Customer OS · Skylarq
Privacy Policy
Customer OS by Skylarq builds a living, shared memory of every customer from the tools your team already uses — Gmail, calendar, and Slack — and makes it available to your AI and your whole team. This policy explains what we collect, why, and how we protect it.
1. Information We Collect
Account Data
When you create a Customer OS account or join our early access program, we collect:
- Name and email address
- Company name and job title (optional)
- Authentication credentials (securely hashed; we never store plaintext passwords)
- Billing information if you subscribe to a paid plan (processed by our payment provider; we do not store full card numbers)
Connected Source Data
Customer OS only works once you connect the sources it should remember. With your authorization (via OAuth), we read data from the tools you connect — such as Gmail, Google Calendar, and Slack, and optionally Notion, HubSpot, or Google Drive — to build and keep your customer memory current. Depending on what you connect, this can include:
- Email threads, calendar events, and messages related to your customers and accounts
- Contacts, companies, and relationship data
- Notes, documents, and CRM records you choose to connect
You choose which sources to connect, and you can disconnect any source at any time. We only request the minimum OAuth scopes needed to provide the service.
Usage Data
We collect anonymized usage telemetry to improve the product:
- Feature usage frequency (which capabilities you use, not the content within them)
- Service performance metrics (error rates, response times)
- General interaction patterns and session activity
2. How We Use Your Information
We use the information we collect to:
- Build and maintain your customer memory — process the sources you connect into a structured, living brief on every customer and account, kept up to date as new activity arrives
- Deliver the service to your AI and team — make that memory available to your AI tools through the Model Context Protocol (MCP) and to the teammates in your workspace
- Provide and maintain your account — authenticate you, deliver updates, and keep the service running correctly
- Improve Customer OS — analyze aggregated, anonymized usage patterns to prioritize features and fix issues
- Communicate with you — send product announcements, security alerts, and support responses (you can unsubscribe from non-essential communications at any time)
- Process AI requests — when building briefs or answering your questions, the relevant context is sent to our AI provider, processed, and returned. We do not retain these requests beyond the time needed to fulfill them, and your data is never used to train third-party models
- Ensure security — detect and prevent fraud, abuse, and unauthorized access
3. Data Storage & Security
Your workspace is isolated. The customer memory we build for you is stored within your own workspace and is never merged with, or made visible to, any other customer. Your data is yours.
Customer OS is a hosted service, so the memory it builds is stored on secure cloud infrastructure rather than on a single device — that is what lets your whole team and your AI share one source of truth. We protect it with:
- Encryption of all data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Hosting on infrastructure that maintains SOC 2 compliance
- Strict access controls — production access is limited to authorized personnel using multi-factor authentication
- Per-workspace isolation so one customer's data is never accessible to another
Data Retention
Your data is retained for as long as your account is active. If you disconnect a source, we delete the data derived from that source. If you delete your account, we remove your personal information and connected-source data from our systems within 30 days, except where retention is required by law.
4. Third-Party Services
Customer OS relies on a small number of third-party services to deliver its features. When you connect a third-party service, the data shared is governed by that service's privacy policy in addition to ours.
- AI providers — We use large language model providers (primarily Anthropic's Claude) to build your customer memory and answer your questions. Data sent to these providers is not used to train their models. See our AI Transparency page for details.
- Connected sources — Integrations such as Gmail, Google Calendar, Slack, Notion, HubSpot, and Google Drive are authorized via OAuth using the minimum scopes necessary. We do not store your source passwords.
- Analytics & site measurement — We use analytics services to understand how our website and product are used — including PostHog for product analytics and, where enabled, session replay, and web-analytics tools such as Google Analytics. We may also use third-party services that help us identify the organizations and business visitors that come to our website. We do not sell your personal information. On our website, these non-essential analytics run only with your consent (see Section 7).
- Payment processing — Payments are processed by Stripe. We do not store full payment card details on our servers.
5. Data Sharing
We do not sell, rent, or trade your personal information or your connected-source data. We share data only in these limited circumstances:
- Within your workspace — Your customer memory is shared with the teammates you invite to your workspace. You control who has access.
- With your consent — When you explicitly authorize an export, integration, or sharing action
- Service providers — With trusted vendors who process data on our behalf (hosting, AI processing, analytics, payments), bound by data processing agreements
- Legal requirements — When required by law, subpoena, or government request, or to protect the rights, property, or safety of Allston Labs, our users, or others
- Business transfers — In connection with a merger, acquisition, or sale of assets. We will notify you before your data becomes subject to a different privacy policy
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Correction — Request that we correct inaccurate or incomplete data
- Deletion — Request that we delete your personal data
- Portability — Request your data in a structured, machine-readable format
- Objection — Object to certain processing activities, such as marketing communications
- Restriction — Request that we limit how we use your data while a complaint is being resolved
You can disconnect any source or delete your workspace data at any time from within Customer OS. For account-level requests, email privacy@allstonlabs.com and we will respond within 30 days.
7. Cookies & Tracking
Our website (skylarq.ai) uses essential cookies and similar storage required for basic functionality and security. We also use non-essential cookies and similar technologies for the analytics and visitor-identification services described in Section 4 above.
You can accept or decline non-essential analytics using the consent banner shown on your first visit; you can change your choice at any time by clearing this site's browser storage, or by emailing privacy@allstonlabs.com. Our product analytics (PostHog) does not start until you accept and respects your browser's Do Not Track signal. We do not use advertising cookies or run cross-site ad-targeting.
8. Children's Privacy
Customer OS is designed for business professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@allstonlabs.com and we will promptly delete it.
9. International Data Transfers
Customer OS is operated by Allston Labs, Inc., a company incorporated in Delaware, United States. If you access the service from outside the United States, your data may be transferred to and processed in the United States.
We implement appropriate safeguards for international data transfers, including standard contractual clauses where required.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email or an in-product notification for significant changes
- Provide a summary of what changed
Your continued use of Customer OS after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, your data, or your rights, reach out to us:
- Privacy inquiries: privacy@allstonlabs.com
- General contact: phillip@allstonlabs.com
Allston Labs, Inc.
Wilmington, Delaware, United States
We aim to respond to all privacy-related inquiries within 30 days.