Privacy
How we handle your data.
Plain English. Last updated .
The short version
We collect what we need to run the product and nothing else. Your sales activity, account list, prospect notes, and AI conversations are yours. We store them so the app works across your devices, but we don't sell them, share them with advertisers, or use them to train models outside your account.
Who this covers
salesascode.com and the product sites gtmcron.com, salescron.com, leadercron.com, and secronjob.com are operated by the same company. Whichever site you arrive from, your account and data live on salesascode.com and are handled exactly as described in this policy — the product sites are marketing front doors and don't hold separate copies of your data.
What we collect
- Account identity. Your email address, and the unique account ID Google returns when you sign in with Google. We store these in our user database so we can recognise you next time.
- Your work in the product. Accounts, prospects, opportunities, conversations, meeting notes, AI chat history — everything you create or that flows in from a connected tool.
- Integration data. You connect your tools (Gmail, Calendar, CRM, prospecting, chat, etc.) inside Claude Cowork, using Cowork's own connectors. salesascode.com does not hold those third-party access tokens. First-party connectors remain in the product as an off-by-default enterprise option; if a deployment turns them on, we receive only the events that fall within the scopes you authorise and never request scopes beyond each provider's consent screen.
- Operational metadata. Session cookies (one HttpOnly cookie per signed-in browser), the user-agent and IP address of each session for security, and standard request logs (URL, status code, latency) to keep the service healthy.
- Billing. Stripe processes payments. We receive Stripe's metadata (customer ID, subscription status, plan, period dates). We never see your card number.
What we do with it
- Run the product — render the dashboard, answer brain questions, send the integrations engine after fresh activity.
- Keep your data in sync across the devices where you've signed in.
- Generate AI responses against the Claude API (Anthropic). The prompts include the relevant subset of your data needed to answer your question; Anthropic does not retain it for training.
- Bill you, via Stripe.
- Send a tiny number of transactional emails (subscription receipts, password-reset confirmations). No marketing without your opt-in.
Cowork plugins: telemetry and brain sync
The Sales as Code plugins run in Claude Cowork, on your machine and with your own connected tools. When you connect the Sales as Code MCP with your account API key, those plugins send two kinds of data up to your account so the dashboard can show you what they did:
- Run telemetry (metadata only). Which plugin and skill ran, when, how long it took, the counts it produced (for example accounts cleared, drafts written, replies triaged), and the outcome. This is metadata about the run, not its content.
- Brain state. The plugin's own working memory — files like signal weights, your ICP registry, the decision log, the funnel brain, and review and standup summaries — so the dashboard can roll up how your operation is evolving.
Metadata-first, never raw contact data by default. The plugins do not send raw third-party contact information (lead lists, prospect emails, message bodies) to your account by default. If you ever opt in to a richer sync, it is explicit and scoped, and you can turn it off. Everything is scoped to your authenticated account and never mixed with another account's data.
This telemetry and brain state is yours. You can export it and delete it from your dashboard, and deleting your account removes it on the schedule in "Your rights" below.
Subprocessors
We rely on the following third parties to operate. Each has its own privacy practices linked.
- Google — sign-in (OpenID Connect) and, if you connect them, Gmail / Calendar data.
- Anthropic — runs the Claude models that power the brain.
- Neon — Postgres database hosting.
- Vercel — application and serverless function hosting.
- Stripe — subscription billing.
- Resend — transactional email delivery.
For our full security posture, compliance status, and data handling, see Trust & security.
Your rights
- Access. Everything we have on you is visible inside the product. Open any account, prospect, or brain entry to see it.
- Export. Settings → Data → Export to download your data as JSON.
- Delete. Settings → Data → Delete account. We hard-delete your user row, sessions, integrations, and all associated records within 7 days. Stripe subscription history is retained per Stripe's standard policy for tax/accounting purposes.
- Disconnect integrations. Disconnect tools in Claude Cowork, where you connected them. If a deployment has the off-by-default first-party connectors enabled, you can disconnect a provider from Settings → Connect; future polling stops immediately and past synced events stay until you delete your account.
Cookies
One HttpOnly session cookie (si_session) and a short-lived state cookie during OAuth handshakes. No third-party tracking cookies, no advertising cookies, no fingerprinting scripts. We don't use Google Analytics or equivalent.
Where your data lives
Primary database: Neon (Postgres) in their default U.S. region. Application servers: Vercel, distributed globally. AI inference: Anthropic, U.S. region. If you're outside the U.S., your data is processed in the U.S.
Security
OAuth tokens are encrypted at rest with AES-256-GCM. Sessions are HttpOnly, SameSite=Lax, and Secure in production. The API key you provide for direct AI access (Settings → API) is stored only in your browser's localStorage — it never reaches our servers.
Enterprise controls. Teams can enable SAML single sign-on (Settings → Team) and route sign-in through their own identity provider at /login/sso. Every admin-relevant action is written to an immutable audit log that admins can review and export to CSV. You can export all of your data at any time (Settings → Data) and request deletion, which we hard-delete within 7 days (Stripe billing records are retained per Stripe's policy for tax and accounting).
Changes
If we materially change this policy, we'll surface a notice inside the product the next time you sign in. The "Last updated" date at the top always reflects the current version.
Contact
Questions, requests, or concerns: admin@salesascode.com.