Privacy Policy
Effective Date: April 6, 2026
This Privacy Policy explains how Automation Edit LLC ("Automation Edit," "we," "us," or "our") collects, uses, stores, and protects your information when you use SmartAF™ and related services (the "Service"). By using SmartAF, you agree to the practices described in this policy.
1. Information We Collect
Account Information
When you sign up for SmartAF, we collect:
- Email address and name, provided via Google Sign-In or email registration
- Organization identifier, automatically generated to scope your data
Documents and Content
To build your knowledge base ("Brain"), you may provide:
- Uploaded documents (PDFs, text files, and other supported formats)
- Google Drive content synced via read-only OAuth access
- Notion pages and databases synced via read-only OAuth access
- Text content added directly through the MCP connector or web interface
Usage Data
We track usage metrics to enforce plan limits and improve the Service:
- Document count and word count
- Daily query count
- Connector sync status
Billing Information
Payment processing is handled entirely by Stripe. We store only your Stripe customer ID to associate payments with your account. We never store, access, or process credit card numbers, bank account details, or other financial instruments.
Connector Tokens
When you connect Google Drive or Notion, OAuth access tokens are stored securely in AWS DynamoDB. These tokens are never exposed to the frontend, never shared with third parties, and are deleted immediately when you disconnect the integration.
2. How We Use Your Information
We use your information to:
- Operate the Service — store your documents, generate vector embeddings, and serve search results through the MCP connector and web interface
- Enforce plan limits — track document count, word count, and query usage against your subscription tier
- Process payments — manage subscriptions through Stripe
- Provide support — respond to support requests submitted via the in-app chat widget or email
- Improve the Service — analyze aggregate, anonymized usage patterns to enhance features and performance
- Ensure security — detect and prevent unauthorized access, abuse, and prompt injection attacks
3. Data Storage and Security
Infrastructure
All data is stored on Amazon Web Services (AWS) infrastructure in the us-east-1 (N. Virginia) region:
| Data Type | Storage |
|---|---|
| Original documents | AWS S3 (encrypted at rest) |
| Vector embeddings and search index | AWS OpenSearch |
| Usage, connectors, marketplace metadata | AWS DynamoDB |
| User authentication | AWS Cognito |
Multi-Tenant Isolation
SmartAF is a multi-tenant platform. Every document, embedding, and query is scoped to your organization ID. Strict data isolation ensures that your content is never accessible to other users or organizations. There is no cross-tenant data access at any layer of the system.
Security Measures
- HTTPS encryption on all connections
- JWT-based authentication via AWS Cognito
- HMAC-signed OAuth state parameters
- Web Application Firewall (WAF) protection
- Input validation and prompt injection defense
- Rate limiting on all API endpoints
- OAuth tokens encrypted at rest in DynamoDB
4. Third-Party Services
SmartAF integrates with the following third-party services. Each service processes data only as necessary to provide its function:
| Service | Purpose | Data Shared |
|---|---|---|
| AWS Bedrock | Document vectorization (Titan embeddings) and marketplace content synthesis (Claude Sonnet) | Document text for embedding; marketplace content for synthesis |
| Stripe | Subscription billing and payment processing | Payment details (handled directly by Stripe; we store only customer ID) |
| Cloudflare | CDN, DNS routing, and static page hosting | Standard web traffic metadata |
| OAuth sign-in and Google Drive API (read-only) | Email, name, and authorized Drive file content | |
| Notion | OAuth and API access (read-only) | Authorized page and database content |
| AWS Cognito | User authentication and session management | Email, name, organization group membership |
5. AI Processing and Embeddings
When you add a document to SmartAF, the following processing occurs:
- The document is stored in AWS S3
- Text is extracted and split into chunks
- Each chunk is sent to AWS Bedrock Titan to generate a vector embedding (a numerical representation used for semantic search)
- Embeddings are stored in AWS OpenSearch, scoped to your organization
Important:
- Your documents are never used to train AI models
- AWS Bedrock processes data under AWS's data privacy commitments and does not use customer inputs for model training
- When you query your Brain via the MCP connector, search results are returned to Claude as context — Claude performs the synthesis, not SmartAF
- Marketplace content synthesis (via Bedrock Claude Sonnet) produces summarized outputs; raw marketplace content is never exposed to end users
6. Marketplace Data
The SmartAF Marketplace allows users to publish and install IQ Boosts (expert knowledge packages) and Skills (instruction frameworks).
- Publishers upload content that is reviewed by an administrator before becoming available. Published content is stored in a shared
marketplacenamespace and made searchable for installers - Installers receive read-only search access to marketplace content. No data is copied into the installer's Brain — marketplace content is accessed in real time
- Marketplace content undergoes Bedrock synthesis before being returned in search results; raw publisher content is never directly exposed to installing users
- Skills are full-document instruction sets that are loaded into AI conversations and are reviewed by an administrator before publishing
7. Data Sharing
We do not sell your personal information or document content. We do not share your data between organizations. We only share information in the following circumstances:
- Third-party service providers listed in Section 4, solely to operate the Service
- Legal compliance, if required by law, subpoena, court order, or governmental regulation
- Safety, to protect the rights, property, or safety of Automation Edit, our users, or the public
- Business transfer, in the event of a merger, acquisition, or sale of assets, with reasonable notice provided to affected users
8. Data Retention
- Active accounts: Your documents, embeddings, and account data are retained for as long as your account is active
- Deleted documents: When you delete a document, it is removed from S3 and its embeddings are removed from OpenSearch. Deletion is processed promptly via our async queue system
- Disconnected integrations: When you disconnect Google Drive or Notion, OAuth tokens are deleted immediately. Synced content can be separately removed from your Brain
- Account deletion: Upon request, we delete all data associated with your account, including documents, embeddings, usage records, and connector tokens. Contact support@automationedit.ai to request account deletion
- Backups: Standard AWS backup mechanisms may retain encrypted copies for a limited period after deletion, consistent with our infrastructure provider's data handling practices
9. Your Rights
You have the right to:
- Access your documents and account data through the SmartAF web interface
- Delete any document from your Brain at any time via the web interface
- Disconnect Google Drive or Notion integrations at any time (tokens are deleted immediately)
- Request account deletion by contacting support@automationedit.ai — all associated data will be removed
- Request information about what data we hold about you
Please note: SmartAF does not currently offer a bulk export feature. However, your original documents remain available in their source locations (Google Drive, Notion, or your local files).
10. Cookies and Analytics
The SmartAF web application uses essential cookies for:
- Authentication: Session tokens to maintain your signed-in state
- Security: CSRF protection and OAuth state verification
We do not use third-party advertising cookies or cross-site tracking. The SmartAF landing page (hosted on Cloudflare Pages) may use standard Cloudflare analytics which collects anonymized, aggregate visitor metrics.
11. Children's Privacy
SmartAF is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of SmartAF after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Automation Edit LLC
Email: support@automationedit.ai
Web: automationedit.ai