Privacy Policy

How we collect, use, and protect your data
Last Updated: March 20, 2026

We never use your data to train AI models.

Customer Data is processed solely to deliver the Services you subscribed to.

We are a data processor for your data.

When we process data on behalf of enterprise customers, we act under your instructions.

LLM providers cannot train on your data.

We use API-only access under agreements that prohibit model training.

We do not sell personal information.

We have never sold and will never sell personal information to third parties.

SOC 2 Type II and ISO 27001 certified.

Enterprise-grade security is foundational to how we operate.

Data residency options.

Infrastructure is available in US and EU regions on AWS.

table of contents
Terms of Service

Heading

table of contents

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

1. Introduction and Scope

Troopr Labs, Inc. (“Company,” “we,” “us,” or “our”) is a Delaware (USA) corporation that builds and delivers enterprise AI products and services. This Privacy Policy explains how we collect, use, disclose, and protect information across all of our products, services, and websites.

Products and Services covered:

  • Troopr (troopr.ai) - AI assistant for engineering teams. Slack-first project management integrating with Jira and Confluence.
  • Enjo (enjo.ai) - AI customer and employee service platform. Deployed via Slack, Microsoft Teams, Google Chat, and web portals. Connects to Jira, Salesforce, ServiceNow, Confluence, SharePoint, and 100+ enterprise systems.
  • OrgLogic (orglogic.ai) - Enterprise AI agent platform. Multi-LLM support with AI Gateway, Agent Studio, and RAG Engine.
  • Troopr AI Build (trooprlabs.com/services) - Professional services for custom AI solutions, integrations, and agentic automation.

Websites covered: trooprlabs.com, troopr.ai, enjo.ai, and orglogic.ai.

This Privacy Policy is incorporated into and subject to our Terms of Service. By accessing or using any of our Services or websites, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person.

“Customer Data” means all data, content, and information submitted, uploaded, or transmitted by or on behalf of a customer or its authorized users to the Services, excluding AI Output and Usage Data.

“Service Data” means technical and operational data generated through the use of the Services, including log files, usage statistics, and performance metrics, which may be aggregated and anonymized.

“AI Output” means any content generated by the Services using AI or machine learning models in response to customer inputs or prompts.

“AI-Generated Data” means AI Output together with associated metadata such as model identifiers, confidence scores, and processing timestamps.

“Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.

“Controller” means the entity that determines the purposes and means of Processing Personal Data.

“Processor” means the entity that processes Personal Data on behalf of a Controller.

“Sub-processor” means a third party engaged by the Processor to process Personal Data on behalf of the Controller.

“DPA” means a Data Processing Addendum governing Processing of Personal Data.

3. Our Role: Controller vs. Processor

3.1 When We Act as Data Controller

We are the data controller for Personal Data we collect directly from visitors to our websites (trooprlabs.com, troopr.ai, enjo.ai, orglogic.ai), including contact form submissions, cookie and analytics data, and marketing communications. We determine the purposes and means of processing this data and are directly responsible for it under applicable data protection laws.

3.2 When We Act as Data Processor

For our SaaS products (Troopr, Enjo, OrgLogic), we act as a data processor on behalf of our customers. Our customers are the data controllers for the data their authorized users submit to or process through our Services. We process this data solely in accordance with our customer’s documented instructions and our Terms of Service.

This means that if you are an end-user of one of our products through your employer or another organization, that organization is the data controller for your data. Questions about how your data is processed should be directed to your organization in the first instance.

3.3 Professional Services (AI Build)

For Troopr AI Build professional services engagements, we act as a data processor with access governed by the applicable Statement of Work (SOW). We follow least-privilege access principles and do not retain customer data after engagement completion and handoff.

4. Data We Collect (as Controller)

When you visit our websites or contact us directly, we may collect the following:

4.1 Contact and Account Information

  • Name, email address, company name, company size, and use case description submitted through contact forms or demo request forms.
  • Information you provide when communicating with us via email or other channels.

4.2 Website Usage Data

  • Pages visited, session duration, referral source, and navigation patterns.
  • Device and browser information (type, version, operating system, screen resolution).
  • IP address (anonymized for analytics purposes).

