Privacy Policy

This Privacy Notice for Pratik Kumar Jain (doing business as Recon) ("we," "us," "our") describes how and why we may access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Visit our website at https://askrecon.com or any website of ours that links to this Privacy Notice.
• Use Recon — our AI investigation platform that lets non-technical team members query databases, codebases, tickets, and documentation using natural language.
• Engage with us in other related ways, including support, marketing, or events.

Questions or concerns? Reading this notice will help you understand your rights and choices. If you do not agree with our policies and practices, please do not use the Services. Contact us at support@askrecon.com.

Summary of Key Points

• Personal information we process: name, email, authentication info, subscription data (via Stripe), API keys you provide, investigation queries, and usage analytics.
• Sensitive information: we do not intentionally process sensitive categories (e.g., racial/ethnic origin, religion).
• How we use data: to operate Recon, provide AI investigation features, manage subscriptions, improve performance, and comply with law.
• Sharing: only with service providers (Clerk, Anthropic, OpenAI, Supabase, Stripe, E2B, Vercel, PostHog) under contracts that protect your data.
• Security: we use reasonable technical and organizational safeguards including sandboxed execution environments and read-only data access, but no system is 100% secure.
• Your rights: vary by location (e.g., U.S. state rights); see U.S. residents' rights below.

1. What information do we collect?

Personal information you provide

• Account data: name, email; authenticated via Google OAuth or email/password.
• API keys: you may provide your own API keys (e.g., OpenAI, Anthropic) to power AI investigations. These keys are encrypted at rest and used only to execute your queries.
• Investigation queries & results: the natural language questions you submit and the investigation results generated by Recon's AI agents.
• Organization data: organization name, team member invitations, and role assignments.
• Subscription data: handled by Stripe. We do not collect or store your payment card details; Stripe manages all billing.
• Sensitive information: we do not intentionally process sensitive categories.

Information collected automatically

• Log & usage data: service diagnostics, crash reports, performance data, query counts.
• Device data: device type, OS version, browser info. We do not collect precise geolocation; approximate location may be inferred from IP.
• Analytics data: in-app event data (feature usage, retention) collected via PostHog and Vercel Analytics.
• Cookies/local storage: used for authentication and session management.

Data from third parties

If you sign in with Google, we receive your name, email, and avatar. We do not access your contacts or post on your behalf.

2. How do we process your information?

• Authenticate users and manage accounts and organizations.
• Provide AI investigation features (natural language queries across connected databases, codebases, project management tools, and documentation).
• Execute investigations in isolated, sandboxed environments (via E2B).
• Manage subscriptions and usage tracking via Stripe.
• Send service/transactional communications (policy updates, receipts).
• Provide support and respond to inquiries.
• Secure the Services (fraud prevention, abuse detection, debugging).
• Analyze usage to improve features and performance.
• Comply with legal obligations and enforce terms.

3. When and with whom do we share personal information?

• Authentication: Clerk (user accounts, sign-in, sign-up, session management, and organization management). Clerk processes your name, email address, and authentication credentials on our behalf. See Clerk's Privacy Policy.
• AI service providers: Anthropic, OpenAI (for powering AI investigations). When you use your own API key, queries are sent directly to these providers under your key.
• Sandboxed execution: E2B (isolated code execution environments for investigations).
• Infrastructure & database: Supabase (database storage and real-time features).
• Payments: Stripe (billing & subscriptions).
• Analytics & performance: PostHog, Vercel Analytics.
• Hosting: Vercel.
• Business transfers: in connection with a merger, acquisition, or sale of assets.

4. Do we use cookies and tracking?

Yes. We use cookies/local storage to keep you signed in, secure the Services, remember preferences, and measure usage. We do not run third-party advertising or sell data for targeted ads.

5. How do AI features process your data?

Recon uses AI (via Anthropic and/or OpenAI, depending on your API key configuration) to interpret natural language questions and execute investigations across your connected systems (databases, GitHub repositories, Linear tickets, Notion documents).

• Sandboxed execution: Every investigation runs in an isolated E2B sandbox. The sandbox is destroyed after the investigation completes.
• Read-only by design: Recon's tools are designed for read-only access. Investigations query and retrieve data but do not modify, write, or delete data in your connected systems.
• No data sold: Your queries and results are not sold or shared for advertising purposes.
• API key model: When using the bring-your-own-key model, your API key is used directly with the AI provider. Recon does not intercept, log, or store the raw API responses beyond what is needed to display results to you.

6. How do we handle your social logins?

Authentication (including Google sign-in) is handled by Clerk. If you choose Google sign-in, Clerk receives your name, email, and avatar on our behalf. We do not post on your behalf or import contacts. See Clerk's Privacy Policy and your Google account settings for details.

7. How long do we keep your information?

We keep data only as long as necessary to provide the Services and comply with law. Investigation results are stored for your reference but can be deleted on request. When no longer needed, we delete or anonymize data. Backup data may persist temporarily before deletion.

8. How do we keep your information safe?

We use reasonable technical and organizational safeguards. No method of storage or transmission is 100% secure. Keep your credentials and API keys safe and use secure devices.

9. Data access & security (sandboxed execution)

• Isolated environments: Every Recon investigation runs inside its own sandboxed container (powered by E2B). Sandboxes are ephemeral and destroyed after use.
• Read-only access: Recon connects to your systems in read-only mode. It cannot write, modify, or delete data in your databases, repositories, or third-party tools.
• API key encryption: Any API keys you provide are encrypted at rest and never exposed in logs or to other users.
• Team-level access controls: Organization admins control which team members can access Recon and which systems are connected.
• Audit logging: All investigations are logged for transparency and accountability.

10. Do we collect information from minors?

No. We do not knowingly collect or market to children under 18. If you believe a child provided information, contact support@askrecon.com.

11. What are your privacy rights?

You may have rights to access, correct, delete, or export your data, and withdraw consent where applicable. Contact support@askrecon.com to exercise rights.

12. Do-Not-Track

We do not respond to DNT signals because no standard exists. If a standard emerges, we will adopt it.

13. U.S. residents' rights

Certain U.S. state laws grant residents rights (e.g., CA, CO, VA). These may include the right to know/access, correct, delete, or opt out of certain processing. We do not sell/share personal data or use it for automated decisions with legal effect.

Categories of data typically processed: identifiers (A), limited customer records (B), purchase metadata via Stripe (D), internet activity (F), approximate location (G), investigation queries and results (H), inferences to improve features (K). We do not collect protected characteristics (C), biometrics (E), professional history (I), or education records (J).

How to exercise rights: email support@askrecon.com. We will verify and respond per applicable law.

Appeals: If we decline a request, you may appeal by emailing support@askrecon.com.

14. Updates to this notice

We may update this Privacy Policy periodically. The "Last updated" date reflects the latest version. If we make material changes, we may provide additional notice.

15. Contact us

• Email: support@askrecon.com
• Postal: Mailing address available upon request.

16. How to review, update, or delete data

You can request access, corrections, or deletion by emailing support@askrecon.com. You may also manage basic account data in your Recon dashboard settings.