Privacy

Privacy Policy

This Privacy Policy explains what information we collect, how we use it, who we share it with, and how tenants and end users can exercise their rights.

Last updated: May 7, 2026

Industry Rockstar Switzerland GmbH (“Industry Rockstar”, “we”, “us”) operates Katalyst Business OS, a multi-tenant software-as-a-service product that automates email triage, social-media publishing, lead intake, and pre and post-call workflows for small businesses (“tenants”). This policy explains what information we collect, how we use it, who we share it with, and how tenants and end users can exercise their rights.

1. Who we are and how to reach us

Controller: Industry Rockstar Switzerland GmbH. Privacy contact: [email protected]. We respond to verified data-subject requests within 30 days.

2. Information we collect

Account and tenant data

The email address, display name, and password hash used to sign in, plus the workspace (“tenant”) the user belongs to. Multi-tenant isolation is enforced at the database layer through Postgres row-level security policies on every table.

OAuth refresh tokens

When a tenant connects Google or Meta, we store the refresh token issued by that provider so we can renew short-lived access tokens. Refresh tokens are stored encrypted at rest and never transmitted to any third party.

Email content (Gmail integration only)

When a tenant activates the Email Triage workflow, we read new inbound messages in the connected mailbox in order to classify them and draft suggested replies. Message bodies, subjects, and sender addresses are processed transiently and a redacted excerpt is retained as described in section 6.

Social-media account metadata (Meta integration only)

The Facebook Page id, Instagram Business Account id, Page name, and access token for pages the tenant explicitly selects during the Meta OAuth handshake. We do not request or store user friend lists, private profiles, or messages.

Tenant-uploaded knowledge

Documents, transcripts, voice profiles, and few-shot examples the tenant uploads to guide the assistant. These are stored in the tenant’s row-level isolated partition and embedded as numeric vectors (pgvector) for similarity search. Embeddings are derived data and inherit the same access boundaries and deletion rules as the source content.

Operational metadata

Timestamps and status of automated runs (success, error, token usage), used for billing, analytics, and troubleshooting. This metadata does not include message bodies.

3. How we use Google user data

The Email Triage workflow requests the following Gmail OAuth scopes:

  • https://www.googleapis.com/auth/gmail.modify — used to read new inbound messages and apply organizational labels (e.g. “Triaged”, “Lead”, “Spam”).
  • https://www.googleapis.com/auth/gmail.labels — used to provision the Katalyst label hierarchy in the user’s mailbox during initial setup.
  • https://www.googleapis.com/auth/gmail.compose — used to create draft replies that the user reviews and sends manually. We do not send email on the user’s behalf.

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Google user data to develop, improve, or train generalized or non-personalized artificial-intelligence or machine-learning models. Per-tenant prompt engineering and per-tenant embedding indexes are not considered training of a generalized model and remain isolated to the tenant that supplied the data.

We do not allow humans to read Google user data except: (a) with the user’s explicit, opt-in consent for a specific operation, (b) when strictly necessary for security investigations or to comply with applicable law, (c) to perform internal operations on aggregated, anonymized data, or (d) when the user has affirmatively published the content. We do not sell Google user data, do not use it for advertising, and do not use it to determine creditworthiness or for lending decisions.

4. How we use Meta Platform data

The Social Posts workflow requests the following Meta Graph API permissions: pages_show_list, pages_manage_posts, pages_read_engagement, instagram_basic, instagram_content_publish, and business_management. We use these permissions solely to: (a) list the Pages and Instagram Business Accounts the authenticated user administers so they can pick which one to connect, (b) publish posts the tenant has explicitly approved, and (c) read aggregate engagement metrics (likes, comments, impressions) on the tenant’s own posts so the assistant can report performance.

This Privacy Policy will not supersede, modify, or be inconsistent with the Meta Platform Terms or Meta Developer Policies. In the event of a conflict, the Meta Platform Terms control with respect to data received from Meta APIs.

We do not use Meta Platform data to: discriminate or facilitate discrimination against any person or class; make decisions about eligibility for housing, employment, insurance, education, or credit; surveil people or facilitate surveillance; sell, license, or purchase Platform Data; place Platform Data in a search engine or directory; or use Platform Data to develop generalized AI or ML models that benefit anyone other than the tenant from whose account the data was collected.

5. AI processing and training

We use OpenAI APIs as the underlying inference provider for drafting, classification, and embedding. OpenAI is contractually prohibited from training their models on data submitted through their API and we have enabled a Zero Data Retention agreement for traffic that includes Google or Meta user data, meaning OpenAI does not retain that traffic after the response is returned.