4.3 Cookies and Similar Technologies

We use cookies and similar technologies as described in Section 8 of this Policy.

4.4 Marketing Communications

If you opt in to receive marketing communications, we collect your email address and communication preferences. You may unsubscribe at any time using the link provided in each communication.

5. Data We Process (as Processor)

When customers use our SaaS products, we process the following categories of Customer Data on their behalf and in accordance with their instructions:

5.1 Messaging and Collaboration Data

  • Messages sent to our bots and applications in Slack, Microsoft Teams, and Google Chat.
  • Support ticket content processed through Enjo.
  • File attachments shared in support and service contexts.

5.2 Enterprise System Data

  • Jira tickets, Confluence pages, ServiceNow records, and Salesforce data accessed via customer-authorized integrations.
  • SharePoint documents, knowledge base articles, and internal wiki content ingested for RAG-based knowledge retrieval.

5.3 User Identity Data

  • User profile information provisioned via SSO (SAML/OIDC) or SCIM, including name, email, role, and department.

5.4 AI Interaction Data

  • Prompts, queries, and agent conversations submitted to AI-powered features.
  • AI Outputs generated in response to those interactions.

5.5 Audit and Operational Data

  • Audit logs recording who accessed what functionality and when.
  • Anonymized, aggregated analytics and usage metrics.
  • Performance and quality metrics for AI systems.

5.6 Professional Services Data

For Troopr AI Build engagements, we may access customer systems (cloud infrastructure, databases, APIs) under customer authorization as specified in the applicable SOW. Custom deliverables are built in customer environments where possible. We do not retain customer data after engagement completion and handoff.

All Customer Data processing is governed by our customer’s own privacy policies and our applicable DPA. We process Customer Data solely to provide the Services and as instructed by the customer.

6. How We Use Data

6.1 Providing and Maintaining Services

We use data to deliver, operate, and maintain the products and services you or your organization have subscribed to, including generating AI responses by sending queries to LLM providers.

6.2 Service Improvement

We use anonymized, aggregated metadata (not content) to improve service quality, reliability, and performance. This includes feature usage statistics, error rates, and response latency metrics.

6.3 Support and Communications

We use contact information to respond to inquiries, provide technical support, and send service-related notices (such as maintenance notifications, security alerts, and billing communications).

6.4 Legal Compliance and Security

We use data as necessary to comply with legal obligations, enforce our Terms of Service, and detect, prevent, and respond to fraud, abuse, and security incidents.

6.5 What We Do NOT Do

We do not use Customer Data to train, fine-tune, or improve any AI or machine learning models.

We do not sell Personal Data to third parties. We do not use Customer Data for advertising or marketing purposes. We do not share Customer Data with third-party AI providers for their training purposes.

7. AI-Specific Data Practices

How data flows through our AI-powered features.

7.1 How User Queries Flow Through Our System

When an authorized user submits a prompt or query to an AI-powered feature, the following occurs:

  1. The query is received by our platform and processed according to the customer’s configuration (including any PII redaction settings).
  2. If RAG (Retrieval-Augmented Generation) is enabled, relevant document chunks are retrieved from the customer’s vector database and assembled as context.
  3. The query and context are sent to the configured LLM provider via API.
  4. The LLM provider returns a response, which our platform may post-process (e.g., applying guardrails, formatting) before delivering to the user.

7.2 Third-Party LLM Providers

We use API access (not consumer products) to LLM providers including OpenAI, Anthropic, and Microsoft Azure OpenAI. Under our agreements with these providers:

  • Providers do not retain prompts or responses beyond the time necessary to process the request and generate a response.
  • Providers do not use Customer Data for model training. Our API agreements explicitly prohibit this.
  • We maintain Data Processing Agreements with all LLM providers.

Customers using OrgLogic can select their preferred LLM provider.

7.3 RAG (Retrieval-Augmented Generation)

When customers enable RAG-based features, their documents are processed as follows:

  • Documents are split into chunks and converted into mathematical representations called vector embeddings.
  • Embeddings are stored in our vector databases hosted on AWS infrastructure.
  • When a user submits a query, relevant chunks are retrieved and sent alongside the query to the LLM as context.
  • Vector embeddings are one-way transformations. They cannot be reverse-engineered to reconstruct the original documents.

