Privacy Policy
Last Updated: 24 September 2025
Overview and Scope
SketricGen v2 (“SketricGen,” “we,” “our,” or “us”) is a platform that enables users to create and deploy AI agents – including multi-agent workflows – integrated with various third-party applications and tools. This Privacy Policy describes how SketricGen collects, uses, protects, and discloses your personal data when you use our website, platform, and related services (collectively, the “Services”). It also explains the scope of data handled through key integrations (such as OpenAI and Pipedream) and outlines your rights regarding your information. By using the Services, you agree to the data practices described in this Policy. If you do not agree, please discontinue use of the Services.
Data Collection
We collect several categories of information to operate and improve our Services. The types of data we collect include:
User Profile Information: When you register or use SketricGen, we collect personal details such as your name, email address, company or organization, job role/title, industry, and experience level. This information helps personalize your experience and facilitate account management. We may also collect authentication data (e.g. when you log in via Google or other SSO providers) and any preferences or profile settings you configure.
Uploaded Files and Knowledge Base Content: You may upload files or documents (e.g. PDFs, text documents, data sources) to create knowledge bases for your AI agents. These user-provided documents and files are stored securely in our cloud storage (AWS S3). We will retain these files in your account until you delete them. Note: if you delete a knowledge base or an uploaded document, we remove it from active use and will permanently delete the file from our storage within approximately 30 days of deletion.
AI Agent Configurations and Prompts: When you create or configure AI agents on our platform, we store the agent settings, prompts, instructions, and workflow definitions (including multi-agent workflow setups). This data is necessary to enable your agents to function as configured. For example, if you define a multi-step agent workflow or custom prompts, those configurations are saved to your account.
Conversation Histories: We record the interactions and conversation logs between you (or end-users of your agents, if applicable) and the AI agents on SketricGen. This may include chat transcripts, agent responses, agent traces, and any user inputs during a conversation. Data Retention: We retain conversation histories for up to twelve (12) months for active users, to allow you to review past chats, reuse prior prompts, and help us improve service quality. After twelve months, or upon your request, these conversation records are deleted or anonymized from our systems. Please note that these conversation logs are retained solely as a feature of the Service to provide you with access to your agents’ past interactions. They are not used by SketricGen (or by OpenAI on our behalf) to train or improve AI models.
Usage and Device Data: Like most online services, we automatically collect technical data about how you access and use our platform. This includes information such as your IP address, browser type, device identifiers, pages and features you access, clickstream data, and the dates/times of your visits. We may use cookies or similar tracking technologies to collect some of this information. This data helps us secure the Services, prevent fraud, and understand usage patterns (e.g. which features are most popular).
Billing and Payment Information: If you make purchases or subscribe to a paid plan, our third-party payment processor (Stripe) will collect your payment details. SketricGen itself does not store sensitive payment information like full credit card numbers or CVV codes. Stripe processes your payments on our behalf, and we receive only limited information such as your customer ID, subscription tier, payment timestamps, and the last four digits of your card or other tokenized identifiers. We also keep records of your transactions, invoice history, and token balance/credit status for account and billing purposes. (All payment processing is PCI-DSS compliant via Stripe’s systems, and no credit card data touches our servers.)
Data Usage
We use the collected information for the following purposes, in accordance with applicable law:
Providing and Improving the Services: We use your information to operate, maintain, and enhance SketricGen’s platform. This includes using your data so that our systems can create and run your AI agents as instructed, integrate with the tools you’ve selected, and deliver the functionality you expect. For example, we’ll use your uploaded knowledge base documents and agent prompts to generate responses or actions as part of the service.
Personalization and Templates: Your profile information and usage history may be used to personalize your experience. For instance, we might suggest template agent configurations or workflows tailored to your industry or role, or pre-fill certain settings based on your past usage. This helps streamline the setup of new agents and makes our recommendations more relevant to you.
Customer Support and Communication: We will use contact information (like your email) to send service-related communications, such as account confirmations, important system alerts, and responses to support inquiries. If you reach out for help, we will reference your data and conversation history to resolve issues or provide guidance. We may also inform you about new features, updates, or improvements to the platform.
