Privacy Policy

Effective June 4, 2026

Skyfall Agents (“Skyfall,” “we,” “us”) operates the Skyfall Agents workspace and Concierge service. This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and the choices you have. It applies to agents.skyfall.consulting and the Skyfall Concierge Slack app.

What we collect

  • Account information. Your email address and, when you sign in with Google, your name and avatar URL.
  • Workspace content. Projects you create, conversations with Concierge, deliverables Concierge generates, activity events, and any content you share with Concierge (text, files, URLs, repository references).
  • Integration credentials. OAuth tokens and access keys for services you connect (Slack, GitHub, email providers). These are stored encrypted in our database and used only to operate the features you enabled.
  • Slack messages & metadata. When you install our Slack app, we receive the direct messages you send to Concierge, your Slack user ID, workspace ID, and the channel/timestamp of the messages so we can reply in-thread.
  • Operational telemetry. Basic logs (request times, error traces, token usage) needed to run and debug the service.

What we don't collect

We deliberately avoid collecting data we don't need to operate the service:

  • No payment-card numbers or bank account details — payments are handled by Stripe; we only see masked card metadata (last four, brand) needed for receipts.
  • No social-security numbers, government IDs, or other regulated identity documents.
  • No advertising identifiers, third-party cookies, or cross-site tracking.
  • No data from connected tools beyond what's required for the action you asked Concierge to perform — we read live, we don't mirror.

How we use it

  • To operate Concierge: respond to your messages, generate deliverables, and carry out the actions you request.
  • To deliver output to the channels you chose (the workspace UI, email, Slack).
  • To improve reliability: monitor errors, diagnose failures, and prevent abuse.
  • To communicate with you about your account (security notices, service changes).

We do not use your workspace content to train foundation models. Our agreement with Anthropic forbids them from training on your prompts or completions (see Anthropic's privacy policy). We do not sell your data.

Sub-processors

We use the following service providers to operate Skyfall Agents. Each receives only the data required to deliver its function. The first five are used for every user; the rest are activated only if you connect that integration.

  • Anthropic — Claude model inference. Your prompts and conversation context are sent to Anthropic to generate Concierge's replies. Privacy policy ↗
  • Supabase — Postgres database, file storage, and authentication. Privacy policy ↗
  • Vercel — web hosting and edge compute for agents.skyfall.consulting. Privacy policy ↗
  • Fly.io — runs the worker service that executes Concierge's tool calls. Privacy policy ↗
  • Stripe — billing and subscription management. We do not store your card data; Stripe holds it. Privacy policy ↗
  • Resend — transactional email delivery (account notifications, deliverable attachments). Privacy policy ↗
  • Recall.ai — meeting-bot platform. When you ask Skyfall to join a video call, Recall.ai deploys a bot named “Sky” that joins the meeting, transcribes the audio, and returns the transcript to your Skyfall workspace. Audio is processed by Recall and discarded after transcription; transcripts are stored in your workspace. The bot is always visible in the meeting and can be removed by the host at any time. Privacy policy ↗
  • Slack (if connected) — messages and metadata flow through Slack's API. Privacy policy ↗
  • GitHub (if connected) — Concierge reads your repositories and opens pull requests using the token you authorized. Privacy policy ↗
  • Linear (if connected) — Concierge reads and drafts tickets in your Linear workspace. Privacy policy ↗
  • Sentry (if connected) — Concierge reads error events you route to it via webhook. Privacy policy ↗
  • Notion (if connected) — Concierge reads and writes pages in the Notion workspaces you authorize. Privacy policy ↗
  • Google Calendar & Google Tasks (if connected) — with your authorization Concierge reads your Google Calendar events and Google Tasks, and can create, update, or delete events and tasks when you ask it to. We request only the calendar.events and tasks scopes, plus your basic profile (email). Privacy policy ↗

Google user data & Limited Use

This section describes how Skyfall handles data obtained through Google APIs (Google Calendar, Google Tasks, and your basic Google profile). It applies in addition to the rest of this policy.

  • What we access. With your authorization, we access your basic Google account information (email address) and — only if you connect the Google integration — your Google Calendar events and Google Tasks, including the ability to create, update, and delete events and tasks when you ask Concierge to.
  • Who we share it with. We share Google user data only with the sub-processors named above, and only to provide the features you enabled: Anthropic (your request and the relevant calendar/task context are sent to Claude to generate Concierge's response), Supabase (encrypted storage of your data and OAuth tokens), and Vercel and Fly.io (hosting and compute that run the request). We do not share, transfer, or disclose Google user data to any other party.
  • We never sell it or use it for ads. Google user data is never sold or rented, and is never used for advertising or ad targeting.
  • No AI/ML model training. We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Anthropic is contractually prohibited from training its models on your data.
  • Limited human access. No human reads your Google user data except: with your explicit consent (for example, to provide support you requested); where necessary for security or to comply with applicable law; or on data that has been aggregated and anonymized for operations.

Skyfall Agents' use and transfer of information received from Google APIs — including Google Workspace APIs (Google Calendar and Google Tasks) — to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Cookies

We use only essential cookies — Supabase session cookies that keep you signed in, and a CSRF token for form posts. We don't use advertising cookies or third-party analytics today. If we add analytics in the future, we'll update this policy and notify active workspace owners 30 days before it takes effect.

Data retention

  • Workspace content (projects, conversations, deliverables) is retained for as long as your workspace exists.
  • When you delete a workspace, all of its content is deleted immediately and cannot be recovered. Cascading deletes cover projects, conversations, messages, deliverable files, and audit events.
  • OAuth tokens are revoked and deleted when you disconnect the integration.
  • Operational logs are retained for up to 30 days for debugging.

Your rights

  • Access & portability. You can view your workspace content in the web app anytime.
  • Deletion. You can delete your workspace from Settings → Danger zone. This permanently removes all associated data.
  • Disconnect integrations. You can disconnect Slack, GitHub, or email at any time from Integrations; this revokes our access and deletes the stored tokens.
  • Questions or requests. Email us at support@skyfall.consulting.

Security

Data in transit is encrypted with TLS. Data at rest is encrypted by our infrastructure providers. Secrets (OAuth tokens, API keys) are redacted before any data leaves our servers for the browser. That said, no system is perfectly secure; if we become aware of a breach affecting your data, we will notify you without undue delay.

Children

Skyfall Agents is not directed to children under 13, and we do not knowingly collect personal data from children.

Jurisdiction

Skyfall Consulting is based in California, USA. This Privacy Policy is governed by California law. Disputes related to this policy will be resolved in the state or federal courts located in San Francisco County, California.

Changes

We may update this policy as the service evolves. Material changes will be announced to active workspace owners by email at least 30 days before they take effect.

Contact

Questions about this policy or your data? support@skyfall.consulting