Privacy Policy

Last updated: January 30, 2026

Introduction

Team0 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI operations platform and services. We are proud to be CASA Tier 2 certified, demonstrating our commitment to enterprise-grade security and data protection standards.

Information We Collect

Personal Information

•Name and email address (via Clerk authentication)
•Business information you provide during onboarding
•Payment information (processed securely by LemonSqueezy)
•Communication preferences

Business Data

•Business descriptions and website URLs
•Documents and knowledge base content you upload
•Calendar events and email data (with your explicit permission)
•Communication channel messages (Slack, Telegram, WhatsApp)
•Task schedules and automation preferences

WhatsApp Integration Data

When you connect WhatsApp to communicate with your Team0 agents:

•Your WhatsApp phone number used for agent communication
•Messages exchanged between you and your Team0 agents only
•Message timestamps and delivery status
•Activation codes used to connect your WhatsApp to your agents

Privacy Notice: Team0 provides a dedicated WhatsApp Business number (+1 430-200-0006) that enables secure communication exclusively between you and your AI agents. We do NOT access, store, or process any of your other WhatsApp conversations, contacts, or personal WhatsApp data. The connection is limited solely to agent interactions.

Google Services Data

When you authorize Team0 to access Google services, we may collect:

•Gmail: Email metadata, partial message content for processing (read/compose/send)
•Google Calendar: Event details, attendees, and scheduling information
•Google Drive: File metadata and content you explicitly share
•Google Workspace: User profile information (name, email)

All Google data access follows Google's API Services User Data Policy and requires your explicit consent. You can revoke access at any time through your Google Account settings.

Usage Data

•Log data including IP addresses and browser information
•Feature usage and interaction patterns
•AI agent execution history
•Credit usage and subscription data

How We Use Your Information

•To provide and maintain our AI operations services
•To personalize AI agents with your business context
•To process transactions and manage subscriptions
•To send service updates and important notifications
•To improve our services through analytics
•To detect and prevent fraud or abuse
•To comply with legal obligations
•To enable secure WhatsApp communication between you and your Team0 agents
•To authenticate and route messages to the correct agent assigned to you

Data Security

We implement industry-standard security measures to protect your data:

•Encryption in transit (TLS 1.3) and at rest (AES-256)
•Multi-tenant data isolation with row-level security
•Regular security audits and monitoring
•Access controls and JWT authentication via Clerk
•Secure API endpoints with rate limiting
•OWASP-compliant security headers and CSRF protection
•CASA Tier 2 certified (Cloud Application Security Assessment - passed September 2025)
•Field-level encryption for OAuth tokens and sensitive data
•Vulnerability scanning and dependency management

Team0 is officially CASA Tier 2 certified! We passed our Cloud Application Security Assessment in September 2025, meeting all 134 OWASP ASVS v4.0 requirements. CASA is an industry-standard assessment developed by the App Defense Alliance (Google, Meta, Microsoft) that ensures the highest security standards for cloud applications.

What We Process vs. What We Store

We believe in transparency about how your data flows through our system.

💬 Conversations with AI Agents

Process:Your messages are sent to AI models (OpenAI/Anthropic) for generating responses

Store:Full conversation history in your isolated database for context continuity

Retention:90 days by default (soon to be configurable in workspace settings)

Encryption:Database encrypted at rest (AWS RDS AES-256), access controls via per-tenant isolation

Who Sees It:Only you, your workspace members, and AI models processing your requests. Team0 staff do not access conversation content except for critical debugging with your explicit permission.

📧 Email Intelligence (Gmail Integration)

Process:Email subjects and first 200 characters analyzed for urgency, action items, and follow-ups

Store:Email subjects, sender info, timestamps, and extracted insights. Full email bodies are NOT stored

Retention:90 days by default (soon to be configurable in workspace settings)

Encryption:OAuth tokens encrypted (AES-256-GCM with per-tenant keys), analysis results access-controlled

📅 Calendar Events & Tasks

Process:Event summaries analyzed for scheduling conflicts and preparation reminders

Store:Event titles, times, attendees, task descriptions for agent context and proactive assistance

Retention:Active tasks and upcoming events; historical data retained for 90 days

🔐 Integration Credentials (OAuth Tokens, API Keys)

Process:Used only to authenticate API requests on your behalf (Gmail, Calendar, Slack, etc.)