7.4 AI Output Logging

AI interactions (prompts and responses) may be logged for quality monitoring, debugging, and audit purposes. Customers can configure retention periods for AI interaction logs through their admin settings. Customers may also request that AI interaction logging be disabled.

7.5 PII Redaction

Certain Services offer automatic PII detection and masking capabilities. Where enabled, PII is identified and redacted before data is sent to LLM providers. PII redaction operates on a best-efforts basis using pattern matching and named entity recognition. Customers can configure PII redaction settings through their admin dashboard.

7.6 Customer Controls

We provide customers with the following controls over AI data processing:

  • Configurable data retention periods for AI interaction logs.
  • PII redaction toggles (enable/disable, sensitivity levels).
  • LLM provider selection (in OrgLogic).
  • Guardrails and content policy enforcement.
  • Topic, tone, and language restrictions for AI outputs.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function, improve efficiency, and provide information to website operators. Similar technologies include pixels, local storage, and session storage.

8.2 Cookies We Use

CategoryPurposeTools / CookiesDurationPartyStrictly NecessarySession management, security (CSRF tokens), load balancing, authentication stateSession IDs, CSRF tokens, authentication cookiesSessionFirstFunctionalRemembering user preferences such as language, region, and UI settingsLocale preferences, UI state cookiesUp to 1 yearFirstAnalytics / PerformanceMeasuring website usage: pages visited, session duration, referral source, device and browser type. IP anonymization is enabled.Google Analytics (GA4): _ga, _ga_*Up to 26 monthsThird (Google)

Marketing and Advertising Cookies: We do not use marketing or advertising cookies. We do not engage in retargeting or behavioral advertising.

8.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling strictly necessary cookies may affect website functionality. To opt out of Google Analytics specifically, you can install the Google Analytics Opt-out Browser Add-on.

8.4 Do Not Track

Our websites do not currently respond to Do Not Track (DNT) browser signals. However, our data collection practices are limited to those described in this Policy regardless of DNT settings.

8.5 Local Storage

We may use browser local storage to maintain application state and user preferences for our web-based products. This data is stored locally on your device and is not transmitted to our servers unless necessary for the operation of the Services.

9. Data Sharing and Sub-processors

We share data only as necessary to provide our Services and as described below. We do not sell Personal Data.

9.1 Categories of Recipients

CategoryExamplesPurposeLLM ProvidersOpenAI, Anthropic, Microsoft Azure OpenAIProcessing AI queries and generating responsesCloud InfrastructureAmazon Web Services (AWS)Hosting, storage, compute, and data processingMessaging PlatformsSlack, Microsoft Teams, Google WorkspaceDelivering application functionality within customer environmentsAnalyticsGoogle AnalyticsWebsite usage measurement (anonymized)Payment ProcessingStripeSubscription billing and payment processing

9.2 Sub-processor Management

We maintain an up-to-date list of sub-processors at trooprlabs.com/sub-processors. We will notify customers at least 30 days before engaging a new sub-processor that will process their Customer Data. Customers may object to a new sub-processor on reasonable grounds within that notice period, as described in the applicable DPA.

9.3 Legal Disclosures

We may disclose data if required by law, regulation, subpoena, or court order, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Troopr Labs, our customers, or the public. Where legally permitted, we will notify the affected customer before making such disclosures.

10. International Data Transfers

Troopr Labs is incorporated in the United States. Customer Data may be processed in the United States and, where available, in EU regions.

  • Standard Contractual Clauses (SCCs): For transfers of Personal Data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses as a lawful transfer mechanism.
  • Adequacy Decisions: Where an adequacy decision applies (including, where applicable, the EU-US Data Privacy Framework), we rely on that decision.
  • Data Residency: Our primary infrastructure is hosted on AWS with availability in US and EU regions. Customers may request data residency information by contacting us at [privacy@trooprlabs.com].