We do not train, fine-tune, or otherwise build any generalized machine-learning model on tenant content, Google user data, or Meta Platform data. Per-tenant embeddings used for retrieval-augmented generation are stored only in the originating tenant’s row-level isolated partition and are deleted when the source content is deleted.

AI-generated outputs (suggested replies, social posts, summaries) are presented to the tenant for human review before any external action is taken. The tenant remains responsible for the final content that is sent or published. We disclose AI involvement in its own UI and include a generic AI-assistance notice in published content where the destination platform requires it.

6. Data retention

  • Email message bodies retrieved from Gmail are processed transiently. A redacted excerpt of the draft (subject, category, and a 200-character body snippet) is retained for 90 days for audit and quality review and then automatically purged.
  • Social-media post content (caption, media URL, schedule) is retained for the lifetime of the tenant’s account so the tenant can review their own publishing history. Tenants can delete individual posts at any time.
  • Tenant-uploaded knowledge documents and voice profiles are retained until the tenant deletes them or closes their account.
  • OAuth refresh tokens are kept while the integration is active and are deleted within 7 days of disconnection or token revocation.
  • Operational metadata (run timestamps, token-usage counters) is retained for 24 months for billing reconciliation and capacity planning.
  • Daily-summary narratives are retained indefinitely as part of the tenant’s historical record; they contain no message bodies.

7. Subprocessors

We share data only with subprocessors strictly required to operate the service. Each is bound by a data-processing agreement that restricts them to processing on our instructions:

  • Supabase, Inc. — managed Postgres database, authentication, object storage, and edge-function runtime. United States.
  • OpenAI, L.L.C. — large-language-model inference and embedding generation. United States. Zero Data Retention is enabled for Google and Meta user data.
  • Fly.io, Inc. — hosts the n8n workflow runtime that orchestrates the per-tenant automations. United States.
  • Stripe, Inc. — billing and subscription management. We do not store full card numbers; Stripe is the card-data processor. United States.
  • Google LLC — Workspace APIs the tenant has authorized (Gmail). United States.
  • Meta Platforms, Inc. — Facebook Pages and Instagram Graph APIs the tenant has authorized. United States.

We do not sell personal information. We do not share data with advertisers. We do not use the data for behavioral advertising or for any purpose unrelated to the service the tenant has requested.

8. Your rights

Tenants and end users may request access to, correction of, or deletion of personal information we hold about them. To exercise these rights:

  • Disconnect an integration: visit /settings/integrations while signed in. Disconnecting revokes the OAuth token and stops further processing immediately.
  • Revoke from the source: Google users can revoke Katalyst at myaccount.google.com/permissions. Meta users can revoke at facebook.com/settings (Business Integrations).
  • Delete an account: email [email protected] from the registered tenant address with the subject “Account deletion request”. We will delete or anonymize all personal data within 30 days and confirm by email.

9. Data deletion instructions (Meta App Review)

To request deletion of all data associated with your Meta account: (1) sign in and disconnect the Meta integration at /settings/integrations, which immediately stops ingestion and queues stored Page and Instagram metadata for deletion within 7 days, or (2) email [email protected] with the subject “Meta data deletion request” and include the Facebook user id or Page id you connected. We will confirm deletion within 30 days.

10. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Postgres row-level security policies enforce that one tenant cannot read another tenant’s rows even if application code is compromised. OAuth tokens are stored in a column encrypted with a per-project key. Access to production secrets is limited to a named list of engineers and is logged.

11. International use and data transfers

We are established in Switzerland and offer the Service to tenants and end users worldwide. Personal data is primarily processed on infrastructure located in the United States (Supabase, OpenAI, Fly.io, Stripe). Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, the Swiss Data Protection Act, or equivalent transfer mechanisms with each subprocessor.

Users in the European Economic Area, the United Kingdom, and Switzerland have rights under the EU General Data Protection Regulation, the UK Data Protection Act, and the Swiss Federal Act on Data Protection respectively. Users in California have rights under the California Consumer Privacy Act. Users in other jurisdictions have the rights granted by the mandatory law of their country of residence. To exercise any of these rights, contact us at the address in section 1.

12. Children

Katalyst Business OS is a B2B product not directed at children under 13. We do not knowingly collect personal information from children.

13. Changes to this policy

We will post any material changes to this policy on this page and update the “Last updated” date. Continued use of the service after a change constitutes acceptance of the updated policy.

Questions about how we handle data?

Our team is available to clarify any aspect of how Katalyst Business OS stores, protects, or processes information.

Contact Support View Security Practices