Seaboss

Privacy Policy

Effective date: March 11, 2026 · Last updated: March 29, 2026

1. Information We Collect

We collect the following categories of information when you use the Service:

  • Account information — business name, email address, plan tier, and account status.
  • Business context — information you provide during the AI onboarding interview, including your business description, operational details, and channel preferences. This information is used to configure your AI agent.
  • Conversation data — messages sent to and received from your AI agent via connected channels (Telegram, Discord, etc.).
  • Usage data — token counts, model usage, and cost data generated by your AI agent's activity, used for billing and quota management.
  • Billing information — payment method details are processed and stored by Stripe, Inc. Seaboss stores only a Stripe Customer ID and subscription status; we do not store raw card numbers.
  • Technical data — IP addresses, request IDs, timestamps, and access logs generated during normal system operation.
  • Secrets and credentials — API keys and other secrets you provide (e.g., for third-party integrations) are stored encrypted at rest and never logged in plaintext.
  • Third-party integration data — if you connect a third-party service such as Google Drive, we store the OAuth tokens (access and refresh tokens) needed to maintain the connection. We access only the data and scopes you explicitly authorize.

2. How We Use Your Information

We use the information we collect to:

  • Set up, operate, and maintain Seaboss and your pod
  • Calculate, bill, and collect subscription fees and credit-pack purchases
  • Provide customer support and respond to inquiries
  • Monitor platform health, security, and reliability
  • Send transactional communications (account creation, billing alerts, service announcements)
  • Connect to third-party services you authorize (e.g., Google Drive) so your AI agent can act on your behalf
  • Comply with applicable legal obligations

We do not use your data for advertising or sell it to third parties.

3. Third-Party Data Processing

We share limited data with the following third-party processors:

  • Anthropic, PBC — Conversation content and Inputs are transmitted to Anthropic's API to generate AI responses. This processing is governed by Anthropic's commercial API terms.
  • Stripe, Inc. — Payment card data and billing transactions are processed by Stripe under Stripe's privacy policy. Seaboss does not handle raw payment card data.
  • Google LLC — If you connect Google Drive, your AI agent accesses your Google Drive files via the Google Drive API using OAuth tokens you authorize. Seaboss accesses only the scopes you grant (file reading and file management). See Section 3a below for details.

We do not sell, rent, or share your personal information with any other third parties except as required by law or with your explicit consent.

3a. Google Drive Integration

If you choose to connect your Google account, Seaboss requests access to the following OAuth scopes:

  • drive.file — allows your AI agent to create, read, and manage only the specific Google Drive files you open with Seaboss or that the agent creates on your behalf. Your AI agent cannot see or access other files in your Drive.

What we access: Your AI agent accesses Google Drive files only when performing tasks you request (e.g., "save this report to my Drive" or to read a file you've explicitly opened with Seaboss via the Google file picker). Seaboss does not browse, index, or copy your Drive contents for any other purpose, and cannot read files you haven't directly authorized.

How data is stored: OAuth tokens (access and refresh tokens) are stored encrypted at rest using AES-256-GCM. Tokens are used solely to maintain the connection between your AI agent and your Google account. File contents retrieved from Google Drive are processed in your agent's isolated environment and are not stored on Seaboss servers beyond the duration of the task.

Revoking access: You can disconnect Google Drive at any time from the Integrations tab in your dashboard. You can also revoke Seaboss's access directly from your Google Account permissions page. Revoking access immediately stops your AI agent from accessing your Google Drive.

No training: Google Drive data is never used to train AI models. See Section 4 below.

4. AI Model Training

Your data is not used to train AI models. Seaboss uses Anthropic's commercial API, which explicitly prohibits the use of Customer data for training Anthropic's models. Conversation data processed through the Service remains yours and is not used to improve any AI model by Anthropic or by Seaboss.

5. Data Retention

  • Active accounts: Data is retained for as long as your account is active and as necessary to provide the Service.
  • Terminated accounts: After account termination, your data is retained for 30 days to allow you to export it. After 30 days, your data is permanently deleted from our systems, except where retention is required by law.
  • Usage logs: Aggregated usage and billing logs are retained for 12 months for accounting and dispute resolution purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256-GCM encryption for all secrets and API credentials stored at rest
  • HTTPS/TLS for all data in transit
  • Isolated environments per Customer — your pod cannot access another Customer's environment
  • WAL-mode SQLite databases with access controls
  • Request ID logging for security audit trails

No security system is infallible. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. Data Isolation

Each Customer account operates in a dedicated, isolated environment (Pod). Your workspace, conversation data, configuration files, and secrets are stored separately and are not accessible to other Customers. Administrative access to your Pod is restricted to authorized Seaboss personnel for support and maintenance purposes only.

8. Cookies & Analytics

The Seaboss web application stores a JSON Web Token (JWT) in your browser's local storage for authentication purposes. We do not use third-party advertising cookies. We may use minimal, privacy-respecting analytics to understand aggregate usage patterns and improve the platform. We do not track individual users across sites.

9. Your Rights

You have the following rights regarding your personal data:

  • Access & export: You may export your data at any time through the dashboard or by contacting support.
  • Correction: You may update your account information through the dashboard.
  • Deletion: You may request deletion of your account and associated data by contacting us. Deletion requests will be processed within 30 days, subject to legal retention requirements.

To exercise any of these rights, contact us at [email protected].

10. Children's Privacy

The Service is intended for adults operating business entities. We do not knowingly collect personal information from individuals under 18 years of age. If you believe a minor has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

11. Changes & Contact

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. Continued use of the Service after the effective date of an update constitutes your acceptance of the revised policy.

For privacy-related questions or requests, contact us at: [email protected]

Terms of Service →