Privacy Policy

This Privacy Notice for Pratik Kumar Jain (doing business as Recon) ("we," "us," "our") describes how and why we may access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Visit our website at https://askrecon.com or any website of ours that links to this Privacy Notice.
• Use Recon, our AI-powered platform that lets non-technical team members investigate databases, codebases, tickets, and documentation using natural language, set up recurring missions to monitor accounts, and receive actionable advisories.
• Engage with us in other related ways, including support, marketing, or events.

Questions or concerns? Reading this notice will help you understand your rights and choices. If you do not agree with our policies and practices, please do not use the Services. Contact us at support@askrecon.com.

Summary of Key Points

• Personal information we process: name, email, authentication info, subscription data (via Stripe), API keys you provide, investigation queries, and usage analytics.
• Sensitive information: we do not intentionally process sensitive categories (e.g., racial/ethnic origin, religion).
• How we use data: to operate Recon, provide AI investigation and monitoring features, manage subscriptions, improve performance, and comply with law.
• Sharing: only with service providers (Clerk, Anthropic, OpenAI, Supabase, Stripe, E2B, Vercel, PostHog) under contracts that protect your data.
• Security: we use reasonable technical and organizational safeguards including sandboxed execution environments and read-only data access, but no system is 100% secure.
• Your rights: vary by location (e.g., U.S. state rights); see U.S. residents' rights below.

1. What information do we collect?

Personal information you provide

• Account data: name, email; authenticated via Google OAuth or email/password.
• API keys: you may provide your own API keys (e.g., OpenAI, Anthropic) to power AI investigations. These keys are encrypted at rest and used only to execute your queries.
• Investigation queries & results: the natural language questions you submit and the investigation results generated by Recon's AI agents.
• Organization data: organization name, team member invitations, and role assignments.
• Subscription data: handled by Stripe. We do not collect or store your payment card details; Stripe manages all billing.
• Sensitive information: we do not intentionally process sensitive categories.

Information collected automatically

• Log & usage data: service diagnostics, crash reports, performance data, query counts.
• Device data: device type, OS version, browser info. We do not collect precise geolocation; approximate location may be inferred from IP.
• Analytics data: in-app event data (feature usage, retention) collected via PostHog and Vercel Analytics.
• Cookies/local storage: used for authentication and session management.

Data from third parties

If you sign in with Google, we receive your name, email, and avatar. We do not access your contacts or post on your behalf.

2. How do we process your information?

• Authenticate users and manage accounts and organizations.
• Provide AI investigation and monitoring features (natural language queries, recurring missions, knowledge base, and advisories across connected databases, codebases, project management tools, and documentation).
• Execute investigations in isolated, sandboxed environments (via E2B).
• Manage subscriptions and usage tracking via Stripe.
• Send service/transactional communications (policy updates, receipts).
• Provide support and respond to inquiries.
• Secure the Services (fraud prevention, abuse detection, debugging).
• Analyze usage to improve features and performance.
• Comply with legal obligations and enforce terms.

3. When and with whom do we share personal information?

• Authentication: Clerk (user accounts, sign-in, sign-up, session management, and organization management). Clerk processes your name, email address, and authentication credentials on our behalf. See Clerk's Privacy Policy.
• AI service providers: Anthropic, OpenAI (for powering AI investigations). When you use your own API key, queries are sent directly to these providers under your key.
• Sandboxed execution: E2B (isolated code execution environments for investigations).
• Infrastructure & database: Supabase (database storage and real-time features).
• Payments: Stripe (billing & subscriptions).
• Analytics & performance: PostHog, Vercel Analytics.
• Hosting: Vercel.
• Business transfers: in connection with a merger, acquisition, or sale of assets.

4. Do we use cookies and tracking?

Yes. We use cookies/local storage to keep you signed in, secure the Services, remember preferences, and measure usage. We do not run third-party advertising or sell data for targeted ads.

