Privacy Policy

To provide WikiSage's features, we collect the following types of data:

If you are located in the European Economic Area (EEA) or the UK, we process your personal data under the following legal bases:

• Performance of a Contract: Processing your messages, files, and credentials is necessary to deliver the WikiSage services requested by you and your workspace administrators.
• Legitimate Interest: To maintain the security of our infrastructure, prevent abuse, and troubleshoot critical system errors.
• Consent: When you explicitly choose to connect third-party integrations, you consent to our processing of those specific credentials to interact with those platforms on your behalf.

We use the collected information strictly for the following purposes:

• To Provide Core Functionality: To receive your prompts, process them, and provide intelligent, contextual answers.
• To Maintain Conversational Context: We store a history of your conversations with the App (short-term memory) so it can understand follow-up questions.
• To Build Your Knowledge Base (RAG): When you provide a file or link, we process its content to create a searchable vector index. This long-term memory is rigorously segregated by your Slack Workspace ID and used only to answer your specific queries.
• To Execute Third-Party Actions: To perform actions in connected services entirely at your direction.
• Strict "No AI Training" Guarantee: We do not use your messages, files, or proprietary company data to train, fine-tune, or improve our own or any third-party foundation AI models.

We do not sell your data. We share data only with trusted third-party sub-processors required to operate the App infrastructure:

• Hosting & Database: Our backend logic, temporary storage, and databases (PostgreSQL/Vector Store) are hosted on secure Virtual Private Servers (VPS) provided by Hostinger.
• LLM Providers (OpenAI & Google Cloud): Your prompts, chat history, and relevant retrieved document chunks are sent to OpenAI's API and Google Cloud Vertex AI to generate responses. Under our enterprise API agreements with these providers, your data is strictly isolated and is NEVER used to train their underlying foundation models.
• Search Optimization: We utilize Cohere (Reranker API) to improve the relevance of search results from your vector database.
• Cloud Storage: We utilize Google Cloud Storage (GCS) for the temporary, secure staging of uploaded files and audio before processing.
• Document Conversion Processing: We utilize CloudConvert to securely parse and convert specific user-uploaded file formats (such as .doc and .docx) into plain text so they can be read by the AI Agent. Files transmitted to CloudConvert are processed ephemerally over encrypted channels and are automatically and permanently deleted from their servers immediately after the conversion is complete, strictly in accordance with their enterprise data privacy terms.

You and your workspace administrators are in complete control of your data lifecycle.

• Active Workspaces: Chat history, vector documents, and credentials are retained to provide ongoing conversational context and RAG capabilities while the App is installed.
• 30-Day Uninstallation Grace Period: If the App is uninstalled from your Slack Workspace, we initiate a 30-day grace period. During these 30 days, your data is securely retained so that if you reinstall the App to the same workspace, your previous context and knowledge base are seamlessly restored.
• Automated Permanent Purge: If the App is not reinstalled within the 30-day grace period, an automated routine is triggered. This routine permanently and irreversibly deletes all associated chat history, stored vector documents, temporary GCS files, and encrypted credentials from our servers.
• Manual Deletion: You can update or disconnect your saved third-party credentials at any time through the App's Slack Home tab, which immediately purges the old token from our database.

We implement strict security measures to protect your workspace data:

• Encryption at Rest: All third-party API tokens, Personal Access Tokens, and Slack OAuth tokens are encrypted at rest in our PostgreSQL database using industry-standard encryption protocols.
• Data Segregation: Our database architecture ensures strict logical separation. All chat histories, knowledge base vectors, and credentials are tied exclusively to your unique Slack Workspace ID (team_id).
• Encryption in Transit: All communication between Slack, our Hostinger VPS, and third-party APIs is encrypted using modern TLS (HTTPS).

WikiSage is not a HIPAA-compliant service. By using the App, you agree that you will not use WikiSage to upload, transmit, or process Protected Health Information (PHI), Payment Card Industry (PCI) data, or other highly regulated, legally sensitive datasets. ProAgility expressly disclaims any liability for the unauthorized processing of such sensitive data.

Depending on your location (such as the EU/UK or certain US States like California), you have rights regarding your personal data, including:

• The Right to Access: You can request a copy of the personal data we hold about you.
• The Right to Rectification: You can request that we correct inaccurate data.
• The Right to Erasure (Right to be Forgotten): You can request the deletion of your data (which can be executed instantly via workspace uninstallation).
• The Right to Restrict Processing: You can ask us to limit how we use your data.
• The Right to Data Portability: You can request your data in a structured, machine-readable format.

To exercise any of these rights, please contact us using the information below. We will respond within the timeframe required by applicable law.