Privacy policy

Privacy Policy

This Privacy Policy explains how Sidekick handles account data, connected app data, AI prompts, files, outputs, workspace memory, billing events, analytics, and support information.

Effective: June 8, 2026
Company: Autopilot Ventures LLC
Contact: josh@getasidekick.ai

Important summary

This summary is for convenience only. Sidekick processes information you provide, information from connected tools, and AI task data so it can operate. You control what you submit and connect. AI and integration providers may process data as part of delivering the service. Do not submit sensitive or regulated data unless your plan and legal obligations allow it.

1. Scope of this Privacy Policy

This Privacy Policy explains how Autopilot Ventures LLC, a Delaware limited liability company operating Sidekick, collects, uses, stores, shares, protects, and otherwise processes information when you visit getasidekick.ai, create an account, start a trial, subscribe, connect apps, interact with a Sidekick, use dashboards, communicate with support, or otherwise use our websites, products, services, integrations, automations, and related features.

This Policy applies to personal information, account information, business information, usage information, device information, billing-related information, support information, connected-app information, prompts, files, messages, outputs, workflow data, and other information processed through the Services. It does not replace any separate data processing agreement, enterprise agreement, or written contract signed by us.

By using the Services, you acknowledge this Privacy Policy. If you do not want us to process information as described here, do not use the Services, do not connect third-party apps, and do not submit information to Sidekick.

2. Information we collect

We collect information you provide directly, including your name, email address, password or authentication information, phone number, company details, website, social links, role, team information, business descriptions, onboarding answers, preferences, messages, prompts, files, documents, screenshots, links, instructions, feedback, support requests, and other information you submit.

We collect account and billing information, including plan selection, subscription status, trial status, payment processor identifiers, invoice details, tax information, billing address where required, payment status, renewal history, cancellation information, credits, usage limits, and payment-related events. Full payment card data is generally processed by our payment processor and not stored directly by us.

We collect usage and technical information, including log data, IP address, browser type, device identifiers, pages visited, referring pages, timestamps, session events, clicks, feature use, error reports, performance data, diagnostics, cookies, local storage, authentication state, integration status, API calls, model usage, task metadata, and security events.

If you connect third-party services, we may collect and process information from those services according to your permissions and instructions. This may include emails, calendar events, contacts, files, folders, document content, messages, channel names, workspace identifiers, repository data, CRM records, task data, Notion pages, Drive files, Slack messages, Telegram messages, metadata, and other information made available through the connection.

3. AI, prompts, outputs, memory, and workspace data

Sidekick is an AI agent tool. To provide the Services, we may process prompts, instructions, messages, files, screenshots, browser context, website content, business context, connected-app data, tool results, generated outputs, task history, preferences, and memory. This processing may be necessary for Sidekick to understand your business, respond to requests, perform tasks, maintain context, improve repeat workflows, troubleshoot issues, and provide support.

Your Sidekick may store business context, preferences, decisions, reusable workflows, task patterns, documents, outputs, and other information in memory or workspace files so it can provide more useful assistance over time. You are responsible for deciding what information to submit, what tools to connect, what permissions to grant, and what outputs to use.

AI systems and third-party model providers may process prompts, context, files, and outputs as part of providing responses. We take reasonable steps to use providers and configurations appropriate for the Services, but we do not control every third-party system and cannot guarantee that AI processing will be error-free, confidential in every circumstance, or suitable for regulated data unless expressly covered by a separate written agreement.

4. How we use information

We use information to provide, operate, maintain, secure, personalize, troubleshoot, and improve the Services. This includes account creation, authentication, onboarding, provisioning, workspace setup, task execution, AI processing, connected-app actions, support, billing, fraud prevention, abuse detection, service monitoring, analytics, product development, quality control, and communications.

We may use information to generate outputs, summarize information, draft content, perform research, automate workflows, edit files, connect tools, route tasks to models or providers, remember user preferences, enforce plan limits, prevent misuse, detect security issues, investigate bugs, comply with legal obligations, and protect our rights, users, systems, and third-party providers.

We may use aggregated, de-identified, or anonymized information to analyze usage, improve performance, develop features, measure product adoption, understand demand, benchmark reliability, and operate the business. We will not attempt to re-identify information that has been properly de-identified except as permitted by law for validation, security, or compliance.

5. Legal bases where required

Where laws such as the GDPR or UK GDPR apply, our legal bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security. Legitimate interests may include providing and improving the Services, securing accounts, preventing abuse, supporting customers, billing, analytics, product development, and business operations.

Where we rely on consent, you may withdraw consent where applicable, but withdrawal may not affect prior processing or processing required to provide the Services. If you connect third-party apps or submit information about others, you are responsible for having the necessary notices, permissions, and lawful bases.

6. How we share information

We may share information with service providers, subprocessors, contractors, affiliates, infrastructure providers, hosting providers, database providers, analytics providers, payment processors, fraud prevention providers, communications providers, customer support tools, AI model providers, integration providers, security tools, and professional advisors who help us operate the Services.

We may share information with third-party services you connect or direct us to use. For example, if you connect Gmail, Slack, Notion, Drive, Calendar, GitHub, Telegram, or another app, information may flow between Sidekick and that service according to your settings, permissions, instructions, and the third-party service’s own terms and privacy practices.

We may disclose information if required by law, subpoena, court order, legal process, regulator request, government request, or to protect rights, safety, security, property, users, third parties, or the public. We may also disclose information in connection with a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, due diligence, or change of control.

We do not sell personal information in the traditional sense. We do not share personal information with third parties for their independent cross-context behavioral advertising unless disclosed in a separate cookie or advertising notice or required by applicable law.

7. Cookies, analytics, and tracking technologies

We and our service providers may use cookies, pixels, local storage, session storage, SDKs, analytics tools, and similar technologies to keep you signed in, remember preferences, secure accounts, measure traffic, understand product use, improve performance, debug issues, prevent abuse, and support marketing or attribution where permitted.

You can control cookies through browser settings, but disabling cookies may break authentication, dashboard features, checkout, connected apps, or other parts of the Services. Some browsers provide Do Not Track or similar signals; we respond to legally required signals where applicable and otherwise handle privacy preferences according to available controls and applicable law.

8. Data retention

We retain information for as long as reasonably necessary to provide the Services, maintain accounts, operate workspaces, comply with legal obligations, resolve disputes, enforce agreements, collect fees, prevent fraud, maintain backups, improve products, and support legitimate business purposes.

Retention periods vary depending on the type of information, account status, plan, legal requirements, backup cycles, security needs, and operational constraints. Some information may remain in backups, logs, audit records, billing records, security systems, or archival systems for a limited period after deletion from active systems.

You are responsible for exporting or saving information you need before cancelling or deleting an account. We may delete or restrict access to workspace data after cancellation, termination, non-payment, inactivity, or operational need, subject to applicable law and written agreements.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication, infrastructure controls, monitoring, and provider security practices. However, no online service, AI system, integration, browser session, email system, hosting provider, or transmission method is perfectly secure.

You are responsible for using strong credentials, protecting devices, limiting team access, managing connected-app permissions, reviewing OAuth scopes, revoking unused integrations, keeping your own backups, and avoiding submission of unnecessary sensitive information. We are not responsible for unauthorized access caused by your credentials, devices, team members, connected accounts, third-party services, or failure to manage permissions.

10. International processing

We may process and store information in the United States and other countries where we or our service providers operate. Those countries may have privacy laws that differ from the laws where you live. Where required, we use appropriate transfer mechanisms or safeguards for international transfers.

By using the Services, you understand that information may be transferred to, processed in, and stored in locations outside your state, province, or country.

11. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to processing, withdraw consent, opt out of certain sharing, or appeal a privacy decision. These rights may be subject to verification, exceptions, legal limits, security needs, and our ability to identify the relevant information.

To make a privacy request, contact josh@getasidekick.ai. We may need to verify your identity, account ownership, authority, and jurisdiction before acting on a request. We will not discriminate against you for exercising rights provided by applicable law, but some requests may affect our ability to provide the Services.

If your data was submitted by a customer, employer, team owner, or workspace administrator, we may refer your request to that customer or administrator. Business customers are responsible for responding to requests relating to data they control unless a separate agreement says otherwise.

12. Children

The Services are intended for business users and are not directed to children under 13 or the minimum age required by applicable law. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can take appropriate action.

13. Sensitive and regulated information

Do not submit sensitive personal information, protected health information, payment card data, government identifiers, biometric data, children’s data, highly confidential information, regulated financial information, or other regulated data unless your plan, settings, written agreement, and applicable law expressly allow that processing and you have implemented required safeguards.

Sidekick is not designed to be the system of record for regulated healthcare, banking, legal, insurance, government, emergency, safety-critical, or similarly high-risk data unless expressly covered by a separate written agreement. You are responsible for ensuring your use complies with laws and contracts that apply to your business.

14. Third-party links and services

The Services may contain links to third-party websites, apps, integrations, providers, or services. Their privacy practices are governed by their own policies, not this Privacy Policy. We are not responsible for third-party privacy, security, content, outages, data handling, or compliance practices.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect product changes, provider changes, legal requirements, business practices, or operational needs. The updated Policy will be effective when posted unless a later date is stated. Your continued use of the Services after an update means you acknowledge the updated Policy.

If changes are material, we may provide notice through the Services, email, account notice, website notice, or other reasonable means where required by law.

16. Contact

The Services are operated by Autopilot Ventures LLC, Newark, Delaware, United States. For privacy questions, requests, or concerns, contact josh@getasidekick.ai.