Legal
Privacy Policy
Last updated: May 20, 2026
TL;DR: We read Slack messages only in channels the bot is invited to. We store commitments and user IDs — never message content. We never sell your data. You can request deletion any time.
1. Who we are
Commitment Crawler AI ("we", "our", "the Service") is operated by Tej Thakar. We build accountability tooling for Slack teams. Contact us at thakartej12@gmail.com for any privacy-related requests.
2. What data we collect
When you install Commitment Crawler in your Slack workspace, we collect:
- Slack workspace metadata — team ID, team name, bot access token
- User identifiers — Slack user IDs and display names of people who make commitments
- Extracted commitment data — the task summary, deadline, recipient, and urgency level that our AI extracts from messages. We do not store raw message content beyond what is needed to extract a commitment.
- Calendar connection status — whether a user has connected their Google Calendar (via Composio). We store a connection reference, not your calendar data.
- Commitment outcomes — whether commitments were confirmed, completed, or dismissed
3. What data we do NOT collect
- Full message content or conversation history
- Messages in channels the bot has not been invited to
- Private DMs between humans (only DMs directly with the bot)
- Payment information (handled entirely by Stripe)
- Google Calendar event details or calendar content
4. How we use your data
- To detect commitments and send private confirmation popups to the person who made them
- To create Google Calendar blocks when a user confirms a commitment
- To calculate and send weekly integrity scores
- To power the admin monitoring dashboard (scoped strictly to your workspace)
- To send accountability follow-ups when deadlines pass without completion
We do not use your data for advertising, and we do not sell or share it with third parties except as described in Section 5.
5. Third-party services
- Slack — our platform. Governed by Slack's Privacy Policy.
- Supabase — our database host. Data is stored in a managed PostgreSQL instance. Supabase's privacy policy applies.
- Railway — our hosting infrastructure. Application runs on Railway's servers.
- Composio — used to initiate Google Calendar OAuth connections. We do not store your Google credentials.
- OpenRouter / Groq — used to run the AI extraction model. Message text is sent to the LLM provider to extract commitment data. These providers do not retain data for training purposes under our agreements.
- Stripe — handles all payment processing. We never see your card details.
6. Data retention
Commitment records are retained for 12 months from creation, after which they are automatically deleted. Workspace and user records are retained for the duration of your subscription plus 30 days. You may request earlier deletion at any time.
7. Your rights
Depending on your jurisdiction, you may have rights to access, correct, or delete your data. To exercise these rights, email thakartej12@gmail.com with the subject "Privacy Request" and your Slack workspace ID. We will respond within 30 days.
8. Security
All data is encrypted in transit (TLS 1.3) and at rest. Bot tokens are stored encrypted in the database. We verify Slack request signatures on every webhook to prevent spoofing. See our Security page for more detail.
9. Children's privacy
The Service is intended for professional use by adults. We do not knowingly collect data from anyone under 16 years of age.
10. Changes to this policy
We may update this policy from time to time. We'll notify workspace admins via Slack DM for material changes. The "last updated" date at the top of this page will always reflect the current version.
11. Contact
Questions? Email thakartej12@gmail.com. We aim to respond within 2 business days.