Octopad ("we," "us," or "our") is a project intelligence platform for human-AI teams, operated by Beemo Consulting. This Privacy Policy describes how we collect, use, store, and share information when you use the Octopad service available at octopad.app and related websites (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with our practices, please do not use the Service.
Summary: We collect only the data necessary to provide the Service. We do not sell your personal data or use it for advertising. Google user data obtained through OAuth is used solely for authentication and delivering the features you request.
When you sign up for Octopad, we collect:
As you use the Service, we store the content you create or that is generated on your behalf:
We automatically collect certain technical information when you use the Service:
Octopad offers sign-in via Google OAuth 2.0. When you authenticate using your Google account, we request access to the following data from Google:
Octopad's use of Google user data is limited to the purposes described in this policy. We do not use Google user data to serve advertising, we do not transfer it to third parties except as necessary to operate the Service (e.g., our database provider), and we do not use it for purposes beyond the features explicitly requested by the user.
We comply with the Google API Services User Data Policy , including the Limited Use requirements. Google user data is not shared with any third party for marketing, analytics resale, or any purpose unrelated to operating the Service.
You can revoke Octopad's access to your Google account at any time from your Google Account permissions page . Revoking access will prevent you from signing in via Google; you can contact us to delete your account entirely.
We use the information we collect to:
We do not use your workspace content (tasks, pages, decisions) to train general-purpose AI models without your explicit consent.
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
Workspace data is shared with other members of your Octopad organization that you or an admin have added. Access is governed by role-based permissions (owner, admin, member, viewer).
We use trusted third-party service providers to operate the Service. These providers access your data only to perform services on our behalf and are contractually obligated to protect it:
We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Octopad, our users, or the public.
In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.
Your data is stored in Supabase-managed PostgreSQL databases hosted on cloud infrastructure in the United States. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
We implement industry-standard security measures including row-level security (RLS) on all database tables, scoped API tokens, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
If you become aware of a security vulnerability or breach, please contact us immediately at [email protected].
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain information longer.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.
Octopad uses cookies and similar technologies to maintain authentication sessions and remember your preferences. We use the following types of cookies:
We do not use advertising or cross-site tracking cookies. Most web browsers allow you to control cookies through settings. Note that disabling cookies may impact Service functionality.
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verified parental consent, we will delete that information promptly.
If you believe we may have inadvertently collected information from a child, please contact us at [email protected].
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and update the "Last updated" date at the top of this page. Your continued use of the Service after notification constitutes acceptance of the updated policy.
We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: