- Controller
- Clode LTD
- Company number
- 16453499
- Registered office
- 128 City Road, London, United Kingdom, EC1V 2NX
- Privacy contact
- support@meetpotts.com
- UK supervisory authority
- Information Commissioner’s Office (ICO)
01 Introduction
Welcome to Potts, operated by Clode LTD (“Clode”, “we”, “us”, or “our”), a company incorporated in England & Wales (company number 16453499) with its registered office at 128 City Road, London, United Kingdom, EC1V 2NX. We operate the Potts autonomous co-worker service (the “Service”), which integrates with your Slack workspace to help improve business operations using artificial intelligence.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use the Service, and outlines your rights and choices. By using the Service, you agree to the practices described here. We review this Policy at least annually.
02 Key definitions
Customer Data means data submitted to or processed by the Service on your behalf, including: connection credentials (e.g., OAuth tokens), basic workspace/user identifiers, workspace settings, files stored in Potts, conversations and outputs generated in Potts, scheduled tasks, approval decisions, and service logs.
03 Controller and processor roles
Our role depends on context:
- Controller — for personal data about website visitors, account administrators, billing contacts, marketing recipients, applicants for the waitlist, and our own employees and contractors.
- Processor — for personal data within Customer Data that Potts processes on a customer’s behalf inside their workspace (for example, messages in their Slack, documents in their Google Drive, tickets in their issue tracker). The customer is the controller of that data; our DPA sets out the terms of that processing.
04 Information we collect
We collect only the information necessary to provide, maintain, and secure the Service.
A. Slack workspace and user information
When you install or use Potts, we may store:
- Slack workspace identifiers (e.g., workspace/team ID) and limited workspace metadata needed to operate the integration;
- administrator information for the person who installs Potts (name and email address as provided by Slack);
- user identifiers for users who interact with Potts (e.g., Slack user ID, display name, and email address if provided by Slack);
- Slack-to-internal user mapping data to associate actions and permissions with users.
B. Connection credentials
- Slack OAuth tokens (access/refresh tokens), token scopes, and expiration metadata;
- credentials or tokens for other third-party integrations you enable;
- integrations in Potts are workspace-shared — related credentials and tool settings may be available for use by authorised members of that workspace through Potts.
C. Content and records inside Potts
- workspace files created or uploaded in Potts (e.g., company notes, team profiles, run logs, reports, todo lists, and other documents);
- conversation threads and messages between users and Potts, including agent outputs and tool calls;
- approval and permission decisions related to actions Potts requests;
- scheduled task configurations (name, schedule, dependencies, configuration metadata).
D. Slack message content
When you interact with Potts in Slack, we access message content from channels where Potts is invited, direct messages to Potts, and thread replies. This data is used to process your requests, maintain conversation context, and provide the Service.
E. Service logs and usage data
- service logs and audit/security logs (timestamps, error logs, request/response metadata);
- usage events needed to operate and improve reliability (e.g., tasks executed, approvals granted, feature usage signals).
F. Communications with us
If you contact us (support tickets, email), we collect the information you provide in those communications.
G. Website analytics, advertising and attribution
When you visit our website, use product surfaces, or begin checkout flows, we may collect:
- cookie, pixel, and similar online identifiers used for analytics, advertising measurement, and referral attribution;
- device and browser metadata, IP address, pages viewed, and interaction events;
- attribution and referral metadata associated with signup or billing events.
05 How we use your information
A. Provide and operate the Service
- authenticate users and workspaces;
- maintain Slack and other integrations you enable;
- execute tasks, respond to requests, generate outputs, and provide context continuity in Potts.
B. AI processing to generate outputs
- relevant portions of Customer Data may be processed by AI systems to produce responses, reports, and other outputs at your direction;
- we do not use Customer Data for advertising;
- we do not train our own or third-party foundation models on Customer Data.
C. Maintain security, safety, and integrity
- detect and prevent fraud, abuse, and unauthorised access;
- investigate incidents and maintain audit trails where appropriate.
D. Service improvement (aggregated or de-identified)
We may use aggregated or de-identified data (that cannot reasonably identify you) to understand usage patterns and improve reliability and product experience.
E. Communications
- send service-related communications (product updates, security notices, billing/administrative messages);
- provide customer support.
F. Analytics, advertising, and attribution
- measure product and website usage, campaign performance, and conversion events;
- associate referrals, partner programs, and discount programs with subscriptions and billing records;
- prevent abuse, fraud, and misuse of marketing/referral programs.