5. How do AI features process your data?

Recon uses AI (via Anthropic, OpenAI, and/or Google, depending on your configuration) to interpret natural language questions, execute investigations, and run recurring missions across your connected systems (databases, GitHub repositories, Linear tickets, Notion documents, Jira issues, Intercom conversations, HubSpot contacts, Sentry errors, Zendesk tickets, Stripe payments).

• Sandboxed execution: Every investigation runs in an isolated E2B sandbox. The sandbox is destroyed after the investigation completes.
• Your data is never modified: Recon queries and retrieves data from your connected systems but never modifies or deletes existing records. Recon can create new tickets or documents (Linear, Jira, Notion) when you explicitly request it, but never edits or removes anything already there.
• No data sold: Your queries and results are not sold or shared for advertising purposes.
• Knowledge base: Recon maintains a per-workspace knowledge base of structured insights learned from investigations and missions. This data is stored in your workspace and used to improve future investigation quality. It does not contain raw database records.
• API key model: When using the bring-your-own-key model, your API key is used directly with the AI provider. Recon does not intercept, log, or store the raw API responses beyond what is needed to display results to you.

6. How do we handle your social logins?

Authentication (including Google sign-in) is handled by Clerk. If you choose Google sign-in, Clerk receives your name, email, and avatar on our behalf. We do not post on your behalf or import contacts. See Clerk's Privacy Policy and your Google account settings for details.

7. How long do we keep your information?

We keep data only as long as necessary to provide the Services and comply with law. Investigation results are stored for your reference but can be deleted on request. When no longer needed, we delete or anonymize data. Backup data may persist temporarily before deletion.

8. How do we keep your information safe?

We use reasonable technical and organizational safeguards. No method of storage or transmission is 100% secure. Keep your credentials and API keys safe and use secure devices.

9. Data access & security (sandboxed execution)

• Isolated environments: Every Recon investigation runs inside its own sandboxed container (powered by E2B). Sandboxes are ephemeral and destroyed after use.
• Never modifies your data: Recon connects to your database and repositories in read-only mode. It can create new issues or pages in Linear, Jira, and Notion when you ask, but never modifies or deletes existing data anywhere.
• API key encryption: Any API keys you provide are encrypted at rest and never exposed in logs or to other users.
• Team-level access controls: Organization admins control which team members can access Recon and which systems are connected.
• Audit logging: All investigations are logged for transparency and accountability.
• Knowledge retention: Recon maintains a knowledge base of structured insights per workspace. This contains patterns and account profiles, not raw data. Knowledge is workspace-scoped and deleted when the workspace is removed.
• Recurring missions: Mission schedules and run history are stored per workspace. Mission findings are retained for reference and can be deleted by workspace admins.

10. Do we collect information from minors?

No. We do not knowingly collect or market to children under 18. If you believe a child provided information, contact support@askrecon.com.

11. What are your privacy rights?

You may have rights to access, correct, delete, or export your data, and withdraw consent where applicable. Contact support@askrecon.com to exercise rights.

12. Do-Not-Track

We do not respond to DNT signals because no standard exists. If a standard emerges, we will adopt it.

13. U.S. residents' rights

Certain U.S. state laws grant residents rights (e.g., CA, CO, VA). These may include the right to know/access, correct, delete, or opt out of certain processing. We do not sell/share personal data or use it for automated decisions with legal effect.

Categories of data typically processed: identifiers (A), limited customer records (B), purchase metadata via Stripe (D), internet activity (F), approximate location (G), investigation queries and results (H), inferences to improve features (K). We do not collect protected characteristics (C), biometrics (E), professional history (I), or education records (J).

How to exercise rights: email support@askrecon.com. We will verify and respond per applicable law.

Appeals: If we decline a request, you may appeal by emailing support@askrecon.com.

14. Updates to this notice

We may update this Privacy Policy periodically. The "Last updated" date reflects the latest version. If we make material changes, we may provide additional notice.

15. Contact us

• Email: support@askrecon.com
• Postal: Mailing address available upon request.

16. How to review, update, or delete data

You can request access, corrections, or deletion by emailing support@askrecon.com. You may also manage basic account data in your Recon dashboard settings.