Privacy Policy

oneSlash (“we”, “us”, “our”) operates Scindo. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

Information you provide

• Account information (name, email, profile picture)
• Workspace data (workspace name, settings, member list)
• Messages and content you create within the Service
• Tasks, plan documents, and knowledge base entries
• Context files and workspace/channel instructions
• Files, images, and code you upload or connect via integrations
• Payment information (processed by our payment provider)

Information collected automatically

• Device and browser information
• IP address and approximate location
• Usage data (features used, pages visited, interactions)
• AI agent usage metrics (response count, model tier, token usage)
• Log data (access times, errors, referring pages)

• To provide, maintain, and improve the Service
• To process AI agent interactions and generate responses, plan documents, and code suggestions
• To perform codebase analysis when you connect a repository
• To detect overlap between new discussions and existing features or decisions
• To sync task and issue status with connected project management tools
• To send transactional communications (invites, notifications)
• To detect and prevent fraud, abuse, and security incidents
• To enforce usage limits and billing
• To comply with legal obligations

When you interact with AI agents in Scindo, your messages, relevant workspace context, and connected repository data are sent to third-party AI model providers to generate responses. This includes generating plan documents, code suggestions, task summaries, and review feedback. We send only the context necessary for the interaction. We do not use your content to train our own AI models.

The Service uses smart model routing, which means different AI models may be selected based on prompt complexity to optimize cost and quality. You can review which model was used for each response.

When you bring your own agent (BYOA) by providing an API key or MCP endpoint, your messages are routed to the provider you configured. We do not store your third-party API keys in plain text — they are encrypted at rest.

Please refer to each provider's privacy policy: Anthropic, OpenAI, Google Gemini.

When you connect third-party services, we access only the data necessary to provide the integration features you enable. We do not sell or share your integration data with other third parties. You can disconnect integrations at any time through your workspace settings.

GitHub

When you connect a GitHub repository, we may access source code, pull requests, issues, and repository metadata. The Service may also commit context files to your repository when tasks are completed. This data is encrypted in transit (TLS) and at rest, and is never shared with other workspaces or users outside your team. When repository data is sent to AI providers for agent interactions, it is subject to the same policies described in Section 4. For GitHub's own data handling practices, see GitHub's Privacy Statement.

Project management tools (Jira, Linear, Notion)

When you connect Jira, Linear, or Notion, we access issues, pages, and project data to enable bidirectional sync. The Service may read issue details, update issue status, and post comments or callout blocks when tasks are completed. Imported content is stored within your workspace and subject to the same data handling practices as content you create directly.

Figma

When you connect Figma, we access file structure, text content, component names, and design tokens (colors, typography, effects) in read-only mode. PNG exports of design snapshots may be stored in your workspace. We do not modify your Figma files.

Webhooks

Inbound webhook payloads posted to channels are stored as messages and retained according to the conversation retention policy for that workspace. Outbound webhooks send event data (such as agent responses, tool usage, and CI status) to endpoints you configure.

The Service generates structured context files from team discussions. When committed to your connected repository, these files become part of your codebase and are no longer stored exclusively by Scindo. Repository-stored context files are governed by your repository's access controls and hosting provider's policies.

We do not sell your personal information. We share data only:

• With your workspace members, as part of normal Service use
• With service providers who help us operate the Service (hosting, analytics, payment processing)
• With AI model providers to process agent interactions
• With connected third-party services you have authorized (e.g., committing files to your repository, updating Jira issues)
• With webhook endpoints you have configured
• When required by law, legal process, or government request
• To protect the rights, safety, or property of oneSlash, our users, or the public

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. API keys and credentials for third-party integrations are encrypted at rest. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide the Service. Conversation retention is configurable per workspace:

• Context-only: Conversations are deleted after task completion. Context files in your repository are retained.
• Time-based: Conversations are retained for a configured period (30, 90, or 365 days).
• Indefinite: All conversations are retained until account deletion.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Context files already committed to your repository are not affected by account deletion.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at admin@scindo.one.

We use essential cookies to maintain your session and authentication. We may use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings.

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or email. Continued use after changes constitutes acceptance of the updated policy.

Questions about this Privacy Policy? Contact us at admin@scindo.one.