Analytics and Platform Improvement: Internally, we analyze usage data (including aggregated conversation data and interaction logs) to debug problems, monitor the performance of our AI agents, and improve our Services. This analysis helps us understand how users engage with SketricGen, which features or integrations are most used, and where improvements or new features might be needed. We may use automated systems to evaluate agent performance and success rates in completing tasks, all with the goal of making the platform smarter and more useful. Importantly, any analysis of your content is only used to improve the functionality of our Services for you and other users, and not to train public machine learning models. (We do not use your data to train our own AI models, and OpenAI does not use it to train their models by default.)
Marketing and Promotional Communications: We may use your email and profile information to send you newsletters, product announcements, or promotional materials about new features, content, and integrations. Please note that at this time we do not offer an in-app or self-service opt-out for marketing emails – by using the platform, you may receive occasional product update or promotional emails. (We are working to include opt-out mechanisms in the future; in the meantime, you can contact us to be manually removed from marketing lists if desired.) These communications will be reasonable in frequency and you can of course unsubscribe from purely informational newsletters if an unsubscribe mechanism is provided in the email.
Security, Fraud Prevention, and Legal Compliance: We may use data (especially usage logs, device information, and account identifiers) to protect the security of the Services, our users, and others. This includes monitoring for suspicious or fraudulent activity, debugging to maintain reliability, enforcing our Terms of Service, and complying with legal requirements. For example, IP addresses and log-ins may be analyzed to detect multiple failed login attempts or potential misuse. If necessary, we will use and disclose information to investigate violations of our terms or to meet applicable law enforcement requests or legal obligations.
We do not sell or rent your personal data to third-party companies for their own marketing or advertising purposes. Any sharing of data with third parties is done solely to provide and improve our Services, as described below, or as required by law.
Third-Party Services and Integrations
SketricGen integrates with several third-party services to deliver core functionality. We only share the minimum data necessary with these providers, and each third party has committed to protecting data in line with their own privacy policies and applicable regulations. The key third-party services we use are:
OpenAI Services (AI Platform and API)
Our platform heavily relies on OpenAI for AI functionalities. This includes using OpenAI’s models (via API and the OpenAI Agents SDK) to generate text, conduct conversations, perform actions, and store vector embeddings for knowledge bases. When you or your AI agents provide prompts, inputs, or other data to SketricGen, that content is sent to OpenAI’s API for processing. Similarly, when you add documents to a knowledge base or create vector embeddings, those are stored via OpenAI’s systems (OpenAI’s vector store API).
Data Handling by OpenAI: Data that is processed by OpenAI is subject to OpenAI’s data usage and retention policies. According to OpenAI, as of March 1, 2023 they do not use API data (your prompts or outputs) to train or improve their general models unless you explicitly opt in. OpenAI will retain API request data (which may include prompts and responses) for a limited time by default – specifically, OpenAI retains API abuse monitoring logs containing content for up to 30 days for the purpose of detecting misuse. These logs are automatically purged by OpenAI after ~30 days in the ordinary course of operations. SketricGen does not opt in to any data sharing that would allow OpenAI to use your content for model training.
OpenAI offers advanced data protection options for enterprise customers, such as Modified Abuse Monitoring or Zero Data Retention modes, which further limit or eliminate the storage of content in their logs. (Under Zero Data Retention, OpenAI retains no customer content beyond the immediate API processing, and even disables certain logging by treating all requests as non-persistent.) However, these options require special approval and are not enabled by default. Currently, SketricGen uses OpenAI’s standard API settings, meaning some of your data may reside in OpenAI’s secured servers for up to 30 days in transient logs. We emphasize that this data is only used internally by OpenAI for trust and safety monitoring and is not used to train AI models, and OpenAI implements strict access controls to protect it.
