Privacy policy

Last modified: July 16, 2025

1) Overview

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Service. If you do not agree, please do not use the Service.

2) Roles

  • For most processing, Team Memory LLC is the data controller. For certain B2B/enterprise features, we may act as a processor for our customer; in those cases, the customer’s DPA and instructions govern.

3) Information We Collect

Information you provide

  • Account/profile details (name, email, password, organization, role).
  • Billing details (billing contact, address, tax IDs). Payment card data is processed by Stripe; we receive limited tokens and metadata.
  • Content you submit (documents, prompts, messages, files, links, feedback).
  • Support inquiries and communications.

Information from Slack / Microsoft Teams integrations

  • During onboarding: When you authorize Team Memory in Slack or Teams, we receive:
    • Name and email address of the installing user.
    • Workspace/organization name and logo.
    • List of all channels in the workspace (including whether a channel is public or private, if the app is installed there, and the member counts).
  • Ongoing operation: Once channels are selected by an admin, we may receive:
    • Message content, threads, mentions, reactions, links, and file metadata/previews from those channels.
    • Channel and workspace metadata.
    • Limited user profile fields made available by Slack/Teams APIs.
  • Purpose: We transform this data into searchable indices and Q&A artifacts to answer repeated questions and resurface answers automatically in Slack/Teams and in the dashboard. We also allow admins to send an onboarding message announcing the app to selected channels.
  • Controls: Workspace admins can choose which channels are indexed, disconnect the integration at any time, and request deletion of indexed data.

Information we collect automatically

  • Usage data: pages viewed, features used, logs, timestamps.
  • Device/technical data: IP address, user agent, device identifiers, crash logs.
  • Cookies and similar technologies—see Cookie Policy.

Information from third parties

  • Integrations you enable (e.g., identity providers, file storage, calendars, analytics).
  • Partners and service providers that help operate the Service.

4) How We Use Information

  • Provide, operate, maintain, and secure the Service.
  • Ingest, index, and analyze authorized Slack/Teams data to build and maintain knowledge bases and Q&A pairs, including embeddings and metadata, and to resurface answers within Slack/Teams and the dashboard.
  • Personalize features, remember preferences, and improve performance.
  • Analyze usage to improve features and develop new ones (including model quality when AI features are enabled).
  • Communicate with you about updates, security, and support; send marketing with your consent or as permitted by law.
  • Process transactions, invoicing, fraud prevention.
  • Comply with legal obligations and enforce our Terms.

5) Legal Bases (EEA/UK users)

We process personal data when one or more of the following applies: consent, contract performance, legitimate interests (e.g., product improvement, security, anti-fraud, marketing to business contacts), legal obligation, or vital interests.

6) Sharing & Disclosure

We may share personal information with trusted third-party service providers (“subprocessors”) that help us operate the Service. These include:

  • Hosting & operations: DigitalOcean, Laravel Forge
  • Payments: Stripe
  • Email delivery: SendGrid
  • Analytics: Google Analytics, Mixpanel
  • Error logging & monitoring: Sentry
  • AI processing: OpenAI, Hugging Face

We share only the minimum necessary data with these providers (for example: payment card details are processed directly by Stripe; Team Memory only receives non-sensitive tokens and billing metadata).

We may also share personal information with professional advisors and as required by law. We do not sell personal information in the common meaning of “sell.” For CCPA/CPRA, we may “share” personal information for cross-context behavioral advertising (e.g., Google Ads retargeting).

For enterprise customers, our Data Processing Addendum (including subprocessors and security commitments) applies.

Use of LLMs (AI Processing)

Team Memory uses Hugging Face–hosted open-source models to power AI features:

  • Models: Hugging Face–hosted models are used for natural language processing (detecting questions and extracting Q&A pairs) and embeddings (semantic search).
  • Data tenancy: Hugging Face operates in a multi-tenant SaaS model. Customer data is processed per request and is not used to train provider models.
  • Residency: Data is processed in the United States within Hugging Face infrastructure.
  • Retention: Team Memory does not store customer inputs or outputs in its AI layer. Hugging Face processes data in memory only and does not persist customer data beyond request completion.

7) International Transfers

We may transfer and store information in countries other than where it was collected. Where required, we rely on appropriate safeguards such as EU/UK Standard Contractual Clauses (SCCs) and enter DPAs with subprocessors.

8) Data Retention & Storage

We retain personal information only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Standard retention windows are:

  • Slack/Teams content & derived artifacts (Q&A pairs, embeddings, indices): retained while your workspace connection remains active. Upon uninstall or a verified admin deletion request, we queue deletion immediately and complete hard-deletion within 30 days. Search indices are invalidated promptly upon uninstall. Encrypted backups are on rolling schedules and purge within 35 days of the primary deletion.
  • Workspace identity & channel metadata (workspace name/logo, channel list, member counts): stored in our secure database for the duration of the connection. Deleted within 30 days after uninstall or verified deletion request, with the same backup purge timelines above.
  • Application & security logs (IPs, request metadata, error traces): retained up to 12 months for troubleshooting, security, and abuse prevention, then deleted or aggregated.
  • Product analytics (events/metrics without message content): retained up to 24 months in aggregated form to analyze performance and usage trends.
  • Support tickets & communications: up to 24 months after closure.
  • Billing/transaction records: retained for up to 7 years to meet tax/audit requirements.

Workspace admins may request earlier deletion at any time via privacy@teammemory.io. Where laws or platform policies require shorter periods, we will honor the stricter requirement.

9) Security

We implement reasonable technical and organizational measures (encryption in transit, encryption at rest, access controls, backups, monitoring). No method is 100% secure.

10) Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing and marketing. To exercise rights, contact privacy@teammemory.io. We will verify requests and respond as required by law.
EEA/UK: You may lodge a complaint with your supervisory authority.
California (CCPA/CPRA): You have rights to know/access, delete, correct, and opt out of certain sharing. We will not discriminate for exercising these rights. Use the Do Not Sell/Share controls in the footer or cookie banner, or email privacy@teammemory.io. An authorized agent may submit requests with proper authorization.

11) Children’s Privacy

The Service is intended for users 18+. We do not knowingly collect personal information from children under 13 (or under 16 where applicable in the EEA/UK). If you believe a child provided information, contact us and we will take appropriate steps to delete it.

12) Communications & Marketing

You may opt out of marketing emails at any time via unsubscribe links. We may still send transactional or service-related emails.

13) Automated Decision-Making / Profiling

We may use limited profiling to personalize the Service and prevent fraud/abuse. We do not make solely automated decisions that have legal or similarly significant effects without human involvement.

14) Changes

We may update this Policy. Material changes will be notified via the Service or email. Your continued use after an update means you accept the revised Policy.

15) Contact

Team Memory LLC — privacy@teammemory.io — 8735 Dunwoody Place, Atlanta, GA 30350