Yasmine
Language
Log inStart free

Privacy Policy

Last updated: July 3, 2026

Template for review by counsel before launch — not legal advice.

This Privacy Policy explains how Agenz Technologies ("Agenz", "we", "us", or "our") collects, uses, discloses, and protects information in connection with Yasmine, an AI coworker that lives in your Slack workspace (the "Service"). It also describes the choices and rights you have. It includes disclosures required under the EU and UK General Data Protection Regulation (GDPR / RGPD), the Swiss FADP, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Yasmine is built around a strong isolation model. Each customer runs in its own isolated, encrypted per-tenant environment, and your conversation content and your Claude token stay inside that environment. Please read the Data isolation guarantee below, because it shapes almost everything in this policy.

Scope of this policy

This policy applies to our marketing site, account onboarding, billing, and the central control systems that operate the Service. It does not change the terms under which third parties you connect (such as Slack or Anthropic) process your data on their own platforms; your use of those platforms is governed by their own privacy policies. Where we act only as a processor on your behalf, the Controller and processor roles section explains how responsibilities are divided.

Information we collect

We deliberately collect as little as possible. In our central systems we store:

  • Account data — your name, email address, and authentication identifiers (for example, the identifier returned by Slack OAuth or Google/Firebase sign-in). We do not store passwords for Slack-based sign-in.
  • Workspace and integration identifiers — the Slack workspace, team, and channel identifiers you connect, and identifiers for any premium integrations you enable, so that we can route the Service to the right isolated environment.
  • Usage metadata — aggregate counts such as the number of turns, tokens, and tool calls, plus timestamps and error/health signals. These are counts and operational metrics only; they do not include the content of your messages or the outputs Yasmine produces.
  • Billing data — plan, subscription status, and payment records processed by Stripe. We do not store full card numbers; Stripe handles card data as its own controller/processor.
  • Support and communications — messages you send us by email and any information you include in them.
  • Technical and device data — limited server logs, IP address, and basic device/browser information collected to keep the Service secure and reliable.

We do not use cross-site advertising trackers, and we do not build advertising profiles. Our web analytics are privacy-friendly and cookieless where feasible (see Cookies).

Information we do NOT collect centrally

Your conversation content (what you and your team say to Yasmine and what Yasmine replies), the data Yasmine reads from your connected tools, and your Claude account token live inside your isolated per-tenant environment. They are not transmitted to, stored in, or accessible from our central systems in the ordinary course of operating the Service.

Data isolation guarantee

Every customer is provisioned an isolated per-tenant environment running on AWS Fargate: its own container, encrypted at rest and in transit, that scales to zero when idle. Your conversation content, the credentials for your connected tools, and the Claude token the Service uses all reside inside that environment.

  • Conversation content is not aggregated into a central data store.
  • Credentials for premium integrations are held within your environment, not in our central systems.
  • Our central systems receive only the account, identifier, usage-count, and billing data described above — never message content.

This design limits what we can see, what a subprocessor can see, and what could be exposed in the unlikely event of an incident affecting our central systems.

How we use information

We use the information we collect to:

  • Provision, operate, secure, and maintain the Service and each isolated environment.
  • Authenticate you and manage your account and workspace connections.
  • Bill paid plans, process payments, and prevent fraud and abuse.
  • Provide customer support and respond to your requests.
  • Monitor performance, capacity, and reliability using aggregate usage metadata.
  • Detect, investigate, and prevent security incidents and violations of our terms.
  • Comply with legal obligations and enforce our agreements.
  • Communicate service, security, and administrative notices to you.

We do not sell your personal information, and we do not use your conversation content to train our own models. Model processing is performed by Anthropic under your own Claude subscription and is governed by Anthropic's terms.

Where the EU or UK GDPR applies, we rely on one or more of the following legal bases:

  • Performance of a contract — to create your account, provide and bill the Service, and provide support.
  • Legitimate interests — to secure, operate, monitor, and improve the Service and to prevent fraud and abuse, balanced against your rights and freedoms.
  • Consent — for non-essential cookies and any optional marketing communications. You may withdraw consent at any time via Cookie preferences in the footer or by contacting us; withdrawal does not affect processing carried out before withdrawal.
  • Legal obligation — to meet accounting, tax, and security requirements.