Vector Stores and Agent Memory: If you use features that involve storing data in vector databases or agent memory via OpenAI’s API (for example, saving embeddings of your knowledge base documents or ongoing conversation context), that data is stored on OpenAI’s infrastructure associated with our account. OpenAI’s policy is that any persistent data stored via their API (such as entries in a vector store or other project data) remains until we or the user deletes it, after which it is fully deleted from OpenAI’s servers within 30 days. In practice, this means if you remove a document or wipe an agent’s memory in SketricGen, we will issue deletion requests to OpenAI so that those items are deleted from their storage (OpenAI will retain a backup for up to 30 days and then purge it).
By using SketricGen, you understand that your prompts, agent instructions, and possibly portions of your data (like document text for embeddings) will be transmitted to and processed by OpenAI’s systems. We contract with OpenAI to ensure they treat your data confidentially and lawfully. If you require no retention of your data on OpenAI’s side whatsoever, please contact us to discuss options – though by default, some minimal retention as described above will apply. Rest assured, SketricGen never uses your data to train any public AI models, and OpenAI’s handling of the data is limited to providing the service and safeguarding the platform from abuse.
For more details on how OpenAI handles data, please refer to the OpenAI Privacy Policy.
Pipedream Integrations (Third-Party App Connections)
SketricGen v2 uses Pipedream, a third-party integration platform, to connect your AI agents with external applications and services. Pipedream enables your agents to interact with over 2,000+ supported apps. This integration allows your agents to perform actions like sending emails, creating Slack messages, fetching data from other apps, etc., all through a secure workflow managed by Pipedream.
How it Works: When you choose to integrate an external account (for example, your Gmail or Slack account) with SketricGen, you will be directed to authorize access via Pipedream. In most cases, this involves an OAuth authentication flow where you grant Pipedream limited access to your third-party account (e.g., permission to read your Gmail inbox or post messages to your Slack workspace, depending on what you approve). The credentials (tokens) for these connections are handled by Pipedream: Pipedream either obtains an OAuth token or requires an API key, and stores these credentials securely in its systems (encrypted and protected). SketricGen itself does not see or store your third-party login credentials; we only receive a reference or confirmation from Pipedream that the account is connected.
Once connected, any action your AI agent takes with a third-party app is executed via Pipedream’s platform. For example, if your agent is supposed to create a Google Calendar event or retrieve a row from a Google Sheet, our system sends that request to Pipedream, which then performs the action through the Google API using the token you provided. The data needed to fulfill the action (e.g., event details or sheet query) will pass through Pipedream’s servers to the third-party service and back. Pipedream acts as a data processor in this context, handling data on our behalf to bridge to other apps.
Data Sharing and Protection: We share with Pipedream only the information required to execute your requested integrations. This can include content of messages or records that your agent is processing (for instance, the text of an email to send, or the query parameters for an API call). Pipedream is a reputable integration service used by many platforms; it has SOC 2 Type II compliance and employs industry best practices for security and privacy. Credentials and secrets stored in Pipedream are encrypted using strong encryption (AES-256) and kept in isolated storage. Workflows run in sandboxed environments to ensure isolation between different users’ data. Additionally, Pipedream’s privacy policy commits that they process user data only for providing the service and do not sell user personal information.
User Responsibility for Integrations: While we take measures to secure these integrations, it is important to understand that when you connect an external service via Pipedream, you are granting SketricGen (via Pipedream) access to data in that third-party account based on the permissions you approve. You are responsible for reviewing and managing the integrations you authorize. We strongly encourage you to grant the minimum necessary permissions for each integration and to periodically review which third-party accounts you have connected. If you decide to disconnect an integration, you can do so in our platform’s “Manage Tools” settings (which will delete the stored tokens/credentials on our side). However, revoking OAuth access tokens on our platform may not immediately revoke the app’s access on the third-party side – for full revocation, you should also log in to the third-party service (e.g., Google, Slack) and remove or revoke the SketricGen/Pipedream app’s access. It is your responsibility to manage these external access permissions. Pipedream’s documentation also reminds users that they should secure their workflow data and credentials and only integrate with services in compliance with any relevant policies.
