OOctopus

Privacy Policy

Last updated: July 16, 2026

Octopus (“we”, “us”) provides an AI knowledge assistant that answers questions from the tools your organization connects (such as Slack, Google Drive, Gmail, and Notion). This policy explains what we collect, how we use it, and the choices you have. It applies to the Octopus web application and website.

Information we collect

  • Account information — your name, email address, and organization details, provided through our authentication provider (Clerk) when you sign up.
  • Connected-source content — when an administrator connects a tool, Octopus indexes content that tool shares (documents, messages, files and their metadata) so it can answer your team's questions.
  • Usage data — questions asked, features used, and technical logs (errors, performance), used to operate and improve the product.

How we use information

  • To provide the service: indexing your connected sources and answering questions.
  • To enforce permissions: you only see content you already have access to.
  • To secure, maintain, and improve the product.
  • To communicate with you about the service (invitations, important updates).

We do not sell your personal information or your organization's content.

AI processing

To generate answers, relevant excerpts from your connected sources are sent to our AI model providers (currently OpenAI) along with your question. Excerpts are sent only for the purpose of generating your answer, and only content your account is permitted to see is ever included. Our providers process this data under their API terms, which do not permit training on your data.

Sub-processors

We rely on a small set of infrastructure providers to run Octopus:

  • Vercel (application hosting)
  • Neon (database)
  • Pinecone (search index)
  • Clerk (authentication)
  • Nango (integration connections)
  • OpenAI (AI answers)

Data retention & deletion

Indexed content is retained while the source stays connected; disconnecting an integration removes its indexed content. When your organization's account is deleted, associated content and personal information are deleted from our systems within a reasonable period, except where retention is required by law.

Security

Data is encrypted in transit, access is permission-scoped per user, and connections to your tools use OAuth — Octopus never sees your passwords for connected tools. No method of storage is 100% secure, but we design the product so that your existing access controls are always respected.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Contact us and we will honor applicable requests. If you use Octopus through your employer, some requests may need to go through your organization administrator.

Changes & contact

We may update this policy as the product evolves; material changes will be reflected by the date above. Questions or requests: namank5382@gmail.com.