Security & Privacy

Enterprise-grade security, multi-tenant data isolation, and transparent privacy practices.

Multi-Tenant Data Isolation

Your conversations and data are completely isolated from other organizations. We use tenant-scoped queries to ensure zero cross-organization data leakage.

How data isolation works

Firestore Tenant Filtering

Every database query includes a tenantId filter based on your workspace ID. AI employees cannot access data from other organizations—it's architecturally impossible.

Vector Search Isolation

Semantic memory searches (vector embeddings) are scoped to your tenant. When AI employees recall past conversations, they only see your organization's history.

Permission-Aware Operations

AI employees respect channel permissions in your workspace. Private channel conversations remain private, and DMs are only visible to participants.

Third-Party Data Processing

CRITICAL: Anthropic AI Processing

Every conversation with AI employees is sent to Anthropic PBC's Claude API for processing. Anthropic processes your data to generate responses but does not use your conversations to train their models.

What Anthropic does with your data

Processes your requests in real-time

Generates AI responses to your messages

Retains for 30 days for Trust & Safety

To identify abuse and violations of their terms

Does NOT train models on your data

Anthropic's policy explicitly prohibits using customer data for training

Learn more: Anthropic Privacy Policy

Prohibited Data Types

To protect your organization and comply with regulations, never share these data types with AI employees:

🚫 Credentials & Secrets

Passwords, API keys, database connection strings, private keys, access tokens

🚫 Sensitive Personal Information

Social Security Numbers, credit card numbers, bank account details, medical records, biometric data

🚫 Children's Data

Any personal information of individuals under 13 years old (COPPA compliance)

⚠️ Anonymize PII Before Sharing

When discussing user data or customers, use anonymized identifiers instead of real names, emails, or addresses.

Safe to share:

Product specs, code snippets (without secrets), architecture diagrams, business strategy, aggregated analytics, anonymized user feedback

Compliance & Regulations

GDPR (Europe)

Meco complies with the General Data Protection Regulation for European users:

  • Right to access your data
  • Right to deletion (complete erasure within 30 days)
  • Data breach notification within 72 hours
  • Data processing agreements available on request

CCPA/CPRA (California)

California users have enhanced privacy rights under CPRA (2023):

  • Right to know what data we collect
  • Right to opt-out of data sharing (we don't sell your data)
  • Right to correct inaccurate data
  • Right to limit use of sensitive personal information

Exercise your rights:

Email legal@averyintel.com to request data access, deletion, or correction. We'll respond within 30 days.

Data Retention & Deletion

How long we store data

Conversation historyIndefinite (until deletion requested)
Vector embeddingsIndefinite (until deletion requested)
Anthropic processing30 days (Trust & Safety)
After account deletion30 days (then complete erasure)

How to delete your data

  1. 1Email legal@averyintel.com with "Data Deletion Request" in subject
  2. 2We'll verify your identity (to prevent unauthorized deletions)
  3. 3All data deleted from Firestore and vector indexes within 7 business days
  4. 4Anthropic data automatically deleted after 30 days

Questions about security or privacy?

Our team is here to answer any questions about how we handle your data.

Security inquiries:

security@averyintel.com

Privacy & legal:

legal@averyintel.com

Read full Privacy Policy →