By using the Pipedream-powered integrations, you understand that data will be exchanged with external services at your request. We will always disclose within the platform what kind of access or actions you are granting. If you have questions about a particular integration’s data usage, please contact us. Additionally, any data that flows through to a third-party application (for example, an email sent through Gmail, or a record created in Salesforce) will of course be subject to that third-party’s own privacy policy once it reaches them. We recommend you review the privacy policies of any third-party services you connect to our platform.
For information about Pipedream’s data handling practices, please refer to the Pipedream Privacy Policy.
Payment Processing (Stripe)
We use Stripe for secure payment processing and billing management. Stripe is a leading payment processor which handles credit card transactions and subscription billing on our behalf. When you enter credit card details or make a payment, that information is sent directly to Stripe via an encrypted connection; we do not store your full credit card number, expiration, or CVV code on SketricGen servers. Stripe will return a payment token or ID which we store and use to reference your account’s payments.
Auto-recharge and Billing: If you enable auto-recharge of credits or have a subscription, Stripe will automatically charge your saved payment method when needed (for example, when your credit balance runs low or at the start of a new billing cycle). SketricGen’s systems do not store your billing address, card details, or even the last four digits of your card. We only retain a Stripe Customer ID and a Stripe Subscription ID, which serve as references to your account within Stripe. These identifiers allow us to trigger billing events against your saved payment profile, which is securely stored and managed entirely by Stripe. All payment processing, including the creation, management, and security of your payment details, is handled by Stripe. SketricGen merely initiates or calls the relevant functions via Stripe’s APIs to complete transactions.
Stripe is PCI-DSS compliant and has robust security measures; it is certified to handle and store credit card information securely. We rely entirely on Stripe to keep your payment information safe. We do not share your payment information with anyone except Stripe (and Stripe’s affiliated banks/card networks) as required to process payments, or as required for compliance (e.g., accounting or legal obligations).
For more details on how Stripe handles your data, please see the Stripe Privacy Policy. By making a purchase on SketricGen, you consent to Stripe’s processing of your payment information. If you have questions about payment security or need to update your payment details, you can do so via our platform (which interfaces with Stripe) or contact us for help.
Cloud Hosting and Storage (AWS)
SketricGen is hosted on Amazon Web Services (AWS) cloud infrastructure. AWS provides us with secure data centers and services for running our application and storing data. All of your data, including profile information, uploaded files, conversation logs, and databases, is stored on AWS servers. We primarily utilize AWS data centers in the United States. However, depending on service needs and your location, data may be processed or replicated in other AWS regions (for example, to ensure fast response times or redundancy). Regardless of location, we ensure that robust security measures and legal safeguards are in place for all data storage.
Security on AWS: AWS is an industry leader in cloud security. Our servers and databases on AWS are protected by multiple layers of security, including network firewalls, encryption, and access controls. Personal data is encrypted at rest on AWS (for instance, our databases and S3 storage buckets use encryption so that the raw data is not readable without proper keys). We also enforce HTTPS/TLS encryption in transit for all data communications, meaning data is encrypted while being transmitted between your device and our servers (and between our servers and any third-party services). Access to AWS resources is restricted to authorized personnel and requires multi-factor authentication. AWS maintains numerous compliance certifications (such as SOC 2, ISO 27001, etc.), and we build our systems following AWS security best practices.
Data Deletion on AWS: When you delete data through our platform (such as removing a file or deleting a knowledge base), the data will be deleted from our AWS storage. In accordance with our retention policy, the content will be made inaccessible immediately and then permanently expunged from AWS (including any backups) within 30 days. Similarly, if you delete your account, we will initiate deletion of your data from all AWS storage. (There may be an additional short delay to remove data from geo-redundant backups or caches, but generally purging will be completed within 30 days of account deletion or data deletion request.)
International Data Transfers: If you are accessing SketricGen from outside of the United States, be aware that your data might be transferred to, stored in, and processed in the U.S. or other countries where we or our service providers (like AWS) have facilities. These countries may have data protection laws different from those in your jurisdiction. In such cases, we take steps to ensure appropriate safeguards are in place to protect your personal data. For example, for personal data originating from the EU or UK, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure legality of international data transfers. Our goal is to ensure that no matter where your data is processed, it remains subject to robust security and privacy standards equivalent to those of your home jurisdiction.