G. Compliance and protection
Comply with legal obligations, enforce our Terms, and protect the rights, safety, and property of our users and Clode.
Lawful bases under UK / EU GDPR
Where the UK GDPR or EU GDPR applies, we rely on one or more of: performance of a contract (providing the Service you request); consent (Slack installation via OAuth and certain non-essential cookies / advertising where required); legitimate interests (security, fraud prevention, reliability and product analytics where permitted), balanced against your rights; and legal obligation (tax, accounting, lawful requests).
06 How we disclose or share information
We do not sell your personal data for monetary consideration. We share information only as necessary to provide and support the Service, and subject to appropriate safeguards.
A. Service providers (sub-processors)
We use vendors to host and operate the Service and its infrastructure (hosting, storage, monitoring, communications, support tooling, and billing). These providers may process Customer Data on our behalf solely to provide, secure, and support the Service. Each is bound by written terms requiring confidentiality and appropriate security.
| Sub-processor | Service / purpose | Data potentially processed |
|---|---|---|
| Slack | Core platform integration (OAuth, messaging, app functionality) | Slack messages and metadata in channels/DMs where Potts is used |
| AWS (Amazon Web Services) | Hosting, storage, infrastructure | Service data, logs, stored workspace context (as configured) |
| Cloudflare | CDN, DDoS protection, edge security | Network metadata, request logs, caching as applicable |
| Modal | Compute / job execution (as applicable) | Task inputs/outputs needed for compute workloads |
| Vercel | Web hosting / frontend infrastructure | Request metadata, logs, content required to serve the app |
| Stripe | Payments and billing | Billing contact info, transaction metadata (payment details handled by Stripe) |
| Google (Gmail/Drive/Calendar/Sheets/Docs) | Integrations (if enabled) | Data accessed via integration scopes authorised by customer |
| Microsoft (Outlook/OneDrive) | Integrations (if enabled) | Data accessed via integration scopes authorised by customer |
| HubSpot | CRM integration (if enabled) | CRM records and metadata authorised by customer |
| Meta Ads | Ads integration (if enabled) | Ads account and reporting data authorised by customer |
| Google Ads | Ads integration (if enabled) | Ads account and reporting data authorised by customer |
| QuickBooks | Finance/accounting integration (if enabled) | Accounting records authorised by customer |
| Shopify | E-commerce integration (if enabled) | Store, product, order, customer data accessed via authorised scopes |
| Intercom | Customer support tools | Support communications, identifiers, troubleshooting content |
| Notion | Workspace/document integration (if enabled) | Notion content authorised by customer |
| Customer.io | Customer messaging / notifications | Contact details and messaging events |
| Moz | SEO tooling/integration (if enabled) | SEO-related data authorised by customer |
| Baremetrics | Business performance metrics | Subscription/usage metrics (typically aggregated) |
| PostHog | Product analytics (if enabled) | Usage events and identifiers |
| Axiom | Logging / observability | Logs and event data (may include identifiers and technical metadata) |
| Browserbase | Browser automation | Content accessed during automated browsing tasks |
| BrightData | Web data access / proxying (if used) | Data involved in web research tasks |
An up-to-date list of sub-processors is available on request to support@meetpotts.com.
B. Analytics & advertising partners
We may use analytics, advertising measurement, and attribution tools (for example PostHog, Google services, Meta, TikTok, Reddit, X, LinkedIn, and referral/attribution partners such as Dub and Rewardful, where enabled) to understand usage, attribute signups/subscriptions, and improve the Service. These tools may receive online identifiers, event metadata, and referral/campaign data. We do not use Slack message content for advertising. You can manage cookies through your browser settings and can contact us regarding workspace-level controls where feasible.
C. Legal compliance and protection
We may disclose information if required by law or valid legal process, or when we believe disclosure is necessary to comply with legal obligations, protect the rights and safety of users and the public, prevent fraud or abuse, or enforce our Terms.
D. Business transfers
If Clode is involved in a merger, acquisition, restructuring, financing due diligence, bankruptcy, or sale of assets, information may be disclosed to advisors and successor entities, subject to appropriate confidentiality protections.
E. Third-party links
The Service may link to third-party websites or services. We are not responsible for their privacy practices.
