Legal
This Privacy Policy describes how GetsIt AI collects and uses information while providing the early-access workspace.
Last updated: June 3, 2026
GetsIt AI is an early-access workspace for engineering teams. It connects meetings, tasks, documents, chat, and code workflows so teams can supervise AI-assisted work with clearer context.
This policy explains what information we collect, why we collect it, and the choices you have. It is provided as a practical privacy notice for the current product and should be reviewed as the product and company mature.
When you register or sign in, we collect your email address, first name, last name, job position, company or workspace details, a hashed password, and session token. We do not store your password in plain text.
You may add tasks, roadmaps, documents, comments, meeting records, transcript text, knowledge-base images, skills, and other content needed to use the product. We process this content to provide the workspace features you request.
When you run AI chat sessions or agent tasks, we store the messages, questions, answers, tool calls, and execution logs generated during that session. These logs are scoped to your workspace and used to display history, support debugging, and improve reliability.
Calendar events store title, description, start and end times, attendee names, and meet links. During live calls, audio is processed transiently by the transcription service. We store transcript text (speaker name, text, timestamp, room name) but not the raw audio after transcription. Guests who join a call without an account provide only a display name; that name may appear in transcripts and be sent for meeting analysis.
If you connect a GitHub repository, dev server, or bring-your-own API key, we store the relevant access token, host information, username, root path, and in the case of server integrations, an SSH private key. These credentials are stored in the database and protected by access controls. We intend to add application-level encryption for these fields before general availability.
Knowledge-base documents, tasks, skills, calendar events, transcripts, and connected repository content are chunked, embedded, and stored in a retrieval index to power semantic search and agent context. This derived data is scoped to your organization.
When a workspace member invites colleagues by email, we store those email addresses as pending invites. These individuals have not yet registered. We store their address only to match it on registration and to avoid sending duplicate invites.
The built-in workspace messenger routes messages through a self-hosted XMPP server. User display names, email addresses, and organization membership are synced to this server to operate the messaging service.
If you consent to analytics cookies, we use Microsoft Clarity to understand how visitors use the site and improve the product. Clarity may collect interaction data such as page views, clicks, scroll behavior, browser information, approximate location, and device details.
We store interface choices such as theme, board view, temporary call metadata, and cookie consent preferences in your browser storage so the app behaves consistently between visits.
For users in the European Economic Area and the United Kingdom, we process personal data under the following lawful bases:
Account creation, session management, workspace delivery, task and document storage, meeting scheduling, transcription, chat messaging, agent execution, and integration management. Processing in this category is necessary to provide the service you requested.
Security logging, abuse prevention, debugging, product reliability, and storage of pending invite email addresses for the purpose of completing a user-initiated invitation. Our legitimate interest is operating a secure and functional product; we have assessed that this interest is not overridden by your rights in these contexts.
Microsoft Clarity analytics. We only activate Clarity after you opt in through the cookie banner. You can withdraw consent at any time by opening Cookie preferences; withdrawal causes the page to reload so Clarity does not run in that session.
We use information to create and secure accounts, provide workspace features, operate meetings and task workflows, preserve user preferences, troubleshoot issues, improve product quality, and communicate with users about access or support.
We do not use workspace content to target advertising. If that changes, we will update this policy and the cookie consent experience before using new tracking technologies for that purpose.
GetsIt AI processes workspace content with AI systems to help generate task suggestions, summarize context, analyze meeting transcripts, retrieve relevant documents, and assist with agent workflows. The product is designed so significant actions remain reviewable by a human before they take effect.
After a meeting, an organizer can request that transcript text be sent to Google Gemini to extract task suggestions. This sends the transcript to Google; only the organizer can trigger this action.
When you assign an agent to a task, the agent may read workspace context and retrieved chunks, clone and read a connected repository, run commands and edit files on a connected dev server, open or update pull requests on GitHub, and call external APIs using a key you have connected. Workspace content and task context are sent to Anthropic (Claude) for agent reasoning. These actions only occur when you have connected the relevant integration and assigned the agent.
If you connect your own provider key, content relevant to your request is sent to that provider (OpenAI or Google Gemini) according to the action you perform and the terms of your account with that provider.
We use paid tiers of the Google Gemini API and the Anthropic API. Google states that data submitted through paid Gemini API services is not used to improve its products. Anthropic states that data submitted through its commercial API is not used to train generative models. If you connect a third-party key, those provider policies apply to that key.
We use strictly necessary cookies for authentication and security. These are required for the service to work and are not optional.
We use Microsoft Clarity analytics only if you consent to analytics cookies. You can change your cookie choices at any time using Cookie preferences. More detail is available in our Cookie Policy.
We do not use advertising cookies or retargeting pixels.
We share information with the following categories of service providers only as needed to operate the product:
Receives workspace context, task content, retrieved chunks, repository context, and user messages during agent execution. Used for AI reasoning in the agent runner.
Receives meeting transcript text when an organizer requests post-meeting analysis. Also receives content sent by users who connect a Google Gemini BYOK key.
Receives content sent by users who connect an OpenAI BYOK key. Not used for default platform features.
Provides video and audio infrastructure for live calls. Audio is processed transiently for transcription; raw audio is not stored after transcription.
User display names, email addresses, and organization membership are synced to a self-hosted Prosody XMPP server that operates the workspace messaging feature. Chat messages pass through this server.
Receives browser interaction data only if you have consented to analytics cookies. Microsoft may process this data according to its own privacy documentation.
Infrastructure providers store all application data and run the product.
We may also disclose information if required by law, to protect rights and security, or in connection with a corporate transaction such as financing, merger, acquisition, or sale of assets.
GetsIt AI and most of its subprocessors are based in or route data through the United States. If you access the service from the European Economic Area or the United Kingdom, your personal data is transferred internationally.
We rely on standard contractual clauses and the data processing terms of each subprocessor to provide appropriate safeguards for these transfers where required. Where a subprocessor operates under an adequacy decision or equivalent mechanism, we rely on that instead.
You can request information about the transfer mechanisms we use by contacting us at the address in the Your rights section.
We keep information for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, and improve the product. The following periods apply unless a longer legal retention obligation exists:
Session tokens expire 30 days after they are issued. Expired sessions are deleted automatically.
Stored until the invited user registers, until the inviting workspace admin removes the invite, or until the workspace is deleted.
Retained while your workspace is active. Upon account or workspace deletion, we will delete primary application data. Derived retrieval index chunks, agent logs, and uploaded files are also deleted as part of workspace deletion.
Retained while the associated workspace is active. We are working to add configurable retention periods for these data types.
Knowledge-base images and other uploaded files are retained until deleted by a workspace member or until the workspace is deleted.
API keys, GitHub tokens, and server credentials are retained until removed by a workspace admin or until the workspace is deleted.
Early-access customers can contact us to request deletion or export of workspace information, subject to security, legal, and operational limits.
Depending on where you are located, you may have the following rights regarding your personal data:
Right of access (Art. 15), right to rectification (Art. 16), right to erasure (Art. 17), right to restriction of processing (Art. 18), right to data portability (Art. 20), right to object (Art. 21), and rights related to automated decision-making (Art. 22). You also have the right to lodge a complaint with your local supervisory authority. If you are in the EU and do not know which authority applies, you may contact the Irish Data Protection Commission (dataprotection.ie) as a starting point.
Right to know what personal information is collected and how it is used, right to delete personal information, right to correct inaccurate personal information, and right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under CCPA.
Residents of Virginia, Colorado, Connecticut, and other states with consumer privacy laws have similar rights to access, delete, correct, and opt out of certain processing. Contact us to make a request.
To exercise any of these rights, contact the GetsIt AI team using your normal support or founder contact channel. We will verify your identity and respond within the timeframe required by applicable law (30 days under GDPR; 45 days under CCPA).
We use practical technical and organizational measures designed to protect accounts and workspace content, including HTTP-only session cookies, database access controls, org-scoped data isolation, and separation of product data from browser analytics consent.
Sensitive credentials such as API keys, GitHub tokens, and server SSH keys are stored in the database protected by access controls. We intend to add application-level encryption for these fields before general availability.
No system is perfectly secure. Users should avoid adding secrets or highly sensitive information unless it is necessary for the workflow and appropriate protections are in place.
We may update this Privacy Policy as GetsIt AI changes, as we add providers or integrations, or as legal requirements evolve. The updated date above shows when this page was last revised. For material changes, we will provide notice through the product or by email.