Privacy Policy

Overview

Shabe AI Corp ("Shabe," "we," "our," or "us") operates app.shabe.ai and shabe.ai (the "Service"). This Privacy Policy governs your use of the Service and explains how we collect, use, disclose, and safeguard your information.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

Information We Collect

1. Information You Provide

• Account Information: Name, email address, phone number, company name, job title, and authentication credentials (managed via Clerk)
• Profile Information: Communication preferences, timezone, language, department, bio, and AI personalization settings (communication style, detail level, emoji preferences)
• CRM Data: Contacts, accounts, deals, activities, notes, custom fields, and relationship data you input into Shabe
• Conversation Data: All messages, queries, and commands you send to Shabe AI, including conversation history and context
• Files and Documents: Files you upload for analysis, including PDFs, spreadsheets, presentations, and images
• Team Data: Team member information, roles, permissions, and team settings

2. Information from Integrated Services

• HubSpot: Contact, company, deal, activity, and forecasting data from your HubSpot account
• Salesforce: Opportunity, contact, account, and activity data from your Salesforce account
• Google (Gmail & Calendar, read-only): If you connect Google at app.shabe.ai, we access email and calendar data only through the OAuth scopes listed in "Google APIs, scopes, and Limited Use" below—not Google Drive for this integration.
• LinkedIn: Profile information and analytics data (read-only access)

3. Automatically Collected Information

• Usage Data: Feature usage, conversation metrics, query patterns, time spent, and interaction frequency
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: API requests, error logs, performance metrics, and system events
• Cookies and Similar Technologies: Session cookies, authentication tokens, preference cookies

Google APIs, scopes, and Limited Use

When you connect Google to Shabe, we request OAuth access for the product at app.shabe.ai. The scopes we request are:

• https://www.googleapis.com/auth/gmail.readonly — read email metadata and content Shabe needs to provide inbox-backed features (e.g., deal context).
• https://www.googleapis.com/auth/calendar.readonly — read calendar events and related fields for scheduling context.
• https://www.googleapis.com/auth/userinfo.email — basic account identity (email).
• https://www.googleapis.com/auth/userinfo.profile — basic profile information (e.g., name) for display in the product.

We use information received from Google APIs only to provide and improve user-facing features you choose to enable, security, and compliance with applicable law. We store OAuth tokens and application data using encryption and access controls described under "Data Security" and retention periods under "Data Retention."

Google API Services User Data Policy (Limited Use)

Shabe's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not sell Google user data; we do not use it for serving advertisements; we do not use Google user data to train or improve generalized artificial intelligence or machine learning models; and we do not transfer it to third parties except as necessary to provide the Service (for example, secure cloud hosting and subprocessors bound by appropriate agreements), or as required by law. Human access to Google user content is limited to personnel who need it to provide support or security, or when required by law or with your explicit consent.

Revoking access and disconnecting Google

You can disconnect Google from Shabe at any time in the product's integration or settings on app.shabe.ai, which stops sync and removes Shabe's ability to use stored credentials for Google. You can also revoke Shabe's access in your Google Account under Security → Third-party apps with account access. After disconnect or revocation, we no longer call Google APIs on your behalf; residual data may be retained only for the periods described under Data Retention or until you request deletion.

How We Use Your Information

We use the collected information for the following purposes. Data received from Google APIs is subject to the Limited Use restrictions in "Google APIs, scopes, and Limited Use" above.

• Provide the Service: Process your queries, execute CRM operations, generate insights, and deliver AI-powered features
• Machine Learning & Predictions: Train or apply ML for deal outcome prediction, forecasting, anomaly detection, and recommendations using your business and product data where permitted—not using Google API user data to train or improve generalized non-personalized models (per Google Limited Use).
• Personalization: Customize AI responses based on your communication preferences, role, and usage patterns
• Integrations: Sync data with HubSpot, Salesforce, Google Workspace, and LinkedIn on your behalf
• Analytics & Improvement: Analyze usage patterns, improve AI accuracy, develop new features, and enhance user experience
• Security: Detect fraud, prevent abuse, monitor security threats, and maintain system integrity
• Communication: Send service updates, feature announcements, support responses, and transactional emails
• Compliance: Meet legal obligations, enforce our terms, and respond to legal requests

AI & Machine Learning Data Usage

Shabe uses OpenAI's GPT-4 and proprietary machine learning models to power its intelligence features:

• OpenAI Processing: Your conversations and queries are processed through OpenAI's API. OpenAI does not use API data to train their models. Data sent to OpenAI is subject to OpenAI's privacy policy.
• Shabe ML Models: We may use aggregated or de-identified data to improve product models. Google API user data is not used to train generalized ML models, consistent with the Limited Use section above.
• Context & Memory: Conversation history is stored to provide context-aware responses and improve your experience. You can request deletion at any time.

Information Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers:
  • • OpenAI (AI processing)
  • • Convex (database hosting)
  • • Clerk (authentication)
  • • Vercel (hosting)
  • • Sentry (error monitoring)
  • • PostHog (analytics)
  • • Stripe (payment processing)
• Team Members: Data is shared with your authorized team members based on their permissions
• Integrated Services: Data is synced with services you connect (HubSpot, Salesforce, Google, LinkedIn) per your authorization
• Legal Requirements: When required by law, subpoena, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• With Your Consent: Any other sharing with your explicit permission

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Authentication: Multi-factor authentication supported via Clerk
• Access Controls: Role-based permissions and team-based data isolation
• Monitoring: Real-time security scanning, intrusion detection, and audit logging
• Infrastructure: SOC 2 Type II compliant hosting (Vercel, Convex)

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.