07 AI technology partners
When you invoke AI features, relevant portions of data (the prompt and context needed to generate an output) may be sent to third-party AI providers to generate responses. We require these providers to use your data only to provide the requested service to you and not for advertising or training their general models.
| Property | Detail |
|---|---|
| AI providers used | Anthropic and Google |
| Data residency | AI providers process data in the United States or other regions in accordance with their enterprise/API terms |
| Retention by providers | AI providers may temporarily retain data per their API retention policies for security and abuse monitoring; data is not used for model training |
| Data tenancy | Your data is processed in isolated API requests; it is not shared with or visible to other customers |
| No training | Your data is not used to train or improve AI provider models |
08 Slack Marketplace compliance
Potts accesses the following Slack data:
| Data type | Purpose |
|---|---|
| Messages in channels where Potts is invited | Process requests and provide AI assistance |
| Direct messages to the bot | Respond to direct interactions |
| Thread replies | Maintain context for requested actions |
| User profile information | Identify users and personalise responses |
| Channel information | Understand context and permissions |
| File metadata and files (if requested) | Process attachments and uploads/downloads |
Our commitments
- We use Slack data only to provide and operate the Service.
- We do not sell Slack data.
- We do not use Slack data for advertising.
- Slack APIs are not used to develop, improve, or train generalised AI/ML models.
- We do not train our own or third-party foundation models on Customer Data.
Revoking access
You can uninstall Potts or revoke access at any time in Slack App Management. After revocation, we stop collecting new Slack data immediately. Uninstalling or revoking access does not by itself delete previously stored data. If your account is closed, or we receive a verifiable deletion request, we delete previously stored data in accordance with §11 (Retention).
09 Shopify Marketplace compliance
Potts accesses the following Shopify data on behalf of merchants who have explicitly connected their Shopify store:
| Data type | Purpose |
|---|---|
| Products, variants, inventory, locations | Answer questions about catalog and stock; perform updates the merchant requests |
| Orders, draft orders, fulfillments, returns, refunds | Order lookup, status questions, fulfillment and refund operations the merchant requests |
| Customer records (name, email, phone, addresses, marketing consent, order history) | Customer service workflows the merchant requests |
| Store configuration (discounts, metaobjects, files, translations, markets, locales, themes) | Merchandising and store-operations tasks the merchant requests |
| Aggregate analytics (ShopifyQL) | Sales and operations questions from the merchant |
Our commitments
- We use Shopify data only to provide and operate the Service for the connected merchant.
- We do not sell Shopify data.
- We do not use Shopify data for advertising.
- Shopify APIs are not used to develop, improve, or train generalised AI/ML models.
- We do not train our own or third-party foundation models on Shopify data.
- We do not persist Shopify customer, order, or store data. Each request fetches the data needed to answer the merchant’s question, processes it in memory, returns the response, and discards it. Only OAuth tokens are persisted (encrypted, with TTLs aligned to Shopify’s expiring offline tokens — 60-minute access, 90-day refresh).
Compliance webhooks
Potts implements the three GDPR-mandated Shopify webhooks (customers/data_request, customers/redact, shop/redact). Each webhook is verified against Shopify’s HMAC-SHA256 signature before processing; unsigned or forged webhooks are rejected. Because Potts does not persist Shopify customer data, the response to customers/data_request is “no stored customer data”, and customers/redact is processed as a no-op. On shop/redact (sent 48 hours after uninstall), Potts invalidates its stored OAuth tokens for that shop.
Revoking access
A merchant may uninstall Potts or revoke access at any time from their Shopify admin. After revocation, Potts stops collecting new Shopify data immediately. Because the only persisted data is OAuth tokens, deletion is straightforward.
10 Data storage and security
10.1 Data centre location
United States (primary), with edge infrastructure operated by Cloudflare globally.
10.2 Data storage and hosting
Customer Data is stored with reputable cloud service providers, using encryption at rest and in transit, access controls, and service monitoring appropriate to the nature of the data.
10.3 Security measures
We maintain industry-standard safeguards, including:
- Encryption in transit (TLS 1.2+ / 1.3);
- Encryption at rest (AES-256 with cloud-provider key management);
- Access controls (RBAC, MFA, least-privilege access);
- Audit logging and continuous monitoring;
- Incident response processes, including notification to affected customers and/or authorities where required by applicable law.
You are responsible for maintaining appropriate security in your Slack workspace (for example, limiting channel access and managing Slack admin permissions).
11 Data retention
We retain Customer Data only as long as needed to provide the Service, meet contractual obligations, and comply with law.
