Data retention policy
Ciroos retains customer data only as long as needed to provide the service. Data processed through the app for Slack — bot commands, linked-account identifiers, channel-to-project/cluster mappings, and "Ask Ciroos" conversations — is retained for the duration of the active subscription. Operational and diagnostic logs are retained for 7 days and then automatically purged. When a workspace uninstalls the app or an account is closed, associated customer data is deleted within 7 days. We do not retain data beyond these periods except where required by law.
Data archiving and removal policy
Customers can request removal of their data at any time by uninstalling the app for Slack or contacting support at support@ciroos.ai. On uninstall or account termination, we revoke the OAuth token, stop all data processing, and delete customer data from production systems within 7 days. Encrypted backups containing customer data are retained on a rolling 2-day cycle and are fully expired within 7 days, after which no copies remain. We do not maintain long-term archives of customer content. Verified deletion requests are honored within 7 days, and we confirm completion to the requester.
Data storage policy
Customer data is stored in [AWS / GCP] in the designated region. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production data is restricted to authorized personnel under least-privilege controls, protected by SSO and MFA, and access is logged and audited. Data is logically isolated per customer organization. Secrets and OAuth tokens are stored in [AWS Secrets Manager / a dedicated secrets store] and never logged in plaintext.
Data center location(s)
United States
Data hosting details
Cloud Hosted
Data hosting company
AWS, GCP
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
Anthropic Claude, Google Gemini, OpenAI GPT
LLM retention settings
Provider does not train on data submitted via the API. Inputs/outputs are retained up to seven days for abuse monitoring, then deleted" — or "zero retention under our zero-data-retention agreement.
LLM data tenancy policy
Each organization is considered as a unique tenant and there is hard separation between organization boundaries, i.e. data is always kept secure within the confines of an organization. Furthermore, multiple “projects” can be defined within an organization
LLM data residency policy
All inference occurs in US regions (e.g., AWS us-east-1); region is pinned and data does not leave the US.