Who we are
Gaussian Intelligence Ltd. (“Gauss”, “we”) is the data controller for personal data processed through the Gauss platform. This policy describes what we collect, why, how we protect it, and what rights you have.
Data we collect
Account data
- Email address, display name, and profile image from your OAuth provider (Slack or Google) when you sign in to the dashboard.
- Slack workspace metadata (team ID, workspace name, installer identity) when you install Gauss to a Slack workspace.
Conversational data
- Messages you address to Gauss in Slack (@-mentions and DMs), including their content, timestamps, channel context, and any file attachments.
- Tool outputs returned to Gauss during a session (e.g., search results, retrieved documents, integration responses).
- Gauss's replies, along with the intermediate steps (tool calls, LLM invocations) required to produce them.
Integration data
When you connect a third-party service (Google Workspace, GitHub, Notion, or a custom tool integration via Model Context Protocol), Gauss stores encrypted OAuth tokens or equivalent credentials required to call those services on your behalf. Credentials are encrypted at rest with per-workspace keys held in our key-management system.
Usage and diagnostic data
- Per-turn metrics: LLM tokens consumed, tool calls made, latency, resulting status. Retained for observability and billing.
- Application logs and traces for reliability engineering. These may transiently contain snippets of message content in the event of an error; production logs are sampled and short-retained (30 days by default).
- Dashboard access logs (IP, user agent, timestamps) for security monitoring.
How we use data
- To provide the Service — pass messages to LLM providers, invoke integrated tools, return responses.
- To bill for usage — usage totals are aggregated per workspace per month.
- To operate reliably — detect and resolve incidents, tune performance, prevent abuse.
- To communicate with you about product changes, security issues, or billing. You can opt out of non-transactional emails at any time.
How we do NOT use data
- We do not train large-language models on your data. Managed-mode conversations pass to upstream LLM providers (Anthropic, OpenAI, Google) under contract terms that explicitly forbid training on API inputs.
- We do not sell your data to third parties for advertising or any other purpose.
- We do not use conversational content for analytics outside of Gauss.
Third parties we share data with
Solely to provide the Service, we share data with:
- LLM providers — the model provider you or your workspace admin has selected (Anthropic, OpenAI, Google, OpenRouter). They process message content to generate responses and immediately delete inputs per their API terms.
- Slack — messages you address to Gauss are already visible to Slack per their platform terms.
- Integration providers — when Gauss calls a tool (Google Drive, GitHub, an MCP server you registered), the request content includes whatever context that tool needs.
- Cloud infrastructure providers — our cloud provider (compute, storage, key management), an observability provider (logs and traces), and Stripe (billing). Each is subject to a data-processing agreement.
Retention
- Conversational content: retained per your workspace's configured retention window (default 90 days for the audit chain). Shorter retention available on request.
- Usage metrics: retained for 24 months to power billing history and trend analysis.
- Application logs and traces: 30 days.
- After account termination: 30-day data export window, then deletion in the ordinary course.
Your rights (GDPR, UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (subject to legal retention obligations).
- Object to processing, or request that we restrict it.
- Data portability — receive your data in a machine-readable format.
- Lodge a complaint with your local data-protection authority (in the UK: the ICO).
To exercise these rights, email privacy@gaussintelligence.io.
Security
We employ layered security controls including transport encryption in flight, per-workspace encryption at rest, database-layer isolation between workspaces, and least-privilege service accounts for third-party integrations. See our Security page for the full technical breakdown.
Changes to this policy
We may update this policy from time to time. Material changes will be announced in-product or by email at least 30 days before taking effect.
Contact
Data protection questions: privacy@gaussintelligence.io.