OfficeBestie — Privacy Policy

Privacy Policy

Last updated: April 17, 2026

What we collect

OfficeBestie collects data necessary to provide your personal work assistant. We collect:

  • Identity: Email, display name, Slack user ID, timezone
  • Work activity: Action items, check-ins, todos, focus sessions (all private to you)
  • Help activity: Questions asked, answers given, expertise topics
  • Escalations: Flags you explicitly raise to your manager
  • Integration data: Jira issue references, GitHub PR references, Google Calendar events
  • Preferences: Notification settings, quiet hours, routing opt-out

How we use it

Your data is used exclusively to provide the OfficeBestie service:

  • Morning briefings (/action), end-of-day summaries (/packup)
  • Focus session tracking, todo management, help routing
  • Cross-app automation (Jira status transitions, PR review nudges)
  • Team-level analytics for managers (aggregated, never individual)
  • AI coaching (private to you, ephemeral, never stored permanently)

Privacy model

Engineer's data is private by default

  • Your todos, coaching, and personal patterns are never visible to your manager
  • Check-ins and focus topics are shared with your team in the daily pulse — so teammates know what you're working on
  • Only items you explicitly /flag reach your manager
  • Managers see team aggregates only — never individual performance data
  • The "someone may need support" signal never reveals who
  • Help request routing shows names only because you chose to answer

Data retention

  • Completed action items and help requests: automatically deleted after workspace retention period (default 30 days)
  • Resolved flags, completed work sessions, done todos: automatically deleted after retention period
  • Open/active items: kept until completed or manually deleted
  • User account data: kept until you request deletion

Your rights

  • Right to access: Download all your data at /my/privacy (JSON export)
  • Right to erasure: Request complete deletion at /my/privacy
  • Right to object: Opt out of help routing via /settings routing off
  • Right to restrict: Disable notifications via /settings
  • Data portability: Export is in standard JSON format

These rights apply under GDPR (EU), CCPA (California), and India's Digital Personal Data Protection Act 2023.

Third-party integrations

  • Slack: We receive message events and reactions via Slack's API. We store Slack user IDs and message timestamps, not full message content.
  • Jira: We sync issue metadata (key, summary, status, assignee email). We do not store Jira passwords.
  • GitHub: We receive webhook events for PRs and deployments. We store PR metadata, not code content.
  • Google Calendar: We access your calendar (read-only) to show today's meetings. OAuth tokens are stored securely. You can disconnect at any time.
  • Anthropic (AI): AI coaching uses the Anthropic API. Your data is sent for processing and not stored by Anthropic.

Security

  • All data transmitted over HTTPS/TLS
  • Authentication tokens stored as SHA-256 hashes
  • Integration credentials encrypted at application level
  • Database access restricted to application only
  • Webhook signatures verified for Slack and GitHub

Contact

For privacy questions or data requests, contact your workspace administrator or email us at privacy@officebestie.dev.

Made with ❤️ by Abhaya Code Labs

© 2026 Abhaya Code Labs. All rights reserved.