Store:Encrypted in database using AES-256-GCM with per-tenant key derivation (PBKDF2-SHA256, 100k iterations)

Encryption:Always encrypted - never stored in plaintext, never logged, keys managed via AWS Parameter Store

Access:Only decrypted in-memory when making API calls, immediately discarded after use

Why Not Encrypt Everything?

AI agents need to read your conversations and context to assist you effectively. Encrypting this content would break core functionality (search, context understanding, proactive insights). Instead, we protect your data through:

•Per-tenant database isolation - Your data is completely separated from other workspaces
•Access controls - Only authorized workspace members can access conversations
•Encryption at rest - All databases use AES-256 encryption (AWS RDS)
•Selective field encryption - Credentials and secrets always encrypted with per-tenant keys
•Data retention policies - Automatic cleanup of old data (soon to be configurable)

No Human Access: Your conversations and integrated data are processed exclusively by AI models and automated systems. Team0 staff do not proactively view or access your content. Access is only granted for critical debugging purposes.

Third-Party Services

We integrate with trusted third-party services to provide our platform:

•Clerk: User authentication and management
•LemonSqueezy: Payment processing
•OpenAI/Anthropic: AI model providers
•Google APIs: Calendar, Gmail integration (with your consent)
•Meta/WhatsApp Business API: Secure messaging infrastructure for agent communication
•AWS: Infrastructure and encrypted data storage

Data Retention

We retain your data for as long as your account is active up to 90 days old data (to be configurable soon). Upon account deletion, we will delete your personal information within 30 days, except where retention is required by law.

GDPR Compliance & Your Rights

For users in the European Economic Area (EEA), we process data under the following legal bases:

•Your consent for optional features (including WhatsApp integration)
•Legitimate interests for service improvement
•Legal obligations for compliance
•Contract performance for providing our services

Your Data Rights

Under GDPR and applicable privacy laws, you have the right to:

•Access: Request a copy of your personal data
•Rectification: Correct inaccurate or incomplete data
•Erasure: Request deletion of your personal data
•Portability: Export your data in a machine-readable format
•Object: Opt-out of certain data processing activities
•Restrict: Limit how we process your data
•Withdraw consent: Revoke consent at any time (including WhatsApp connection)

To exercise these rights, contact us at hey@team0.ai or use the data management tools in your account settings.

WhatsApp Integration & Privacy

Our WhatsApp integration is designed with privacy at its core:

•Limited Scope: You connect to Team0's WhatsApp number to chat exclusively with your AI agents
•No Access to Your Personal WhatsApp: We cannot see your personal contacts, groups, or other conversations
•End-to-End Encryption: All messages remain encrypted per WhatsApp's security standards
•Opt-in Only: You must actively send an activation code to connect
•Easy Disconnection: Remove the integration anytime from your Team0 dashboard
•Compliance: We follow Meta's WhatsApp Business API Terms and Privacy Policy

How it works: Team0 operates a WhatsApp Business account that acts as a secure bridge between you and your AI agents. When you send a message to our business number, it's routed to your specific agents, and their responses come back to you. This is a completely isolated channel - we have no visibility into or access to your personal WhatsApp account or any other conversations.

Chrome Extension & Privacy

Our Chrome extension ("Chief of Staff Everywhere") provides a browser side panel to chat with your AI Chief of Staff. Here is how it handles your data:

•Authentication: The extension reads your existing Clerk authentication token from the team0.ai web app to authenticate API requests. No additional login is required. Tokens are stored locally in Chrome storage and refreshed automatically.
•Page Context (User-Initiated Only): The extension reads the current page title, URL, selected text, or captures a screenshot ONLY when you explicitly click a quick action button or use the right-click context menu. It never monitors or tracks your browsing automatically.
•No Browsing History: The extension does not track, store, or transmit your browsing history, visited URLs, or any browsing patterns.
•Local Storage Only: Authentication credentials and session preferences are stored locally on your device using Chrome's storage API. No data is stored on external servers beyond what is sent through normal chat interactions.
•Limited Host Access: The extension only connects to team0.ai (for authentication) and api.team0.ai (for API calls). It does not access or inject content into any other websites.
•Same Data Pipeline: All chat messages and page context shared through the extension flow through the same secure API as the web app, with identical encryption, access controls, and data retention policies.

Data Sharing and Consent

We share your data only in the following circumstances:

•With your explicit consent
•To comply with legal obligations or respond to lawful requests
•With trusted service providers who help operate our platform (under strict confidentiality)
•In connection with a merger, acquisition, or sale of assets (with prior notice)
•To protect rights, property, or safety of Team0, our users, or the public

We never sell your personal information to third parties or use it for advertising.

Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Team0 Privacy Team

Email: hey@team0.ai

Your Privacy Matters

We never sell your personal information. Your business data is yours, and you can export or delete it at any time.

Privacy Policy

Last updated: January 30, 2026

Introduction

Information We Collect

Personal Information

•Name and email address (via Clerk authentication)
•Business information you provide during onboarding
•Payment information (processed securely by LemonSqueezy)
•Communication preferences

Business Data

•Business descriptions and website URLs
•Documents and knowledge base content you upload
•Calendar events and email data (with your explicit permission)
•Communication channel messages (Slack, Telegram, WhatsApp)
•Task schedules and automation preferences

WhatsApp Integration Data

When you connect WhatsApp to communicate with your Team0 agents:

•Your WhatsApp phone number used for agent communication
•Messages exchanged between you and your Team0 agents only
•Message timestamps and delivery status
•Activation codes used to connect your WhatsApp to your agents

Google Services Data

When you authorize Team0 to access Google services, we may collect:

•Gmail: Email metadata, partial message content for processing (read/compose/send)
•Google Calendar: Event details, attendees, and scheduling information
•Google Drive: File metadata and content you explicitly share
•Google Workspace: User profile information (name, email)

All Google data access follows Google's API Services User Data Policy and requires your explicit consent. You can revoke access at any time through your Google Account settings.

Usage Data

•Log data including IP addresses and browser information
•Feature usage and interaction patterns
•AI agent execution history
•Credit usage and subscription data

How We Use Your Information

•To provide and maintain our AI operations services
•To personalize AI agents with your business context
•To process transactions and manage subscriptions
•To send service updates and important notifications
•To improve our services through analytics
•To detect and prevent fraud or abuse
•To comply with legal obligations
•To enable secure WhatsApp communication between you and your Team0 agents
•To authenticate and route messages to the correct agent assigned to you

Data Security

We implement industry-standard security measures to protect your data:

•Encryption in transit (TLS 1.3) and at rest (AES-256)
•Multi-tenant data isolation with row-level security
•Regular security audits and monitoring
•Access controls and JWT authentication via Clerk
•Secure API endpoints with rate limiting
•OWASP-compliant security headers and CSRF protection
•CASA Tier 2 certified (Cloud Application Security Assessment - passed September 2025)
•Field-level encryption for OAuth tokens and sensitive data
•Vulnerability scanning and dependency management

What We Process vs. What We Store

We believe in transparency about how your data flows through our system.

💬 Conversations with AI Agents

Process:Your messages are sent to AI models (OpenAI/Anthropic) for generating responses

Store:Full conversation history in your isolated database for context continuity

Retention:90 days by default (soon to be configurable in workspace settings)

Encryption:Database encrypted at rest (AWS RDS AES-256), access controls via per-tenant isolation

Who Sees It:Only you, your workspace members, and AI models processing your requests. Team0 staff do not access conversation content except for critical debugging with your explicit permission.

📧 Email Intelligence (Gmail Integration)

Process:Email subjects and first 200 characters analyzed for urgency, action items, and follow-ups

Store:Email subjects, sender info, timestamps, and extracted insights. Full email bodies are NOT stored

Retention:90 days by default (soon to be configurable in workspace settings)

Encryption:OAuth tokens encrypted (AES-256-GCM with per-tenant keys), analysis results access-controlled

📅 Calendar Events & Tasks

Process:Event summaries analyzed for scheduling conflicts and preparation reminders

Store:Event titles, times, attendees, task descriptions for agent context and proactive assistance

Retention:Active tasks and upcoming events; historical data retained for 90 days

🔐 Integration Credentials (OAuth Tokens, API Keys)

Process:Used only to authenticate API requests on your behalf (Gmail, Calendar, Slack, etc.)