11.1 Active production systems
When an account is closed or we receive a validated deletion request, we delete Customer Data from active production systems typically within ~30 days.
11.2 Backups
Encrypted backups are used only for business continuity. Remaining copies are removed as encrypted backups age out on their normal rotation (currently ~35 days), after which they are automatically overwritten or purged.
11.3 Exports
Where legally permitted, customers may request an export prior to deletion.
11.4 Derived data
Derived or transformed data (indexes, embeddings, internal representations) will be deleted or disassociated from Customer Data when the underlying Customer Data is deleted, subject to backup retention and legal obligations.
11.5 Other retention periods
- Billing & tax records — up to 7 years (UK statutory requirement);
- Marketing data — until you unsubscribe or we have no further legitimate basis for contact;
- Logs and security events — typically 90 days to 13 months depending on the system.
12 International data transfers
Clode is established in the UK and our service providers operate in the UK, EEA, United States, and other regions. Where we transfer personal data outside the UK or EEA, we rely on appropriate safeguards, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), or an adequacy decision by the UK Government or European Commission. A copy of the safeguards in place is available on request.
If required by applicable law, we will appoint an EU/UK representative and update this Policy with representative details.
13 Your rights and choices
Depending on your location, you may have the following rights:
A. Access & correction
You can request access to personal data we hold about you and request correction of inaccurate or incomplete data.
B. Deletion
You may request deletion of your personal data (workspace files, conversation threads, related records). For workspace-level Customer Data, we may require the request to come from an authorised workspace administrator or account owner. Upon receiving a verifiable deletion request, we delete Customer Data from active production typically within ~30 days; backups age out on their normal rotation (~35 days).
C. Withdrawal of consent / disconnecting Slack
You can revoke Potts’s access to Slack at any time via Slack App Management. After revocation, we stop collecting new Slack data immediately. Revoking access or uninstalling does not by itself delete previously stored data. If your account is closed, or we receive a verifiable deletion request, we delete previously stored data per §11.
D. Marketing preferences
If you opt in to marketing communications, you can opt out at any time via unsubscribe links or by contacting us. You will still receive essential service communications.
E. Data portability
Where required by law (e.g., UK / EU GDPR), you may request a copy of your data in a machine-readable format.
F. Authorised agents
Where permitted by law, you may designate an authorised agent to submit requests on your behalf; we will verify identity and authority as required.
G. EEA / UK GDPR rights
- Object to processing based on legitimate interests, including direct marketing;
- Restriction of processing in certain circumstances;
- Not be subject to a solely automated decision producing legal or similarly significant effects;
- Lodge a complaint with your local supervisory authority (UK: the ICO).
H. U.S. state privacy rights (where applicable)
Residents of certain U.S. states may have rights to know, access, delete, correct, and opt out of certain data uses, including “sale”, “sharing”, or targeted advertising as defined under applicable law. You may exercise these rights by contacting support@meetpotts.com. We will not discriminate against you for exercising applicable privacy rights.
To help us process your request, please provide sufficient information for verification. We will respond within the timeframe required by applicable law (typically within 45 days, or with a permitted extension where allowed). If we deny your request in whole or in part, you may appeal by contacting support@meetpotts.com with “Privacy Appeal” in the subject line.
14 Cookies and analytics
We use a small number of cookies and similar technologies for essential functionality (authentication, session management, security) and for limited analytics that help us understand how the Service is used. Where required, we ask for your consent before setting non-essential cookies, and you can change your preferences at any time through your browser or our cookie banner. For the full list of cookies we use, what each one does, and how to manage them, see our Cookie Policy.
15 Children’s privacy
The Service is not intended for children, and we do not knowingly collect personal data from anyone under 18 (or the age of majority in their jurisdiction, if higher). If we learn we have collected such data, we will delete it promptly. Contact support@meetpotts.com if you believe a child has provided personal data.
16 Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by appropriate means (such as notifying workspace administrators and/or emailing the address associated with the account). The “Effective” date reflects the most recent revision. Your continued use of the Service after changes become effective indicates acceptance.
17 Contact us
If you have questions or requests regarding this Privacy Policy or our data practices:
- Email: support@meetpotts.com
- Post: Clode LTD, 128 City Road, London, United Kingdom, EC1V 2NX
If you are not satisfied with our response, you can complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint, or your local EU supervisory authority. We’d appreciate the chance to address your concerns before you do.