Conigma, Inc.
Conigma, Inc. ("Conigma," "we," "us," or "our") provides the Service. This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the choices and rights you have.
By using the Service, including by installing or connecting the Conigma app for Slack or Zoom, you agree to the practices described in this policy.
Conigma, Inc.
1111B S Governors Ave # 43331
Dover, DE 19904, USA
1. Who this policy covers
This policy applies to:
- Users who create a Conigma account and use the web application.
- Workspaces and their members who install or connect the Conigma app for Slack or Zoom.
- Visitors to our website.
If you use Conigma through an organization, your organization's administrator may control certain settings and data, and your use may also be subject to your organization's own policies.
2. Information we collect
Account and profile information. When you create an account, we collect information such as your name, email address, and authentication details.
Slack data (when you connect Slack). The Conigma app for Slack exists to let you build and run automations that act on Slack. With your authorization through Slack's OAuth flow, and only within the permissions you grant at install time, we process Slack data as follows:
- Automation event records, including channel messages. Conigma subscribes to Slack message events for channels the app is a member of (including new messages in public and private channels) in order to power message-based automation triggers such as "new message in a channel." When a subscribed event occurs, Conigma receives it at its webhook endpoint and records it in a single events table. Each record contains the event type, timestamps, the relevant Slack team, channel, and user identifiers, and the event payload (which can include message text). These records are the operational input that lets the automation engine evaluate and fire your configured triggers, and let you test triggers in the workflow builder.
- On-demand reads at execution time. When an automation runs, Conigma may also read the specific Slack data the automation needs (such as a message, file, or channel detail) directly from Slack's API at that moment, to perform the automation.
- Profile and directory data. We read workspace member profile information, such as names and email addresses, to resolve mentions and identify users referenced by your automations.
Conigma does not provide an inbox, search, or message-browsing interface over your Slack content. Stored events are used to operate your automations; they are not rendered back to you as a browsable message archive, and Conigma does not offer an export or download of your Slack messages. Stored event records are deleted on the schedule in the retention table below and immediately when you disconnect the integration.
Zoom data (when you connect Zoom). With your authorization through Zoom's OAuth flow, and only within the permissions you grant, we process Zoom data to provide meeting-management features in your workflows: creating, updating, deleting, and viewing Zoom meetings, and reading your Zoom user profile to associate meetings with your account. OAuth tokens for your Zoom connection are held by our integration provider (Nango) and are not stored in our own database; we store only the references needed to operate the integration, such as meeting identifiers and your Zoom user ID.
Meeting recording and call intelligence. If you enable call recording, Conigma uses a third-party meeting bot (Recall.ai) to join your scheduled or live meetings on supported platforms (including Zoom, Google Meet, and Microsoft Teams), record audio/video, and generate a transcript. The recording and transcript are processed to produce summaries, action items, and CRM updates. Meeting recordings are retained per the schedule in the retention table below (configurable per workspace) and are deleted when you delete them or close your workspace.
Other connected integrations. If you connect other third-party accounts, we process the data from those services that is necessary to provide the connected features.
Billing information. Payments are processed by our payment provider (Stripe). We receive billing-related event records but do not store full payment card numbers ourselves.
Usage and technical data. We collect log and usage data such as actions taken in the Service, device and browser information, and similar technical information.
3. How we use information
We use the information we collect to:
- Provide, operate, and maintain the Service and its features.
- Evaluate and run the automations and flows you configure.
- Create and manage Zoom meetings on your behalf as part of your workflows.
- Record, transcribe, and analyze meetings you choose to record, and generate summaries, action items, and CRM updates from them.
- Power AI-assisted features such as drafting, summarization, and research.
- Process payments and manage subscriptions.
- Communicate with you about the Service, including support and important notices.
- Monitor, secure, debug, and improve the Service.
- Comply with legal obligations.
We do not use your data, including your Slack content, to train AI models. Our AI features are powered by third-party providers accessed through OpenRouter, which we configure to route only to providers that do not train on the content we send them.
4. How we share information
We do not sell your personal information. We share information only as follows:
- Service providers who process data on our behalf to operate the Service, including our database and hosting provider (Supabase), our integration connection provider (Nango), our meeting-recording provider (Recall.ai), our payment provider (Stripe), and our AI model routing provider (OpenRouter) and the AI model providers it routes to. We engage these providers as vendors under our own contractual, security, and data-protection controls.
- At your direction, with third-party services you choose to connect.
- For legal reasons, where required by law or to protect rights, safety, and the integrity of the Service.
- In a business transfer, such as a merger, acquisition, or sale of assets, subject to this policy.
5. How we store and secure information
Customer data is stored in our database hosted on Supabase, in the AWS eu-central-1 region (Frankfurt, Germany, EU). We apply administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Data retention
We retain information for as long as needed to provide the Service and for the periods described below, after which it is deleted or purged automatically:
| Data type | Retention |
|---|---|
| Deleted records (flows, rows, fields, inbox/Slack conversations) | Permanently purged 7 days after soft-deletion |
| Notifications | Archived after 30 days unread/untouched; archived notifications purged after 180 days |
| OAuth access tokens | Deleted 30 days after expiry |
| OAuth authorization codes | Deleted 1 day after expiry |
| Revoked OAuth refresh tokens | Deleted 90 days after revocation |
| OAuth audit logs | Retained 90 days |
| Billing / payment event records | Retained 90 days |
| Meeting recordings | Default 730 days (configurable per workspace) |
| All workspace data | Deleted immediately upon workspace deletion |
| Connected integration data (including stored automation event records) | Deleted immediately when the integration account is disconnected or removed |
7. Your choices and rights
Depending on your location, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at the address below. We will respond consistent with applicable law.
Disconnecting Slack. You can remove the Conigma app from your Slack workspace at any time from your Slack workspace's app management settings. When the integration is disconnected, the associated stored data is deleted as described in the retention table above.
Disconnecting integrations. You can disconnect Zoom or other connected accounts at any time from Conigma's settings, and the Zoom app from Zoom's App Marketplace under Manage > Installed Apps. When an integration is disconnected, the associated stored data is deleted as described in the retention table above.
Closing your account. When a workspace is deleted, associated workspace data is deleted immediately as described above.
8. International data transfers
We may process and store information in countries other than the one in which you reside. Where required, we use appropriate safeguards for such transfers.
9. Children's privacy
The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.
11. Contact us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: billing@conigma.com
Conigma, Inc., 1111B S Governors Ave # 43331, Dover, DE 19904, USA