Subprocessors and sharing

We share limited data with vetted service providers (subprocessors) who process it on our behalf under contractual data-protection commitments. The current list — including AWS, Stripe, Google/Firebase, MongoDB Atlas, Anthropic, Slack, Pipedream, Resend, and ImprovMX — is maintained on our Subprocessors page, along with each provider's purpose and region.

Beyond subprocessors, we may disclose information (a) to comply with law, legal process, or lawful government requests; (b) to protect the rights, safety, and security of Agenz, our customers, and the public; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy or notify you of any material change.

International data transfers

We operate primarily in the United States, and several of our subprocessors are located there. Where we transfer personal data from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, principally the European Commission's Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum and Swiss addenda where applicable), together with supplementary technical and organizational measures such as encryption and per-tenant isolation. A copy of the relevant transfer mechanism and our Data Processing Addendum (DPA) is available on request at privacy@yasmine.works.

Data retention

We keep account and usage metadata for as long as your account is active and for as long as needed to provide the Service, comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. Billing records are retained for the periods required by law. When data is no longer needed, we delete or anonymize it.

Conversation content and integration credentials stored inside your isolated environment persist only within that environment and are removed when the environment is deprovisioned. On account closure, we deprovision your environment and delete or anonymize associated central records within a commercially reasonable period, subject to legal retention requirements.

Security

We use technical and organizational measures designed to protect information, including encryption in transit and at rest, per-tenant isolation, least-privilege access controls, network controls, logging, and regular review of our providers. Scale-to-zero environments reduce the attack surface when a tenant is idle. No method of transmission or storage is completely secure, but we work to protect your data and to continuously improve our safeguards. You can report security concerns to security@yasmine.works. See also our Security page.

Your rights in the EU / EEA / UK / Switzerland

Subject to applicable law, you have the right to access, rectify, erase (the "right to be forgotten"), restrict or object to processing, the right to data portability, and the right to withdraw consent at any time. Where our processing is based on legitimate interests, you may object on grounds relating to your particular situation.

To exercise any right, email privacy@yasmine.works; we aim to respond within one month. You also have the right to lodge a complaint with your supervisory authority — in France, the CNIL.

Your rights in California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and share it, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information and to limit the use of sensitive personal information. We do not discriminate against you for exercising these rights.

We do not sell or share personal information as those terms are defined under the CCPA/CPRA. You may still exercise or confirm your choice via Do Not Sell or Share My Personal Information. To submit a request, email privacy@yasmine.works; you may use an authorized agent, and we will verify requests as required by law.

Children's privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from anyone under the age of 16 (or the age of digital consent in your jurisdiction). If you believe a child has provided us personal information, contact privacy@yasmine.works and we will delete it.

Automated processing and AI disclosure

Yasmine is an AI assistant. When you interact with it, your prompts are processed by the Claude model (provided by Anthropic) running under your own subscription, inside your isolated environment, to generate responses and take the actions you instruct. AI output can be inaccurate or incomplete and should be reviewed before you rely on it.

We do not use your personal data to make solely-automated decisions that produce legal or similarly significant effects about you without a lawful basis and appropriate safeguards. The Service acts on instructions from you and your users; a human remains in control of what Yasmine is asked to do.

Controller and processor roles

For account, billing, and marketing data we collect about you directly, Agenz Technologies is the data controller. For content and data that Yasmine processes on your behalf inside your isolated environment, you are the controller and Agenz acts as a processor, processing that data only on your documented instructions under our Data Processing Addendum. Third parties you connect (such as Slack and Anthropic) act as independent controllers or your own processors under their respective terms.

Breach notification

We maintain procedures to detect, investigate, and respond to security incidents. Where a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected customers without undue delay and, where required, within the timeframes set by applicable law. Where we act as a processor, we will notify the responsible controller so it can meet its own obligations.

Cookies

We use strictly-necessary cookies to run the site (for example, session and theme/language preferences) and privacy-friendly, cookieless analytics where feasible. Any non-essential cookies are used only with your consent, which you can manage or withdraw at any time via Cookie preferences in the footer. Full details are in the Cookies section of our Terms of Service.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice (for example, by email or an in-product notice). Your continued use of the Service after an update takes effect means you accept the revised policy.

Contact us

For privacy questions or to exercise your rights, contact privacy@yasmine.works. For general inquiries, contact hello@yasmine.works. The data controller for directly-collected data is Agenz Technologies.

Privacy Policy — Yasmine