Legal
Privacy Policy
Effective July 17, 2026
The short version
- We collect what we need to run your AI team: your account details, what you tell your VPs, and the data from the business tools you choose to connect.
- We never sell your data, never show you ads, and never use your data to train AI models.
- Your workspace is isolated — your data lives separately from every other customer's.
- Anything irreversible (money, public posts) needs your explicit approval inside the app.
- Delete your organization and your workspace is destroyed. Email us for a full purge, including archival copies.
1. Who we are
Indalbo ("we", "us") provides an AI executive team for your business at app.indalbo.com. This policy describes what data we collect, how we use it, and the choices you have. Questions or requests: support@indalbo.com.
2. What we collect
Account information. When you sign up, our sign-in provider (Clerk) collects your name, email address, and organization details, which we use to identify you and provision your workspace.
Content you provide. Your conversations with your AI team, files you upload, business details you share during onboarding, and settings such as budgets and schedules.
Connected-service data. When you connect a business tool (for example a storefront, print-on-demand service, email marketing tool, or social account), we access only the data covered by the permissions you grant — such as products, orders, revenue figures, form responses, or the ability to draft posts — and only to do the work you've asked your team to do.
Usage and technical data. Logs of how the service is used (feature activity, errors, timestamps) that help us keep it reliable and improve it.
3. What we never do
- We never sell your personal or business data to anyone.
- We never show ads or share your data with advertisers.
- We never use your data to train AI models — ours or anyone else's.
- We never share data between customers. Each workspace is isolated.
4. How we use your data
Solely to provide the service: running your AI team, executing the work you assign against the tools you've connected, computing your business metrics, notifying you when something needs your attention, and keeping the platform secure and reliable. That's it.
5. Who processes it for us
We use a small number of service providers to run Indalbo, each receiving only what its function requires:
- Clerk — sign-in and account management.
- Cloudflare — hosting, networking, and security.
- OpenAI — the language models behind your AI team. Data sent to OpenAI's API is not used to train their models. Some routine internal routing runs on AI models hosted on our own infrastructure and never leaves it.
- Composio — a secure connection broker for certain integrations (for example Gmail or Facebook), handling the sign-in handshake with those services.
- Tavily — web search, when your team researches something online. Only the search query is shared.
The third-party services you choose to connect (your storefront, email tool, social accounts, and so on) process data under their own privacy policies — your relationship with them is direct, and you can disconnect any of them at any time.
6. Credentials and isolation
When you connect a service, its access tokens or keys are stored in your own isolated workspace — dedicated infrastructure and a dedicated database per customer — and are used only to perform the work you've authorized. Data moves over encrypted connections (TLS). We request the narrowest permissions each integration supports.
7. You approve what matters
Actions with real-world consequences — spending money, issuing refunds, publishing publicly, deleting things — stop and wait for your explicit approval inside the app. Your AI team never takes an irreversible action silently.
8. Retention and deletion
We keep your data while your account is active. If you delete your organization, your workspace — including its database and connected-service credentials — is destroyed. To request a complete purge, including any archival copies we hold for recovery purposes, email support@indalbo.com and we will complete it within 30 days.
9. Your rights
You can ask us to access, export, correct, or delete your personal data at any time by emailing support@indalbo.com. We respond to all requests within 30 days. Depending on where you live (for example the EU/EEA, UK, or California), these rights may be backed by law — we honor them for everyone regardless.
10. Security
We use reasonable technical and organizational safeguards — isolated per-customer environments, encrypted transport, least-privilege access, and approval gates on consequential actions. No online service can promise perfect security, and Indalbo is in active development as a private beta; we'll notify you without undue delay if a breach affects your data.
11. Children
Indalbo is a business tool and isn't directed at children under 16. We don't knowingly collect their data.
12. Changes
If this policy changes materially, we'll post the update here and note the new effective date; for significant changes we'll also tell you in the app or by email.