Back to Home

Privacy Policy

Last updated: April 2026

Overview

ITSquare.AI ("we", "us", "our") is an AI-powered IT support agent that lives in Slack. This policy explains what data we collect, how we use it, who we share it with, and your rights regarding that data. By installing ITSquare.AI, you agree to this policy.

What Data We Collect

When you install and use ITSquare.AI, we collect and store the following:

  • Slack workspace information — workspace ID, workspace name, and the OAuth access token required for the bot to operate. Tokens are encrypted at rest using AES-256-GCM.
  • Slack user identifiers — the Slack user ID of employees who interact with the bot. We do not collect names or email addresses unless explicitly provided.
  • Conversation messages — messages sent to the ITSquare.AI bot in direct messages and @mentions are stored to power multi-turn conversations, build resolution history, and improve future responses within your workspace.
  • Device diagnostic data— when a user consents to a browser-based device scan, we collect hardware metrics (CPU, RAM, disk, network speed) to assist with IT troubleshooting. This data is linked to the user's Slack ID and stored per workspace.
  • Knowledge base content — documents uploaded by administrators to train the bot are stored and chunked for vector search (RAG). This content stays within your workspace and is never shared with other workspaces.
  • Usage data — aggregate counts of conversations per workspace for billing and service operation purposes.

How We Use AI (OpenAI)

ITSquare.AI uses OpenAI's API (specifically GPT-4o-mini and text-embedding-3-small) to generate IT support responses and create vector embeddings for knowledge search.

  • User messages are sent to OpenAI's API to generate helpful responses. OpenAI processes this data under their API data usage policy.
  • We do not use your data to train AI models. OpenAI does not use API data for model training by default.
  • Messages sent to OpenAI are limited to what is necessary to answer the user's current IT question — we do not send your entire message history to OpenAI unless needed for context in the same conversation.

Data Storage & Security

  • All data is stored in Supabase (hosted on AWS in the United States) using PostgreSQL with row-level security enabled on all tables.
  • Slack OAuth tokens are encrypted at rest using AES-256-GCM before being stored in the database.
  • All data is transmitted over HTTPS/TLS. We do not transmit data over unencrypted channels.
  • Data is isolated per Slack workspace — one workspace cannot access another workspace's conversations, knowledge base, or device data.

Data Sharing

We share data with the following third-party services strictly to operate ITSquare.AI:

  • OpenAI— to generate AI responses and embeddings. Governed by OpenAI's Privacy Policy.
  • Supabase— database hosting. Governed by Supabase's Privacy Policy.
  • Vercel— application hosting and serverless infrastructure. Governed by Vercel's Privacy Policy.
  • Stripe— payment processing for Pro subscriptions. We share only what is necessary for billing. Governed by Stripe's Privacy Policy.

We do not sell your data. We do not share your data with advertisers or any third parties beyond the service providers listed above.

Data Retention

  • Conversation data is retained for as long as your workspace has ITSquare.AI installed.
  • When you uninstall ITSquare.AI from Slack, your workspace's OAuth token is immediately invalidated. Upon written request, all workspace data (conversations, device scans, knowledge base) will be permanently deleted within 30 days.
  • Billing records are retained for 7 years as required by financial regulations.

Slack Data Usage

ITSquare.AI accesses Slack data solely to provide IT support functionality. Specifically:

  • We read messages only in direct messages with the bot and channels where the bot is @mentioned.
  • We do not read or store messages in channels where the bot has not been explicitly mentioned.
  • We do not access private channels unless explicitly invited.
  • We do not access files, emails, or calendar data.
  • We use Slack's Events API to receive messages in real time. We do not store raw Slack event payloads beyond what is needed to generate a response.

Our use of Slack APIs complies with Slack's API Terms of Service and Slack's Platform Policy.

Your Rights (GDPR / CCPA)

If you are located in the European Economic Area (EEA), United Kingdom, or California, you have the following rights:

  • Access — request a copy of data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request permanent deletion of your data
  • Portability — request your data in a machine-readable format
  • Objection — object to processing of your data

To exercise any of these rights, contact us at brucelee@itsquare.ai. We will respond within 30 days.

Children's Privacy

ITSquare.AI is a business-to-business service intended for use by companies and their employees. We do not knowingly collect data from anyone under the age of 16.

Changes to This Policy

We may update this policy as the product evolves. When we make material changes, we will update the "Last updated" date at the top of this page and notify workspace administrators via Slack where possible.

Contact

For privacy inquiries, data deletion requests, or questions about this policy:

IT Square, Inc.

Chicago, Illinois, USA

brucelee@itsquare.ai