Privacy PolicyLast Updated: February 4th, 2025The Workspace Company, Inc. (“Casy,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals (“you” or “users”) using our project-management platform and related services (“Services”). This Privacy Policy explains how we collect, use, disclose, and protect your Personal Data when you interact with our Services. We adhere to all applicable global privacy standards and regulations, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the OECD Guidelines, the proposed EU Artificial Intelligence Act (AI Act), and other relevant laws.
1. ScopeThis Privacy Policy applies to all Personal Data we process in connection with our Services, including:
• The Casy bot integrations in messaging platforms (e.g., Telegram, Slack).
• Our websites, applications, and other interactions (e.g., customer service inquiries, feedback forms).
By using the Services, you agree to the processing of your information in accordance with this Privacy Policy.
2. Information We CollectWe collect information about you in three primary ways: (1) data you provide directly, (2) data collected automatically, and (3) data obtained from third-party sources.
2.1 Data You Provide Directly2.1.1 Account CreationWhen you create a Casy account, we collect information such as your name, email address, password, and role. You may also choose to provide an optional profile photo.
2.1.2 Communications with UsWe collect your email address, phone number, and any content or attachments you send us when you:
• Request information about our Services.
• Contact our support team.
• Subscribe to newsletters or updates.
2.1.3 Payment InformationIf you purchase a subscription, we collect billing information (e.g., credit card details, billing address) through our third-party payment processors. We do not store complete payment information on our servers.
2.1.4 Surveys and FeedbackWe may collect additional details if you choose to participate in surveys or provide feedback about our Services.
2.1.5 Promotions and EventsIf you register for promotions, contests, or conferences, we may collect contact details to manage your registration and communicate with you.
2.1.6 Job ApplicationsIf you apply for a job, we may collect CVs, cover letters, and other relevant employment information.
2.2 Data Collected Automatically2.2.1 Usage DataWhen you interact with our Services (including chat integrations), we automatically collect information such as:
• IP address
• Device and browser type
• Operating system
• Date/time stamps
• Pages or features you access
2.2.2 Cookies and Similar TechnologiesWe and our analytics partners use cookies, pixel tags, and similar technologies to track and analyze user activity and to personalize content. For more details, see our Cookie Notice.
2.2.3 Chat Processing for ML•
Ephemeral Storage: When you use the Casy bot, a portion of your chat content is sent to our servers in encrypted form to process and understand user intent via an on-premise Machine Learning (ML) model.
•
Automatic Deletion: Chat messages are stored securely for up to 10 minutes and then automatically deleted from our servers, unless you provide feedback (see
2.3.1 below).
2.3 Data from Third PartiesWe may receive information about you from third-party sources, such as:
• Social media platforms (when you choose to register or log in through them).
• Other users who invite you to collaborate within our Services.
2.3.1 Feedback Data for ML Training If you explicitly rate or comment on the bot’s responses within the 10-minute window, your feedback — along with the minimal necessary excerpt of the chat — may be anonymized and used to improve
our internal ML models.
We never share or sell these chat excerpts to external ML services.3. How We Use Your InformationWe use your Personal Data for the following business purposes:
1.
Provide and Maintain Services• To authenticate you and manage your account.
• To enable core functionalities such as task creation, event scheduling, and collaborative features.
2.
Communications and Notifications• To send you service-related updates, including confirmations, technical notices, and security alerts.
• To respond to your inquiries, complaints, or other communications.
3.
Analytics and Improvements• To analyze usage trends, monitor performance, and improve our Services.
• To ensure the relevance and effectiveness of our features and user interface.
4.
ML and AI Processing• To understand user commands and automate project-management tasks.
• To improve our ML models and enhance natural language understanding (only with anonymized feedback data).
5.
Marketing (With Consent Where Required)• To send promotional materials or offers related to our Services. You can opt out of marketing communications at any time.
6.
Legal and Compliance• To comply with applicable laws, regulations, and legal processes.
• To enforce our agreements, protect the security or integrity of our Services, or defend against legal claims.
4. Legal Bases for Processing (GDPR-specific)If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, we process your Personal Data under the following legal bases:
•
Consent: Where you have given clear consent (e.g., receiving marketing communications, participating in ML feedback).
•
Contract: Where processing is necessary for the performance of a contract with you (e.g., providing the Services).
