Privacy Policy
Effective date: [pending legal review — owner item O8]
Controller: [Braintied — legal entity name pending]
1. Who We Are and What This Policy Covers
Sentigen (“we,” “us,” or “our”) is an AI executive assistant platform operated by [Braintied — legal entity name pending]. This Privacy Policy explains how we collect, use, store, and share information when you use the Sentigen platform and related services (“Service”).
2. Data We Collect
Account information
When you sign up we collect your name, email address, and authentication credentials. If you sign in via Google or Microsoft OAuth we receive your name, email, and profile picture from those providers.
Email, calendar, and meeting content
When you connect Gmail, Outlook, Google Calendar, or similar integrations, we ingest email messages, calendar events, and meeting metadata. This data is used to:
- Extract contact and relationship intelligence.
- Generate meeting summaries, action items, and briefings.
- Draft follow-up emails and documents on your behalf.
- Surface proactive suggestions in your workspace.
You control which accounts are connected and can disconnect them at any time.
Messaging and communications
If you connect Slack, Telegram, WhatsApp, or iMessage integrations, we ingest message content to provide the same intelligence and drafting capabilities. We access only the channels and conversations you authorize.
Documents and canvas content
Content you create in the Generative Canvas, upload as documents, or share via Data Rooms is stored and processed to provide document intelligence, signing workflows, and collaboration features.
Usage and telemetry
We collect usage logs, error reports (via Sentry), and performance data to operate, maintain, and improve the Service. This includes information about which features you use and how often.
Cookies
We use strictly necessary session cookies to authenticate your account. We do not use tracking or advertising cookies. You may disable cookies in your browser but doing so will prevent you from signing in.
3. How AI Processing Works
Sentigen uses AI models provided by Anthropic (Claude) and Google (Gemini) to analyze your data and generate intelligent outputs. These providers act as our data processors under strict data processing agreements.
What we do NOT do:
- We do not use your data to train AI models. Your emails, meetings, documents, and contacts are never used to train or fine-tune any AI model, by us or by our AI providers under our agreements.
- We do not sell your data. We have never sold personal data and do not intend to.
- We do not share your data with advertisers.
AI model processing occurs on secure infrastructure operated by Anthropic and Google. Prompts containing your data are transmitted to these providers over encrypted connections solely for the purpose of generating responses. We use prompt caching to reduce cost and latency; cached prompts are subject to the same data protection terms.
4. How We Use Your Data
We use your data to:
- Provide, operate, and improve the Service.
- Generate AI-powered intelligence, drafts, and suggestions on your behalf.
- Send transactional emails (account confirmation, booking notifications, etc.).
- Respond to support requests.
- Detect, investigate, and prevent abuse and security incidents.
- Comply with applicable legal obligations.
We do not use your data for advertising, cross-context behavioral profiling, or any purpose not listed here.
5. Data Sharing
We share your data only with the sub-processors listed in Section 8 and in the following limited circumstances:
- Legal compliance. We may disclose data when required by law, court order, or valid governmental request.
- Business transfers. If Sentigen is acquired or merged, your data may transfer as part of that transaction. We will notify you before your data becomes subject to materially different privacy terms.
- With your consent. We will share data for any other purpose with your explicit prior consent.
6. Data Retention
We retain your data for as long as your workspace is active. When you delete your workspace, your data enters a 30-day grace period after which it is permanently and irreversibly purged from our systems and we instruct sub-processors to delete it under their respective agreements.
Meeting recordings and transcripts are covered by the same retention policy. Certain aggregate and anonymized usage statistics may be retained indefinitely for product analytics; this data cannot be linked back to you.
7. Your Rights
Depending on your location, you may have the right to:
- Access— request a copy of the personal data we hold about you.
- Deletion— request deletion of your personal data. You can initiate this by deleting your workspace, which triggers the 30-day purge cycle.
- Portability— export your data from workspace settings before deletion.
- Correction— request correction of inaccurate data.
- Restriction or objection— object to certain processing activities.
To exercise any right, contact us at privacy@sentigen.app. We will respond within 30 days.
8. Sub-Processors
The following third parties process personal data on our behalf. Each has been evaluated for privacy compliance and is bound by a data processing agreement.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | USA (us-east-1) |
| Vercel | Application hosting and edge functions | Global CDN |
| Anthropic | AI language model processing (Claude) | USA |
| AI language model processing (Gemini); OAuth for Gmail/Calendar/Meet | Global | |
| Stripe | Payment processing and subscription billing | USA |
| Resend | Transactional email delivery | USA |
| Cloudflare R2 | Object storage for documents, attachments, and recordings | Global |
| Fly.io / LiveKit | Real-time meeting infrastructure and transcription | Global |
| Inngest | Background job orchestration | USA |
| Sentry | Error monitoring and performance observability | USA |
9. Security
We implement industry-standard security measures including encryption of data in transit (TLS) and at rest (AES-256), row-level security policies on our database, OAuth token encryption, and access controls. OAuth credentials are encrypted before storage and decrypted only at point of use.
Despite these measures, no system is perfectly secure. We will notify affected users of any material data breach as required by applicable law.
10. Children’s Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@sentigen.app.
11. International Transfers
Your data may be processed outside your country of residence, including in the United States, by the sub-processors listed in Section 8. Where required, such transfers are governed by Standard Contractual Clauses or other applicable legal mechanisms.
12. Governing Law
This Privacy Policy is governed by the laws of [Jurisdiction]. For users in the European Economic Area or United Kingdom, we comply with applicable data protection legislation including the GDPR and UK GDPR where applicable.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or by displaying a notice in the Service before material changes take effect. The “Effective date” at the top of this page indicates when the current version was last updated.
14. Contact Us
For privacy questions, data access or deletion requests, or to report a concern:
Email: privacy@sentigen.app
General contact: hello@sentigen.app
See also our Terms of Service.

