Your go-to-market data is yours

1. 1.
   Your data belongs to your company. We collect only what's needed to run the Services and sharpen your go-to-market: your account details, the product and company context you share, and the signals from the tools you choose to connect, and nothing more.
2. 2.
   One pod per company. Your workspace runs in its own isolated, dedicated pod. Your data is never commingled with another company's, and there is no shared cross-customer database of your records.
3. 3.
   Used to serve you, never sold. We use the data we retain only to provide the Services and improve how well Polipo works for your company. We will never sell it to any third party, show you ads, or hand it to data brokers.
4. 4.
   Anonymized benchmarks, for everyone's benefit. We may analyze data across customers in aggregated, anonymized form to produce industry benchmarks and broad cohort analysis. These insights are for our customers and the public good, never for sale.
5. 5.
   Radical transparency. Where we have limitations, like relying on cloud AI for inference, we tell you exactly how it works rather than hiding behind vague language.

Information You Share With Polipo

During onboarding and normal use, you and your connected tools provide the following. All of it is stored inside your company's isolated pod:

Information We Handle Directly

A small amount of information necessarily passes through our infrastructure to operate the Services:

Information We Do Not Collect

We do not pull data from tools you haven't connected, request access beyond the scopes you grant, buy third-party personal data, or build advertising profiles.

A Note on Encryption at Rest

At launch, we rely on per-company pod isolation, strict internal access controls, and encryption in transit. We do not yet encrypt all data at rest by default. We treat this as a priority on our roadmap and will update this policy as that protection rolls out.

What Happens When Polipo Works on Your GTM

When Polipo reasons about your go-to-market, the relevant context, your positioning, ICP, and connected signals, is processed by AI models to produce recommendations. Two places process data: the plugin running in your terminal under your own AI provider (Claude Code or Codex), and our Cloud GTM engine, which sends the minimum necessary context to our AI inference provider (currently Anthropic) over an encrypted connection. Here's what's important to understand:

Polipo's value comes from grounding in the tools your go-to-market already runs on. You choose what to connect, and you can disconnect at any time.

Managed Connections

When you connect a tool, your CRM, analytics, pipeline, email, or others, Polipo uses secure, managed OAuth connections brokered by our connection provider, Composio. You authorize each connection with a single click, we request only the scopes needed for the features you use, and there are no API keys or credentials for you to paste into config. All data to and from these integration partners travels over encrypted connections. You can revoke any connection at any time, from Polipo or from the tool's own settings.

Google Services

If you connect Google services (such as Google Analytics, Gmail, or Google Calendar), we request only the minimum permissions necessary for the features you use, and you can revoke access at any time through your Google Account settings.
Polipo's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Payment Processing

Subscription payments are handled by Stripe. We do not store your credit card number or payment credentials on our servers. Stripe's handling of your payment information is governed by their privacy policy.

We use your information for the following purposes and no others:

• To provide and operate the Services: deriving your positioning and ICP, generating target lists and content, and running your go-to-market loop.
• To improve the Services for you: turning your own go-to-market signals, wins, losses, objections, activation, and retention, into sharper targeting and recommendations for your company.
• To communicate with you: sending product updates, and the notifications or summaries you've opted into.
• To maintain the platform: analyzing anonymized, aggregated usage patterns (not your go-to-market content) to fix bugs and build better features.
• To ensure security: detecting and preventing unauthorized access or abuse.

Aggregated, Anonymized Insights

We may analyze data across customers in aggregated, anonymized form, never tied to your company or any individual, to produce industry benchmarks and broad cohort analysis (for example, typical conversion patterns by stage or motion). These insights are made available for the benefit of our customers and the public. We never sell this data or these insights, and we never expose one customer's data to another.

We do not use your data for advertising, profiling on behalf of third parties, or any purpose beyond operating and improving the Services you've signed up for.

We share your information only in these limited circumstances:

• AI inference provider (currently Anthropic): the minimum context needed for the task, encrypted in transit and handled under our commercial agreement with the provider.
• Connection provider (Composio): brokers the managed OAuth connections to the tools you authorize.
• Connected tools you authorize (your CRM, analytics, email, and others): only the data necessary to perform the integration you requested.
• Payment processor (Stripe): to process your subscription.
• Infrastructure & operations providers: cloud hosting and product analytics that run the Services under confidentiality obligations.
• Legal requirements: if required by law, subpoena, or court order. We will notify you unless legally prohibited from doing so.
• Business transfers: in the event of a merger or acquisition, your data would remain subject to this privacy policy.

We retain your data only as long as you are using the Services. You can delete your workspace at any time, removing the data held in your pod.

• Workspace data: your positioning, ICP, connected signals, and generated outputs are stored in your company's pod for as long as your account is active. You can delete them at any time.
• Connected-tool tokens: OAuth tokens are stored only while the integration is active. Revoking access deletes the token.
• AI processing: Polipo does not retain the context it sends to our AI inference provider beyond the active task. The provider's own handling is governed by our agreement with them.
• Aggregated, anonymized insights: because these contain no identifying information, they may be retained after account deletion, but they cannot be traced back to you.
• Account deletion: when you delete your account, your company's pod and the data within it are decommissioned.

Regardless of where you operate, we provide every Polipo customer with the following rights:

For users in the European Union, United Kingdom, or California, you have additional rights under GDPR, UK GDPR, or CCPA respectively, including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities. Contact us at privacy@polipo.ai to exercise any of these rights.

Polipo is a business tool intended for organizations and the professionals who run them. The Services are not directed to or intended for children, and you must be at least 18 years old to use them, consistent with our Terms of Use. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@polipo.ai and we will delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Polipo app or via email at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, we'd love to hear from you: