Privacy Policy

The short version: we collect just enough information to provide a great service to you. Our business depends on our customers' trust, so we don't want to destroy that trust by taking privacy-violating actions. Yes, we use cookies in a limited capacity. No, we don't sell your data to third parties. Yes, we take precautions to safeguard your data. Read on for more details, if you are interested.

Your use of the Smithy website and all associated services ("Smithy") is subject to your agreement to all of the following terms. If you disagree with any of the terms below, do not use Smithy.

What we collect and why

Name and URL of your Slack workspace

We use this to personalise your experience in Smithy and to enable easy redirects back to the Slack app after adding Smithy to your workspace, respectively.

The number of people in your Slack workspace

We use this for internal reporting. We don't mass-gather details of members of any workspace.

Your name and/or display name

To identify you in the product and to reference you in a personalised manner.

Your avatar

This is the same picture that you use on Slack and we use it to personalise your experience in Smithy.

Email address

We don't automatically gather your email from your Slack account. You have to explicitly provide it. We use your email address to communicate important billing and product notifications. We aim to send you as little email as possible.

Workspace messages

Core Smithy functionality relies on processing messages in your Slack workspace. We respect the seriousness of having access to potentially sensitive information, and store only the bare minimum required for Smithy to function.

We don't see messages at all from channels that Smithy has not been intentionally added to.
We don't store all message content that reaches Smithy.
From the messages that we do store, we only store subjects and decisions, not general replies to threads.
We store the following additional metadata about Smithy-generated threads: the number of replies and Slack-specific thread, team, user, and message identifiers.

Usage Data

Usage data is collected automatically when using Smithy. Usage data may include information such as your device's IP address, browser type, browser version, the pages on Smithy that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit Smithy.

Cookies

Cookies are small files a site stores on your device through your browser that enables the site to recognise your browser and remember certain information.

Here is how cookies are used on Smithy:

Keeping you logged in on the Smithy website.
Our embedded video is provided by Loom, which uses its own cookies.
Our link to schedule a demo is provided by Calendly, which uses its own cookies.

You have the right to accept or reject our use of cookies. If you wish to exercise your right to reject our cookies, do not use Smithy or configure your browser to reject cookies.

Data storage and security

We use Linode servers to store and process your data. Linode is a popular, respected, and secure hosting provider. You can read their own legal and compliance documentation on their website.

Your data is encrypted when transmitted to Smithy. We additionally implement a variety of security measures to maintain the safety of your data.

If we discover that your data has been exposed to unknown third parties, we will notify you within 24 hours of discovery.

Remember that no method of transmission over the internet nor any method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

Data retention

Data from your Slack workspace is retained for as long as sufficient to continue providing Smithy's services to your Slack workspace.

Aggregated and anonymised data may be retained for internal reporting and business planning purposes.

We remove your personal data after you explicitly delete your own account on Smithy and when an administrator removes Smithy entirely from your Slack workspace, and sufficient time has passed to warrant data removal, subject to any legal obligations such as complying to applicable laws, resolving disputes, and enforcing our legal agreements and policies.

Data disclosure

Trusted third parties

As part of the day-to-day operations, Smithy inevitably shares data with third party partners that are integral to Smithy's business.

Paddle (https://paddle.com)
Billing and payment processor. Data shared: name, email, and other billing details for invoicing.
Linode (https://www.linode.com)
Hosting provider for all app and data storage.
Fathom (https://usefathom.com)
Privacy-focused analytics provider that we use to track and analyze service usage. No personal or workspace data reaches Fathom.

Business transactions

If Smithy is involved in a merger, acquisition or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

Law enforcement

Under certain circumstances, Smithy may be required to disclose your data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

Smithy may disclose your data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of Smithy
Prevent or investigate possible wrongdoing in connection with Smithy's service
Protect the personal safety of Smithy users or the public
Protect against legal liability

Children's privacy

Smithy does not knowingly collect data from children under the age of 13, and children under 13 are prohibited from using Smithy. If you learn that a child has provided us with personal data in violation of this privacy policy, you can alert us at .

Links to other websites

Smithy may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

GDPR and managing your data

The purpose of the European General Data Protection Regulation (GDPR) is to help protect the privacy of European Union (EU) citizens, by requiring people who process and control data about EU citizens to adhere to a set of rules and guidelines.

If you have a Smithy account and are an EU citizen, then you are subject to GDPR. We take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data.

If necessary, you may complete and sign a Data Processing Addendum (DPA). The DPA contains European Union Model Clauses, known as Standard Contractual Clauses, to meet the requirements for GDPR. You can request one by emailing us at or if you have your own DPA document, we are happy to review and sign it instead.

To get access to the personal data that we hold about you or to request correct or removal of your personal data, please contact us by email at . Where possible, we provide the means to do so directly within your account settings on the Smithy website. Where not possible or not sufficient, get in touch with us.

Sub-processors

We currently have two data sub-processors, whose relevant compliance links you can find below. In the case of Paddle, customer details are not automatically shared, but rather are provided directly to Paddle when choosing to subscribe to a paid plan.
Linode: DPA, EU Model Contract, Privacy Shield.
Paddle: Buyers Privacy Policy, GDPR.

In certain circumstances, you have the following data protection rights:

Right to object

You can oppose the processing of your personal data. This right to object exists only if there are sufficient legitimate and weighty grounds relating to your particular situation.

Right to access

Each Smithy user who proves their identity has a right of access to all information regarding the processing of their personal data by Smithy, as defined in the Privacy Act. This includes information on the purposes of the processing, the categories of data processed and relate the categories of recipients to whom the data are provided.

Right to rectification

You have the right to have your personal data rectified if that data is inaccurate or incomplete.

Right to forget

You can ask us to delete all data related to your account & activity from our system. Only the data we need to keep for legal & tax reasons will be kept.

Right to withdraw consent

You also have the right to withdraw your consent at any time where Smithy relied on your consent to process your personal data.

Right to data portability

You have the right to be provided with a copy of the data we have on you in a structured, machine-readable and commonly used format.

Right to restriction

You have the right to request that we restrict the processing of your personal data.

Complaints

As an EU citizen, you can report GDPR violations to your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here or searching on the internet. However, we aim to never let things escalate to the point where you need to file a complaint. Please contact us if you ever feel like we are not complying with your rights under GDPR and we will do our best to rectify the situation.

Contact us

If you have any questions about this privacy policy, you can contact us by email: .

Changes to this privacy policy

We may update our privacy policy from time to time and will post the updated version on this page. You are advised to review this page periodically for any changes.