User Rights and Data Deletion
We respect your rights over your personal data. Depending on your location and applicable laws (such as the EU General Data Protection Regulation - GDPR, or similar laws in other jurisdictions), you may have some or all of the following rights:
Right to Access: You have the right to request a copy of the personal data we hold about you. This includes data in your profile, content you have provided, and logs of your activities. Most of this data can be accessed directly by logging into your account (for example, viewing your profile info, conversation history, and knowledge base content). If you require a comprehensive export, you can contact us to request it.
Right to Rectification: If any of your personal data is inaccurate or outdated, you have the right to correct it. You can update much of your profile information directly in your account settings. For any information that you cannot update yourself, you may contact us and we will correct it as needed.
Right to Deletion (Right to Erasure): You have the right to request deletion of your personal data. You can achieve this in several ways on our platform. For example, you may delete specific content (like removing a file from your knowledge base, deleting an AI agent, or clearing a conversation history) at any time – the system will then erase or anonymize that content from our active databases. You may also delete your entire account via the account settings page. Account deletion will remove your profile and all associated personal data from our production systems, typically within a short period. After you initiate deletion, we retain data for a brief grace period (up to 30 days) in backups or archived databases, after which it is permanently expunged. This grace period allows for recovery in case of accidental deletion or as required for legitimate business interests (e.g., finalizing billing records) before final purging. Do note that we may retain certain minimal information as required by law or for legitimate business purposes (for instance, we might keep a record of transactions for accounting, or logs to demonstrate compliance with legal obligations), but we will purge or anonymize those in accordance with applicable retention laws.
Right to Restrict or Object to Processing: You have the right to object to certain processing of your data or ask us to limit how we use it. For instance, you can object to receiving marketing emails (and as noted above, while we currently lack an automated opt-out, you may contact us to remove you from such communications). If you believe we are processing any data beyond the purpose for which it was collected, you can request a restriction. We will evaluate and honor such requests in line with legal requirements. For example, if you contest the accuracy of data, you can request we pause processing it (other than storing it) until it’s corrected.
Right to Data Portability: In jurisdictions that mandate it, you have the right to obtain your personal data in a commonly used, machine-readable format so you can transfer it to another service. We can provide exports of your data (e.g., conversation logs, knowledge base files, etc.) upon request. Some data, like your uploaded documents, you can already download from the platform in their original format.
Rights related to Automated Decision-Making: SketricGen does not make any legally significant decisions about individuals using purely automated means. The AI agents act based on your inputs and configurations, and they do not autonomously make decisions that have legal or similar effects on you. If this ever changes, we will inform you and ensure appropriate safeguards and rights (such as the right to human review of an automated decision) are provided.
To exercise any of your rights, please contact us using the information in the Contact section below. We will verify your identity (to protect your privacy) and respond to your request within the timeframe required by law (generally within 30 days for most requests). Please note that some rights may be subject to exceptions – for example, if fulfilling a deletion request for certain data would prevent us from complying with a legal obligation, we might need to retain that data. We will inform you if any such exceptions apply.
We are committed to complying with all applicable data protection laws, including the GDPR and the California Consumer Privacy Act (CCPA) where relevant. For example, California residents have the right to request a list of the categories of personal information we have disclosed for direct marketing purposes (we do not disclose data for direct marketing aside from our own use, as stated) and the right not to receive discriminatory treatment for exercising privacy rights. We do not sell personal information as defined under the CCPA (nor under equivalent laws). If you have any questions about your privacy rights or how to exercise them, you can always reach out to us.
Security Measures and International Transfers
Security Measures: We take the security of your data very seriously and have implemented comprehensive measures to protect it. These measures include administrative, technical, and physical safeguards designed to guard against unauthorized access, disclosure, or destruction of personal data:
All communications with the SketricGen platform are encrypted via TLS/HTTPS, which protects data in transit between your device and our servers.
Data you store with us (including profile info, content, and logs) is encrypted at rest on our servers and databases. We use industry-standard encryption algorithms and key management practices to prevent unauthorized data access.
