1. Who we are

ExecOS ("we", "us") provides a workspace where executive assistants manage calendars, inboxes, meetings, contacts, and related artefacts for the executives they support. For customer-uploaded data, ExecOS acts as a data processor; the customer workspace is the controller.

2. What we collect

• Account data: name, email, password hash, sign-in provider, last sign-in.
• Workspace content: meetings, notes, agendas, tasks, contacts, inbox items, trips, weekly reports, and other records you create.
• Billing data: processed by Stripe; we store subscription status, plan, and customer/subscription IDs only.
• Operational logs: request metadata, error traces, audit logs of sensitive actions (role changes, invites, deletions, exports).

3. How we use it

To deliver the service, authenticate users, enforce workspace isolation, generate AI summaries you request, send transactional email, and meet legal obligations. We do not sell personal data and we do not use customer content to train third-party models.

4. Subprocessors

We rely on a small set of vetted providers: Supabase (managed Postgres + auth), Cloudflare (edge runtime), Lovable AI Gateway (model routing), Stripe (payments), and an email delivery provider for transactional mail. A current list is available on request.

5. Security

Data is encrypted in transit (TLS) and at rest by our managed database provider. Tenant isolation is enforced with row-level security policies. Service-role credentials are server-only. See our Security page for details.

6. Your rights

You can export your workspace as JSON from Settings → Account. You can permanently delete your account and (if you are the sole admin) the entire workspace from the same screen. EEA/UK residents may exercise GDPR rights by emailing privacy@execos.app.

7. Retention

Active workspace content is retained while your account exists. On deletion, we remove your records from the live database immediately and from encrypted backups within 30 days.

8. Contact

Questions: privacy@execos.app.