11. Data Retention

We retain data only as long as necessary for the purposes described in this Policy:

Data TypeRetention PeriodCustomer Data (SaaS)Duration of active subscription. Upon termination, available for export for 30 days, then deleted within 90 days.AI Interaction LogsConfigurable by customer through admin settings.Website Analytics DataUp to 26 months.Contact Form SubmissionsUntil request is fulfilled plus a reasonable business period (typically 12 months), unless earlier deletion is requested.CookiesSession cookies deleted when browser closes; persistent cookies up to 26 months.Professional Services (AI Build)All customer data and system access removed within 14 days of project completion and handoff.Audit LogsMinimum 1 year for compliance and security purposes.

12. Data Security

We maintain comprehensive administrative, technical, and physical safeguards designed to protect data in our custody:

  • Certifications: SOC 2 Type II and ISO 27001 certified.
  • Encryption: AES-256 encryption at rest and TLS 1.2+ encryption in transit.
  • Access Controls: Role-based access controls (RBAC), SSO/SAML, and SCIM provisioning.
  • Monitoring: Full audit logging, intrusion detection, and anomaly monitoring.
  • Testing: Regular penetration testing, vulnerability scanning, and security assessments.

Detailed information about our security practices is available at enjo.ai/security. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

13. Your Rights (Data Subject Rights)

13.1 Website Visitors (We Are Controller)

If we process your Personal Data as a controller (e.g., website visitors, contact form submissions), you may have the following rights under applicable law:

  • Access: Request a copy of the Personal Data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your Personal Data, subject to legal retention obligations.
  • Restriction: Request restriction of processing under certain circumstances.
  • Portability: Receive your Personal Data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent (including cookie consent).

To exercise any of these rights, contact us at [privacy@trooprlabs.com]. We will respond within 30 days.

13.2 End-Users of Our Products (We Are Processor)

If you are an end-user of our products through your employer or another organization, that organization is the data controller. Please direct data subject requests to your organization. We will assist our customers in fulfilling such requests in accordance with our contractual obligations and applicable law.

13.3 Right to Complain

You have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your Personal Data violates applicable law.

14. US State Privacy Rights

14.1 California (CCPA/CPRA)

  • Right to Know: You may request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of Personal Information we have collected, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate Personal Information.
  • Right to Opt Out of Sale: We do not sell Personal Information. We have never sold Personal Information and have no plans to do so.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

14.2 Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of Personal Information (as defined by the CCPA): identifiers (name, email, IP address), internet or electronic network activity (website usage data, browser type), and professional or employment-related information (company name, job title) from contact forms.

14.3 Other US State Laws

We comply with applicable US state privacy laws, including the Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar legislation. Residents of these states may exercise their rights by contacting us at [privacy@trooprlabs.com].

15. Children’s Privacy

Our Services are designed for business use and are not directed at individuals under 16 years of age. We do not knowingly collect Personal Data from children under 16. If we become aware that we have collected Personal Data from a child under 16 without appropriate consent, we will take steps to delete that information promptly. If you believe we may have inadvertently collected data from a child, please contact us at [privacy@trooprlabs.com].

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will provide at least 30 days’ advance notice by email to account administrators and by posting a notice on our websites. Continued use of our Services after the effective date of a revised Privacy Policy constitutes acceptance of the revised terms. We encourage you to review this Privacy Policy periodically.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: [privacy@trooprlabs.com]
Security Concerns: [security@trooprlabs.com]
Legal Inquiries: [legal@trooprlabs.com]

Troopr Labs, Inc. — A Delaware (USA) corporation.

18. Data Processing Agreement

The processing of Personal Data in connection with our Platform Services is governed by our Data Processing Addendum (DPA), which forms part of our Terms of Service. The DPA includes:

  • Detailed descriptions of the types of Personal Data processed and categories of data subjects.
  • Obligations regarding data security, confidentiality, and sub-processor management.
  • Standard Contractual Clauses (SCCs) for international data transfers.
  • An up-to-date list of sub-processors.
  • Technical and organizational security measures.
  • Data subject request assistance procedures.

Transform complex support workflows

Deploy AI inside your existing support stack and prove business impact quickly.
Request a Demo
© 2026 Troopr Labs Inc. All Rights Reserved
Products & Services
TrooprEnjoOrgLogicAI Build
Company
Terms of ServicePrivacy PolicyDPASub-processors
© 2026 Troopr Labs Inc. All Rights Reserved