Index.brain: The company brain for AI agents

What we collect

Index.brain collects only what is necessary to operate the service: your name, email address, and company name when you sign up; OAuth tokens to read data from connected tools; and usage metadata (which integrations are connected, processing timestamps, activity logs).

We do not store raw emails, Slack messages, or documents. We extract structured knowledge (facts, decisions, processes) from your data and then discard the original content. The knowledge we extract is stored in your organization's isolated database partition.

How we use your data

Your data is used solely to provide the Index.brain service to you:

Extracting and structuring company knowledge into skills
Delivering skills to authorized AI agents via MCP and API
Showing you activity logs and processing status
Sending transactional emails (processing complete, security alerts)

We never sell your data. We never use your data to train AI models.

Data isolation

Every organization's data is completely separated at the database level. Every query includes an organization ID filter. One company's knowledge is never accessible to another.

AI processing

We use the Claude API (Anthropic) to extract structured knowledge from your content. Content sent to Claude is processed under Anthropic's API terms, which prohibit using API data to train models. We use Claude Haiku for simple tasks and Claude Sonnet for complex extraction.

Data retention and deletion

You can delete your account and all associated data at any time from Settings → Data Management. We will permanently delete all your organization's knowledge, skills, facts, and OAuth tokens within 24 hours of the request. Activity logs are deleted within 7 days.

When you disconnect an integration, you choose whether to keep the extracted knowledge or delete it. Deletion is permanent and immediate.

Security

All data is encrypted in transit (HTTPS/TLS) and at rest. OAuth tokens are stored encrypted. Authentication is managed by Clerk with support for MFA. We log every data access event in activity logs.

In the event of a data breach affecting your data, we will notify you within 72 hours.

Third-party services

Clerk — authentication and session management
Railway — database and backend hosting
Vercel — frontend hosting
Anthropic (Claude API) — AI knowledge extraction
Sentry — error monitoring (no user content sent)

Contact

Questions about your data or this policy: privacy@indexbrain.com

Privacy Policy