Legal
Privacy Policy
Last updated: March 17, 2026
This Privacy Policy describes how Furlough AI, Inc. ("Furlough," "we," "us," or "our") collects, uses, and protects information when you use our organizational intelligence service (the "Service"). We take data protection seriously — the nature of our product demands it.
1. What We Collect
Furlough collects data through two channels: direct interactions with our website and integrations with your organization's tools.
Website visitors: When you visit furlough.ai or request access, we collect your email address and any information you voluntarily provide. We do not use tracking cookies or third-party analytics.
Organizational data via Integrations: When your organization connects the Service to its tools, we ingest activity signals from those platforms. The specific data varies by integration:
| Integration | Data ingested |
|---|---|
| GitHub | Commits, pull requests, code reviews, issue comments, repository metadata |
| Jira | Issues, comments, assignments, status transitions, project metadata |
| Slack | Channel messages, thread replies, reactions (public channels only) |
| Discord | Channel messages, thread replies (server text channels only) |
| Confluence | Pages, comments, edit history, space metadata |
| Notion | Pages, databases, comments, edit history |
| Granola | Meeting notes and transcripts |
Additional integrations may be added in the future. We will update this table accordingly and notify affected customers before enabling new data collection.
2. How We Use Data
We use the data we collect for the following purposes and no others:
- Delivering the Service: Building knowledge graphs, computing ownership scores, identifying documentation gaps, and generating organizational insights for your leadership team.
- Identity resolution: Mapping accounts across platforms (e.g., linking a GitHub username to a Slack profile) to build a unified view of each person's contributions and expertise.
- Service improvement: Diagnosing errors, improving performance, and developing new features. We use aggregated, de-identified data for this purpose — never raw Customer Data.
- Communication: Responding to access requests, providing support, and sending service-related notices.
We do not sell, rent, or share Customer Data with third parties. We do not use Customer Data to train machine learning models outside the scope of your organization's Service instance.
3. Data Storage and Security
Customer Data is stored in encrypted databases hosted on secure infrastructure. We implement industry-standard security measures including:
- Encryption at rest and in transit (TLS 1.2+).
- Access controls limiting data access to authorized personnel and automated systems.
- Logical isolation between customer organizations — one customer's data is never accessible to another.
- Regular security reviews of our integration endpoints and data pipelines.
4. Data Retention
We retain Customer Data for the duration of your subscription. Upon termination:
- All Customer Data and derived insights are deleted within 30 days.
- You may request immediate deletion at any time by contacting us.
- Aggregated, de-identified statistics (e.g., system performance metrics) may be retained indefinitely.
5. Third-Party Services
We use a limited number of third-party services to operate the Service (e.g., cloud hosting, database providers). These providers are contractually obligated to protect your data and may only process it on our behalf. We do not share Customer Data with advertising networks, data brokers, or any non-essential third parties.
6. Individual Rights
Because the Service is deployed at the organizational level, individual employees within a customer organization should direct data-related requests to their employer. If you are an individual within an organization using Furlough and have concerns about how your data is being processed, we encourage you to contact your organization's administrator.
If you are a website visitor, you may request access to, correction of, or deletion of your personal information by contacting us at the address below.
7. International Transfers
Customer Data may be processed in the United States. If your organization is located outside the United States, by using the Service you consent to the transfer of data to the US, subject to the protections described in this policy.
8. Children's Privacy
The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify customers of material changes at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].