Back to Home

Privacy Policy

Last updated: February 5, 2026

Overview

SecondChair is committed to protecting your privacy and handling your data with transparency and care. This policy explains what data we collect, how we use it, and your rights regarding your information.

Data We Collect

When you use SecondChair, we collect:

  • Conversation data: Your chat messages and the tasks/frustrations you share with our AI agent
  • Task entries: Structured information about your work processes and pain points
  • Account information: Email address, organization name, and authentication details
  • Usage metadata: Timestamps, feature usage, and interaction patterns to improve the service
  • Slack data: If you connect Slack, we access messages in channels where you've invited our bot

How We Use Your Data

Your data is used to:

  • Provide and improve SecondChair's core functionality
  • Help you identify and prioritize work frustrations
  • Generate insights about your workflow patterns
  • Provide customer support when you reach out

We never use your data to train AI models. Your conversations remain private to your organization.

Data Flow

Understanding how your data moves through our system:

┌─────────────────────────────────────────────────┐
│            Google Cloud Platform                 │
│                                                  │
│  ┌──────────┐      ┌──────────┐      ┌────────┐│
│  │SecondChair│ ──> │Claude API│ ──> │Response││
│  │ (Vercel) │      │  (GCP)   │      │        ││
│  └──────────┘      └──────────┘      └────────┘│
│                                                  │
│  ┌──────────┐                                   │
│  │Supabase  │  Database (encrypted at rest)     │
│  │PostgreSQL│                                   │
│  └──────────┘                                   │
│                                                  │
│  ✓ Your data stays within cloud infrastructure   │
│  ✗ Does NOT go to Anthropic headquarters        │
└─────────────────────────────────────────────────┘

Data Retention

We retain your data indefinitely to provide continuous service and maintain your task history. You have the right to request deletion of your data at any time by contacting us at privacy@secondchair.ai. We comply with GDPR and CCPA data deletion requirements.

Sub-Processors

SecondChair uses the following trusted third-party services:

  • Supabase: PostgreSQL database hosting with Row-Level Security (RLS) for data isolation
  • Vercel: Serverless hosting platform for our application
  • OpenRouter: AI model routing service that connects to Anthropic's Claude API
  • Anthropic: Provider of Claude AI models, deployed within Google Cloud infrastructure

Enterprise Privacy Options

For organizations with strict data privacy requirements, we offer enhanced options:

Amazon Bedrock Integration

When we build Phase 2 automations for your organization, you can opt for Amazon Bedrock deployment. With Bedrock, AI models run entirely inside your own AWS account—your data literally never leaves your cloud environment.

  • Full audit logs and VPC isolation
  • Your security controls and compliance policies apply
  • Same frontier AI models, maximum data control

Learn more about Amazon Bedrock →

Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all data we hold about you
  • Deletion: Request permanent deletion of your account and all associated data
  • Portability: Export your task entries and conversation history
  • Correction: Update or correct inaccurate information
  • Objection: Object to certain types of data processing

To exercise these rights, contact us at privacy@secondchair.ai

Questions?

If you have questions about this privacy policy or how we handle your data, please reach out to privacy@secondchair.ai

See also: Security Documentation