Trust & security
Honest data-flow disclosure.
Ataski processes your data only to deliver the service you signed up for. We do not sell your data. We do not train AI models on your data. We do not share your data with marketing networks, data brokers, or affiliated companies. Below is the honest map of what we use to run the service and what each vendor sees.
Last updated 2026-05-23 · refreshed within 14 days of any sub-processor change.
Default posture
Train AI on your data.
Anthropic and OpenAI both default to no-train on the API tier. We never opt in to training. Zero-data-retention enrollment with OpenAI is in flight to remove their default 30-day abuse-monitoring window.
Default posture
Read-only by default.
Every integration ships with read-only OAuth scopes. We do not write to your CRM, calendar, mailbox, or messaging system. Any future write capability is gated by a separate, audited approval flow per integration — never quietly enabled by a scope change.
Boundaries
What we do not do.
-
Sell your data.
We have never sold customer data. We do not have a commercial relationship with data brokers, marketing networks, or affiliated companies that would receive it.
-
Train AI on your data.
Anthropic and OpenAI both default to no-train on the API tier. We never opt in to training. We are pursuing zero-data-retention enrollment with OpenAI to remove their default 30-day abuse-monitoring retention.
-
Share data across customers.
Every tenant-scoped table enforces Postgres Row Level Security via a session variable that follows every query. A query without a tenant context returns zero rows. The boundary is enforced at the database, not at the application layer.
-
Read your meeting transcripts.
When live meeting recording re-enables (paused per ADR-0068 pending the consent-capture flow), Recall.ai will capture the transcript on your behalf. Today: you upload the transcript directly via the meeting dashboard. Our server reads each transcript once to produce the recap email you requested, and the recap goes through cross-family supervisor review before send. No human at Ataski reads the transcript outside an incident-response investigation, which is itself audit-logged.
-
Write to your tools.
Every integration we ship is read-only by default. OAuth scopes are pinned to read-only at registration. A separate, audited approval flow gates any future write capability.
Practices
What we do.
-
Use named sub-processors under DPA.
Every vendor below holds bytes of customer data only because they power a feature you are using. Each has a written Data Processing Agreement. We update this page within 14 days of any sub-processor change.
-
Audit every action.
Append-only audit log captures every LLM call, external API hit, data modification — with tenant, user, cost, latency, correlation ID. Retained for the life of the tenant, hard-deleted at offboarding.
-
Encrypt OAuth tokens at rest.
Refresh tokens are Fernet-encrypted in the database. Per-tenant encryption keys (envelope encryption) ship before any non-FreeBusy integration goes live.
-
Honour deletion within 30 days.
Cancel from /app/settings → Delete workspace. A 30-day reversible grace, then a hard purge across every tenant-scoped table propagates to every sub-processor we send your data to. Audit log goes too.
-
Cross-family supervisor review.
Every drafted output is re-read by a different model family before send. Same blind spots fail together; cross-family supervision catches the hallucinations a single LLM cannot self-diagnose. Lead-identity tokens are redacted before the supervisor sees them.
Sub-processors
Vendors that hold bytes of your data.
Each is bound by a written Data Processing Agreement. They operate a specific feature you are using; bytes leave nowhere else.
| Vendor | Purpose | Data accessed | Region | DPA |
|---|---|---|---|---|
| Hetzner Online GmbH | Application server hosting (CCX23 Ashburn) | all customer data via application access | Germany (data center USA) | View → |
| Neon, Inc. | Postgres database hosting | all customer data via RLS | USA | View → |
| Cloudflare, Inc. | DNS, CDN, WAF, R2 object storage (PDFs, HTML snapshots) | board pack PDFs; HTML snapshots; static assets; network metadata (IP, request path) | USA | View → |
| WorkOS, Inc. | Authentication (SSO / SAML / passwordless) | authentication credentials; user identity | USA | View → |
| Wildbit, LLC (Postmark) | Transactional email delivery + inbound webhook | recipient email addresses; email body content | USA | View → |
| Anthropic, PBC | Worker LLM inference (Claude API) | user prompts; model outputs | USA | View → |
| OpenAI, OpCo, LLC | Cross-family supervisor LLM + embeddings | user prompts; model outputs; embedding inputs | USA | View → |
| Google LLC (Vertex AI / Gemini) | Tier-3 tiebreaker LLM when worker and supervisor disagree | user prompts; model outputs | USA | View → |
| Recall.ai (Reduct Video, Inc.) | Meeting bot identity + transcription (Meeting Coordinator, Board Pack co-pilot) | meeting audio; meeting transcripts; participant names and emails; meeting chat messages | USA | View → |
| Bright Data Ltd | MCP-orchestrator primary: SERP search, Web Unlocker, firmographic datasets | customer ICP query; public-web search results; company and team page extractions | Israel (global data centers) | View → |
| Perplexity AI, Inc. | Sonar API — search and synthesis for personalization context | email or domain inputs; public-web summaries | USA | View → |
| ZeroBounce, Inc. | Email deliverability verification (PAYG, no vendor-side PII retention) | email addresses submitted for verification | USA | View → |
| Apify Technologies s.r.o. | Pre-built actors for non-LinkedIn scraping and signal aggregation | per-actor query inputs; structured public-web extractions | Czech Republic (EU) | View → |
| Stripe, Inc. | Billing / payment processing (Checkout, customer portal, Stripe Tax) | billing details; subscription data | USA | View → |
| Langfuse GmbH | LLM trace storage (async-pushed prompts + completions) | LLM prompt content; LLM completion content; model and cost metadata | Germany (EU) | View → |
| Bugsink B.V. | Error tracking (Sentry-compatible, PII off by default) | stack traces; request metadata (tenant_id, correlation_id) | Netherlands (EU) | View → |
| PostHog, Inc. | Product analytics (page-view and event telemetry) | page-view events; anonymized session traces | USA | View → |
| Better Stack sp. z o.o. (Logtail) | Uptime monitoring and heartbeats | endpoint health metadata | Poland (EU) | View → |
Your rights
Export, correct, delete.
Under GDPR / UK GDPR you can request a copy of your data, ask us to correct it, or ask us to delete it. Deletion happens within 30 days of your request and propagates to every sub-processor named above. Export self-service from your dashboard; deletion request to info@globaldeal.app or via /app/settings → Delete workspace.
Security architecture
Tenant isolation, append-only audit, encrypted secrets.
Postgres Row Level Security on every tenant-scoped table. Append-only audit log with cost + latency + correlation ID per action. Fernet-encrypted OAuth tokens at rest, with envelope encryption (per-tenant DEKs) shipping before any non-FreeBusy integration goes live. TLS 1.2+ in transit. WorkOS-fronted SSO with sealed session cookies (__Host- attribute). Cloudflare WAF. Hetzner snapshots roll over within 7 days.
Compliance
GDPR shipped. SOC 2 in progress.
GDPR controls implemented per the rights and deletion sections above. SOC 2 Type 1 evidence collection in progress; we will publish a status badge on this page when the report is issued. HIPAA is not in scope today.
Company information
Who operates Ataski.
GlobalDeal Inc.
Ataski is operated by GlobalDeal Inc., a Delaware C-Corporation. Mailing address:
GlobalDeal Inc.1720 W Ball Rd, Ste 4B #136
Anaheim, CA 92804
United States
General inquiries: info@globaldeal.app · Legal: legal@ataski.com
Questions
Reach the founder.
Email info@globaldeal.app. For procurement / security review, send your DPA + sub-processor questionnaire and we will turn it around within 48 hours.