries are validated to prevent harmful operations (INSERT, UPDATE, DELETE, DROP).
  • Secure Authentication: Slack OAuth and Supabase Auth provide secure, token-based authentication.
  • Row-Level Security: Database access controls ensure users can only access their own data.
  • Zero Raw Text Storage: Your message content is never written to disk - only semantic interpretations are stored.
  • Approval-Gated Queries: No database queries execute without your explicit approval.

8. Data Retention

  • Raw Messages: Never stored - your complete conversation is processed in memory with each message
  • Query Plans: Stored with approval status and execution metadata. Team admins can delete them through the Logs dashboard
  • User Profiles & Connections: Stored while your account is active. Team admins can delete through Settings dashboard
  • Analytics & Processing Logs: Stored for service optimization. Team admins can delete through Logs dashboard
  • Database Schema Data: Stored to enable accurate query generation. Team admins can delete through Settings dashboard
  • Application Server Logs: Technical logs retained for 24 hours (Vercel platform limitation), then automatically deleted
  • Database Query Results: Never stored - results are sent directly to Slack and immediately discarded from our systems

9. Your Legal Rights

Under data protection laws, you have rights including:

  • Access: Request access to your semantic fingerprints and query plans.
  • Correction: Request correction of your personal data.
  • Erasure: Request immediate deletion of all your data.
  • Portability: Request transfer of your semantic data in a structured format.
  • Restriction: Request restriction of processing your personal data.
  • Objection: Object to processing of your personal data.
  • Withdrawal: Withdraw consent at any time, which immediately disables the service.

10. Third-Party Services

Our service integrates with Slack (for authentication), OpenAI (for semantic processing), and your data warehouse. We ensure all integrations comply with privacy regulations and use minimal data sharing. Please review the privacy policies of these services.

11. International Data Transfers

Your data is processed in the United States across the following locations:

  • Database Storage: AWS US-West-1 (California) via Supabase
  • Application Processing: Washington, D.C., USA (East) via Vercel
  • AI Processing: United States via OpenAI API

We ensure appropriate safeguards are in place for all data processing in compliance with GDPR and other applicable laws.

12. Children's Privacy

Our service is not intended for anyone under 18. We do not knowingly collect data from children under 18.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our semantic processing capabilities or legal requirements. We will notify you of any material changes by posting the new policy and updating the "Last Updated" date. Continued use after changes indicates acceptance.

14. Contact Us

For questions about this Privacy Policy, data deletion requests, or to exercise your rights, contact us at:

  • Support: support@zelinda.ai
  • Founder: gonzalo@zelinda.ai

We will respond to privacy requests within 30 days and data deletion requests within 14 business days.