•
Legal Obligation: Where processing is required to comply with our legal obligations.
•
Legitimate Interests: Where necessary for our legitimate interests, such as improving our Services, provided that these interests are not overridden by your data protection rights.
5. Data RetentionWe retain your Personal Data as long as it is necessary to:
• Fulfill the purposes for which it was collected.
• Comply with legal obligations (e.g., financial records).
• Enforce our agreements.
Chat data processed by our ML models is stored for no more than 10 minutes, unless you actively provide feedback. In that case, the relevant excerpt is anonymized and retained solely for ongoing model improvement.
6. How We Share Your InformationWe may disclose your Personal Data to the following categories of recipients:
1.
Service ProvidersThird-party vendors who perform functions on our behalf (e.g., payment processing, analytics, hosting). These service providers are bound by confidentiality and data protection obligations.
2.
Business PartnersAt your direction, we may share information with partners for integrated features or services.
3.
AffiliatesWe may share data with our affiliates under common ownership or control, subject to this Privacy Policy.
4.
Legal and ComplianceWe may disclose data to comply with applicable laws, regulations, or legal requests; to protect the rights, safety, or property of Casy or others; and to enforce our terms and policies.
5.
Merger or AcquisitionIn the event of a merger, acquisition, financing, or sale of assets, your Personal Data may be transferred as part of the transaction, subject to standard confidentiality arrangements.
We do not sell or rent your Personal Data to third parties.
7. International Data TransfersYour information may be transferred to and processed in countries other than your own, including the United States, where our servers and central operations are located. We comply with applicable cross-border transfer regulations, including the GDPR’s requirements for international data transfers (e.g., Standard Contractual Clauses) and the OECD Guidelines for data protection.
8. Your Rights and ChoicesDepending on your jurisdiction (e.g., under the GDPR, CCPA, or other applicable laws), you may have the following rights:
•
Access: The right to request a copy of your Personal Data.
•
Rectification: The right to correct inaccurate or incomplete data.
•
Erasure: The right to request deletion of your data, subject to certain exceptions.
•
Restriction: The right to request limited processing of your data.
•
Portability: The right to receive your data in a structured, commonly used format.
•
Objection: The right to object to processing based on our legitimate interests or for direct marketing purposes.
•
Withdrawal of Consent: Where we rely on your consent, you may withdraw it at any time.
To exercise these rights, please contact us at
help@casy.space. We will respond to your request within the timeframe required by law.
9. California Privacy Rights (CCPA/CPRA)If you are a California resident, you have the right to:
• Know what Personal Data we collect, use, disclose, and sell (we
do not sell Personal Data).
• Request deletion of your Personal Data, subject to legal exceptions.
• Non-discrimination for exercising your privacy rights.
For more information about your California privacy rights, or to submit a request, please contact us at
help@casy.space.
10. Security MeasuresWe employ industry-standard administrative, technical, and physical safeguards to protect your Personal Data. These measures include encryption of data in transit, secure server infrastructure, and strict access controls. However, no security system is impenetrable, and we cannot guarantee absolute security of your data.
11. Automated Decision-Making and AI Act ComplianceOur Services use ML models to interpret user commands and automate task creation. We are committed to:
•
Transparency: Providing clear information about how automated features affect you.
•
Fairness and Accountability: Regularly reviewing and improving our models to prevent bias.
•
User Control: Allowing you to provide feedback and override automated decisions (where relevant).
We proactively monitor emerging regulations, including the proposed EU AI Act, to ensure our Services remain compliant with best practices and legal requirements regarding Artificial Intelligence.
12. Children’s PrivacyOur Services are not intended for children under the age of 13. We do not knowingly collect Personal Data from children. If you believe that a child has provided us with Personal Data, please contact us at
help@casy.space so we can delete the information.
13. Third-Party Links and ServicesOur Services may contain links to third-party websites or integrations with third-party platforms. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before submitting any information.
14. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make material updates, we will notify you as required by law (e.g., by posting a notice on our website or sending an email). The updated policy will be effective upon posting unless otherwise indicated.
15. Contact UsIf you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
The Workspace Company, Inc.220 East 23rd Street
New York, NY 10010
United States
help@casy.spaceWe are committed to working with you to resolve any concerns about privacy and the protection of your data.