Our platform and databases are hosted in secure facilities (AWS data centers) that have robust security and monitoring. AWS maintains numerous certifications (SOC 2, ISO 27001, etc.) and complies with strict physical and network security standards. We inherit many of these controls as a customer of AWS.
We employ access controls and authentication to restrict access to systems containing personal data. Only a limited number of authorized SketricGen personnel (on a need-to-know basis) can access raw data, and even then only via secure authentication mechanisms. Employee access to data is logged and audited. We enforce strong password policies and multi-factor authentication for our internal systems.
SketricGen’s code and infrastructure are regularly updated with security patches. We conduct periodic security assessments and vulnerability scans. Any security incidents would be handled under a documented incident response plan, and users would be notified of any significant data breaches as required by law.
We also encourage users to practice good security hygiene, such as choosing strong passwords and protecting access tokens. Remember that you play a role in keeping your data safe too – for instance, do not share your login credentials, and be cautious when granting integrations access to your data (as described in the Pipedream section above).
While we strive to protect your information with these measures, no website or internet transmission is completely secure. Therefore, we cannot guarantee absolute security of data. However, we continuously review and enhance our security practices to meet or exceed industry standards, and if any breach of security affecting your personal data occurs, we will promptly inform you and take necessary steps to mitigate it.
International Data Transfers: SketricGen is a global service – your data may be transferred to and stored in countries other than your own. Primarily, data is processed in the United States (where our company is based and where our primary servers are located). Additionally, some of our subprocessors (like OpenAI, Stripe, and Pipedream) may process data in the U.S. or other regions (for example, OpenAI has infrastructure in the US and possibly EU; Pipedream is US-based on AWS us-east-1; Stripe and AWS have global infrastructure). If you reside outside of the U.S., the laws governing data protection in the U.S. (or other countries where data is processed) may differ from those of your country.
In all such cases, we take steps to ensure that an adequate level of protection is applied to your personal data. These steps include entering into data protection agreements and Standard Contractual Clauses (SCCs) with service providers when required, and ensuring recipients of the data are obligated to handle it in accordance with applicable data protection laws. We also base these transfers on the necessity to fulfill our contract with you (the Terms of Service), as the service cannot be provided otherwise. By using SketricGen, you consent to the transfer of your information to these countries as needed for the provision of the Services.
If you have questions about international data storage or require more information about our data transfer safeguards (for example, copies of relevant SCCs), please contact us. We understand the importance of data locality for some users and will be transparent about where your data resides and how it’s protected. In the future, we may offer options to choose data storage regions, and we will update this policy accordingly if such options become available.
Children’s Privacy
Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18 years old. If you are under 18, you should not use SketricGen or provide any information to us. We do not intentionally allow minors to register or use the platform.
If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our records. This may include deleting the user account and any associated data. If you are a parent or guardian and discover that your under-18 child has an account or has provided personal data to us, please contact us and we will remove the information and terminate the account.
(Note: If local law in certain jurisdictions sets a higher age threshold for “child” (e.g., under 16 in the EU for certain consent purposes), we will adhere to those requirements as well. In any case, we do not market to or knowingly serve minors.)
Changes to this Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of the policy. If the changes are material, we will provide a more prominent notice as appropriate – for example, by emailing you at the email address on file or by placing a notice on our website or dashboard.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any update to this Policy becomes effective constitutes your acceptance of the updated terms. If you do not agree with any updates or changes, you should discontinue using the Services and may request that we delete your data as described above.
In the event of any significant change in data practices (for example, if we were to collect new types of personal data or share data with new categories of third parties not covered by this version of the policy), we will notify users in advance and obtain consent if required by law.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and will respond as promptly as possible.
Contact Email: contact@sketricsolutions.com
Please use the above contact information to reach our privacy team for any inquiries such as data access/deletion requests or clarification about our privacy practices. We will gladly assist you and address any issues to the best of our ability.
Thank you for trusting SketricGen with your AI agent projects. We are committed to protecting your privacy and ensuring the security of your data as you leverage our platform.