Legal
Privacy Policy
We are transparent about how we collect, use, and protect personal data across identity, tenant operations, and AI-assisted answers.
- Your organisation content and prompts are never used to train base models.
- Export and deletion flows are available in account settings.
- Encryption in transit and at rest with controlled access paths.
Last updated: 9 April 2026
Contents
On this page
Who we are
Your App is a knowledge infrastructure platform that helps teams find, understand, and use organisational knowledge. This policy explains how we handle personal data when you use the service at baobabcore.com.
Your App is the data controller for this service. We may update this policy over time, and we always show the latest revision date on this page.
What data we collect
When you sign in, we use your identity from our authentication provider to link you to your profile and organisation. This includes your name, email (where provided), and organisation membership details required for access control.
We also collect basic usage events such as page path and referrer so we can understand product usage, diagnose problems, and improve the service. We do not sell personal data or use your data for third-party marketing.
How and why we use data
We process data only to deliver and secure Your App: authentication, authorisation, tenant access control, product operations, and support. Our legal bases include performance of contract and legitimate interests in running a secure, reliable service.
Where data is stored and processed
Data is stored in secure infrastructure used to operate Your App(such as database and object storage providers). Some subprocessors, including our AI provider, may process data outside your country. Where transfer frameworks apply, we use contractual safeguards.
Data retention
We retain profile and organisation data while your account and tenant remain active. If access is removed or deletion is requested, we remove or anonymise personal data in line with operational and legal obligations.
Security and audit records may be retained for a limited period where required for lawful compliance, fraud prevention, or dispute resolution.
Your privacy rights
You have the right to request:
- Access to personal data we hold about you.
- Correction or deletion where applicable.
- Data export in a portable format.
- Restriction or objection to certain processing.
To exercise these rights, use our contact page or email support@example.com. We aim to respond within 30 days.
Data export and account deletion
Signed-in users can export personal data (JSON) from Account settings in Privacy & data.
You can request account deletion from Danger zone in the same area. Your access is deactivated immediately; personal data is scheduled for deletion after a 14-day grace period. Organisation billing and legal records may be retained where required. Requests are subject to identity checks and lawful exceptions.
AI processing and your content
Your App indexes documents your organisation uploads so we can retrieve relevant excerpts for question answering. When you send a query, we send relevant context and your prompt to an AI provider via API to produce a grounded response.
We do not use your organisation's documents, prompts, or responses to train, fine-tune, or improve foundation or base language models.
Contact
Contact and support
Questions about this policy, data rights, or specific retention cases can be sent to support@example.com or through our contact form.
See also Security and Terms of Service.