Privacy Policy

Brand Guide is a Slack app built and operated by Grain & Mortar ("G&M", "we") for client workspaces. This policy explains what data the app receives, how it is used, who has access to it, and how long it is retained.

What we receive

When a workspace installs Brand Guide, Slack sends us an OAuth token scoped to the permissions granted during install, plus metadata identifying the workspace. When a user interacts with the app (slash command, @mention, direct message, message shortcut, or App Home), Slack forwards the event payload — which includes the user's Slack ID, the channel ID, the message text the user sent to the app, and standard event metadata (timestamps, thread identifiers).

How we process it

Event payloads are processed to generate a response. By default, message content is not retained after the response is sent, aside from aggregated usage counts (e.g. how many times a workspace invoked the app on a given day) used for operational monitoring and cost tracking.

OAuth tokens and workspace metadata are stored server-side so the app can post replies back into the workspace. Tokens are revoked if a workspace uninstalls the app.

Brand guide content

Brand guide content (colors, typography, voice, messaging) served through the app is sourced from each client's own brand guide site and fetched over HTTPS at request time. The app does not store a copy of brand guide content.

Third parties

The app relies on three sub-processors:

• Anthropic— generates natural-language responses for @mentions and direct messages. Message text sent to the app via these surfaces is forwarded to Anthropic for processing, subject to Anthropic's privacy policy. No message content is used to train AI models.
• Vercel— hosts the application. Transport is encrypted in transit. No message content is stored on Vercel's infrastructure beyond request-scoped function execution.
• Neon— our managed PostgreSQL provider. Stores OAuth tokens, workspace metadata, aggregated usage counts, the agent's per-user memory (described below), and (when enabled) interaction logs. Encrypted at rest.

Personal memory

To give better answers across conversations, the bot can save short notes about an individual user — for example, the user's role on the team, whether they prefer terse or detailed answers, or projects they're actively working on. These notes are written by the AI itself, not by Grain & Mortar staff.

• Memory is scoped to the individual Slack user. Notes one teammate's conversations produce are not visible to other teammates, and not shared across workspaces.
• Memory is intended for short notes about how the user works with the bot. It is not used to store private personal data, credentials, or message history.
• Memory is automatically deleted after 365 days of inactivity. Users can also ask the bot to forget specific things at any time ("forget that I'm on the marketing team").
• Workspace admins can ask their Grain & Mortar account lead to view or delete memory for any user in their workspace.
• Memory is never used to train AI models and is never sold.

Interaction logs for quality improvement

Grain & Mortar may enable interaction logging for a client workspace to help diagnose issues and improve the bot's responses. When logging is enabled for a workspace:

• The text of messages sent to Brand Guide (via @mention, direct message, or message shortcut) and the bot's replies are stored in our database.
• Each log entry retains for 30 days, after which it is automatically and permanently deleted by a scheduled job. There is no archive beyond the 30-day window.
• Access is restricted to Grain & Mortar staff involved in operating and improving Brand Guide. Access requires authentication to an internal admin dashboard. Logs are not shared externally.
• Logged content is never used to train AI models and is never sold.

A workspace admin can ask their Grain & Mortar account lead whether logging is currently enabled for their workspace, request that logging be disabled, or request that specific interactions be deleted from the logs. Email web@grainandmortar.com for any of the above.

Tenant admin access (customer portal)

Slack admins of a tenant workspace can sign in to a self-serve customer portal at /portal/[tenantId]using "Sign in with Slack" (OpenID Connect). Once signed in they see their own workspace's usage data: per-surface and per-tool call counts, period spend, included credit, and recent activity. They do notsee the contents of interaction logs (the user-typed messages and bot responses); those remain accessible only to Grain & Mortar staff for response-tuning purposes, with the same retention and consent posture as described above.

Sign-in is per-individual via Slack OIDC and gated on theis_adminflag from Slack's users.info. We store no Slack OAuth tokens for the portal — sign-in produces a 24-hour signed session cookie scoped to (workspace, user, tenant) and nothing else.

Your choices

Workspace admins may request at any time that logging be disabled for their workspace, that specific logged interactions be deleted, or that the agent's memory for one or all users be wiped. Uninstalling the Brand Guide app from your workspace immediately revokes our access token; any logs and memory retained at that point will still age out on their normal schedules unless deletion is also requested.

Changes to this policy

If we materially change how interaction logs are used or who has access, we will update the "Effective" date above and, for workspaces with active installs, notify the workspace admin by email.

Contact

Questions about this policy, or requests related to your workspace's data, can be sent to web@grainandmortar.com.