Legal

Privacy Policy

Last updated: March 30, 2026

This Privacy Policy explains how Sleek AI ("Sleek", "we", "us") handles personal data when you use our websites, applications, and related services. It is meant to be read alongside our Terms of Service, Cookie Policy, and (for organizations) our Data Processing Addendum.

Scope & data controller

Depending on your relationship with us, we may act as a controller for account, billing, and communications data, and as a processor for certain content you upload to workspaces subject to customer instructions and our DPA. The data controller for site marketing and account relationship data is the Sleek entity identified in your order form or terms of service. For general inquiries, use the contact details at the end of this policy.

Information we collect

Account & profile data

Name, email address, organization, role, authentication identifiers, and preferences you set in-product (for example notification settings).

Billing data

Payment-related metadata processed by our payment partners—such as transaction identifiers, plan tier, tax jurisdiction signals, and invoicing contacts. We do not store full payment card numbers on Sleek infrastructure; our payment partners handle card data according to their documentation.

Content & files

Prompts, uploads, generated outputs, attachment metadata, and collaborative artifacts that you or your workspace members submit. This may include personal data if you choose to include it in prompts or files.

Technical & usage data

Device type, browser, IP address, coarse geolocation derived from IP, timestamps, crash diagnostics, performance metrics, and product analytics events when permitted by your cookie choices and deployment configuration.

Support & sales interactions

Messages you send to us, call recordings where legally recorded with notice, and materials you attach to vendor questionnaires.

How we use information

We use personal data to:

Provide, operate, and improve the service, including AI-assisted features you invoke.
Authenticate users, prevent fraud, and protect the security of our systems and customers.
Bill, collect payments, calculate taxes where applicable, and manage subscriptions according to plan rules.
Communicate service updates, security notices, and—where permitted—product education.
Analyze usage in aggregate or pseudonymous form to prioritize engineering work.
Comply with law, enforce our terms, and respond to lawful requests following validation procedures.

Legal bases (EEA/UK readers)

Where GDPR applies, we rely on contract (providing the service you requested), legitimate interests (securing the platform, understanding aggregated usage, and communicating necessary updates), consent (non-essential cookies and certain marketing), and legal obligation when required by regulators or courts.

Subprocessors & sharing

We use vetted service providers for hosting, authentication, email, analytics (when consented), payment processing, customer support tooling, and security monitoring. Providers access data only to deliver their function and under contractual terms that require confidentiality and appropriate security. We may disclose data if required by law, to protect rights and safety, or as part of a merger or acquisition subject to continuity protections described in your agreement.

Retention

We retain account data while your relationship is active and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal record-keeping. Content in workspaces follows workspace deletion and admin export policies communicated in-product. Backup systems may retain redundant copies for a limited technical window before aging out.

International transfers

Your data may be processed in countries other than where you live. Where required, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, and we assess transfer risk in line with regulatory guidance.

Security

We implement administrative, technical, and organizational measures designed to protect personal data, described at a high level on our Security page. No method of transmission over the Internet is completely secure; we encourage customers to use strong passwords, MFA where available, and least-privilege sharing inside workspaces.

Your privacy rights

Depending on law, you may request access, correction, deletion, restriction, objection, or portability regarding personal data we control. You may also withdraw consent where processing was consent-based, without affecting prior lawful processing. To exercise rights, contact us with verifying information. You may lodge a complaint with your local supervisory authority.

Workspace administrators may manage certain employee or contractor accounts. Some requests must be routed through your organization if we process data solely as a processor.

Changes & contact

We may update this policy to reflect product, legal, or operational changes. Material updates will be announced through reasonable means (for example email or in-product notice). Continued use after the effective date constitutes acceptance where permitted by law.

For privacy questions or requests, contact us at the email shown in the Trust Center footer. Allow reasonable time for identity verification before we fulfill sensitive requests.