Store:Encrypted in database using AES-256-GCM with per-tenant key derivation (PBKDF2-SHA256, 100k iterations)

Encryption:Always encrypted - never stored in plaintext, never logged, keys managed via AWS Parameter Store

Access:Only decrypted in-memory when making API calls, immediately discarded after use

Why Not Encrypt Everything?

•Per-tenant database isolation - Your data is completely separated from other workspaces
•Access controls - Only authorized workspace members can access conversations
•Encryption at rest - All databases use AES-256 encryption (AWS RDS)
•Selective field encryption - Credentials and secrets always encrypted with per-tenant keys
•Data retention policies - Automatic cleanup of old data (soon to be configurable)

Third-Party Services

We integrate with trusted third-party services to provide our platform:

•Clerk: User authentication and management
•LemonSqueezy: Payment processing
•OpenAI/Anthropic: AI model providers
•Google APIs: Calendar, Gmail integration (with your consent)
•Meta/WhatsApp Business API: Secure messaging infrastructure for agent communication
•AWS: Infrastructure and encrypted data storage

Data Retention

GDPR Compliance & Your Rights

For users in the European Economic Area (EEA), we process data under the following legal bases:

•Your consent for optional features (including WhatsApp integration)
•Legitimate interests for service improvement
•Legal obligations for compliance
•Contract performance for providing our services

Your Data Rights

Under GDPR and applicable privacy laws, you have the right to:

•Access: Request a copy of your personal data
•Rectification: Correct inaccurate or incomplete data
•Erasure: Request deletion of your personal data
•Portability: Export your data in a machine-readable format
•Object: Opt-out of certain data processing activities
•Restrict: Limit how we process your data
•Withdraw consent: Revoke consent at any time (including WhatsApp connection)

To exercise these rights, contact us at hey@team0.ai or use the data management tools in your account settings.

WhatsApp Integration & Privacy

Our WhatsApp integration is designed with privacy at its core:

•Limited Scope: You connect to Team0's WhatsApp number to chat exclusively with your AI agents
•No Access to Your Personal WhatsApp: We cannot see your personal contacts, groups, or other conversations
•End-to-End Encryption: All messages remain encrypted per WhatsApp's security standards
•Opt-in Only: You must actively send an activation code to connect
•Easy Disconnection: Remove the integration anytime from your Team0 dashboard
•Compliance: We follow Meta's WhatsApp Business API Terms and Privacy Policy

Chrome Extension & Privacy

Our Chrome extension ("Chief of Staff Everywhere") provides a browser side panel to chat with your AI Chief of Staff. Here is how it handles your data:

•Authentication: The extension reads your existing Clerk authentication token from the team0.ai web app to authenticate API requests. No additional login is required. Tokens are stored locally in Chrome storage and refreshed automatically.
•Page Context (User-Initiated Only): The extension reads the current page title, URL, selected text, or captures a screenshot ONLY when you explicitly click a quick action button or use the right-click context menu. It never monitors or tracks your browsing automatically.
•No Browsing History: The extension does not track, store, or transmit your browsing history, visited URLs, or any browsing patterns.
•Local Storage Only: Authentication credentials and session preferences are stored locally on your device using Chrome's storage API. No data is stored on external servers beyond what is sent through normal chat interactions.
•Limited Host Access: The extension only connects to team0.ai (for authentication) and api.team0.ai (for API calls). It does not access or inject content into any other websites.
•Same Data Pipeline: All chat messages and page context shared through the extension flow through the same secure API as the web app, with identical encryption, access controls, and data retention policies.

Data Sharing and Consent

We share your data only in the following circumstances:

•With your explicit consent
•To comply with legal obligations or respond to lawful requests
•With trusted service providers who help operate our platform (under strict confidentiality)
•In connection with a merger, acquisition, or sale of assets (with prior notice)
•To protect rights, property, or safety of Team0, our users, or the public

We never sell your personal information to third parties or use it for advertising.

Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Team0 Privacy Team

Email: hey@team0.ai

Your Privacy Matters

We never sell your personal information. Your business data is yours, and you can export or delete it at any time.