Security & privacy
What we store, where, who can see it, and how to delete it.
Where data lives
Charters and org metadata live in Postgres on Supabase. The application is hosted on Vercel as a static frontend plus serverless API functions. Email magic-link delivery uses Resend.
Both providers operate in US regions by default. Enterprise customers can request EU residency.
Authentication
Sign-in is passwordless — magic links delivered by email. We never store passwords. Sessions are stateless JWT cookies signed with a server-only key. No session-store database; when you sign out, the cookie is invalidated.
Slack scopes
When you connect Slack, we request read-only access to the channels you authorize. We do not read DMs, files, or other workspaces. Tokens are encrypted at rest.
You can disconnect Slack from your org settings at any time. Disconnecting revokes the token and deletes channel-level credentials immediately.
What we send to AI providers
When you generate a charter from Slack, we send the recent message text from the chosen channel to Anthropic's Claude API. We don't send messages from other channels. We don't store the content of API requests/responses beyond what's needed to retry on failure.
We do not train models on your data.
Deletion
You can delete a charter from its settings menu. Deletion is immediate and removes the charter plus all version history. Linked charters keep their links as text, but the resolved link 404s.
You can delete your org from org settings. Deletion is irreversible and removes all charters, members, domain mappings, and Slack tokens.
You can delete your account by emailing clay@cpj.fyi. Account deletion removes your member records from all orgs and any unclaimed personal data.
For enterprise data-handling questions (DPAs, sub-processor lists, residency), email clay@cpj.fyi.