Privacy Policy

1. What We Collect

When you sign up, we collect:

• Your name, email address, company name, and role title
• Your Salesforce OAuth access and refresh tokens (encrypted at rest)
• Your PostgreSQL connection string (stored encrypted in AWS SSM Parameter Store — never in our application database)
• Object mapping configurations and sync preferences you create
• Feedback, bug reports, and feature requests you voluntarily submit

We also collect standard server logs (IP address, request path, timestamps) for security and debugging purposes. These logs are retained for 30 days.

2. What We Do Not Store

AlgoBridge never stores your Salesforce records or PostgreSQL row data in our platform database. Synced data flows directly between your Salesforce org and your own PostgreSQL database. We only store metadata required to operate the sync engine (field mappings, sync state, error logs referencing record IDs — not record content).

3. Feedback & Public Consent

When you submit feedback through our feedback form, we store your submission in our platform database. If you check the "I consent to having this feedback published publicly" checkbox, your first name and feedback may be displayed on the Community page. Submissions without consent are visible only to our admin team. You may request removal of your published feedback at any time by contacting us.

4. Third-Party Services

• Clerk — handles user authentication. Your email and profile data are stored in Clerk. See Clerk's Privacy Policy.
• AWS — we run on AWS ECS Fargate and Amazon RDS for PostgreSQL (US East) for platform metadata (workspaces, mappings, sync state). Tenant-provided database URLs are stored in AWS SSM Parameter Store as SecureStrings encrypted with KMS. See AWS Privacy Policy.
• AWS SES — we use Amazon Simple Email Service to send transactional emails (invitations, notifications). Your email address is processed by AWS only to deliver emails you request. See AWS Privacy Policy.

5. Data Retention

We retain your account data for as long as your account is active. Sync history and trigger logs are archived after 31 days and purged after 62 days. If you delete your account, we will remove your personal data within 30 days, except where retention is required for legal compliance.

6. Security

We use HTTPS for all data in transit. Database credentials are never logged or stored in plaintext. Access to production infrastructure is restricted to authorised personnel. However, no system is 100% secure — use this service at your own risk during the beta period.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, submit a request via our feedback page with type "General" and include "Data Request" in the subject.

8. Changes to This Policy

We may update this policy as the product and applicable laws evolve. Significant changes will be communicated via email. Continued use of the service constitutes acceptance.