Legal

Privacy Policy

Privacy notice for developer accounts, hosted end-user auth, project settings, gateway records, billing metadata, support, and operational logs.

Production legal documents

Last updated June 8, 2026. Version 2026-06-production-v1.

Who this covers

This Privacy Policy covers personal information Switchboard handles for developer accounts, workspaces, project configuration, hosted end-user authentication, gateway operations, billing, support, security, and site usage. Developers are responsible for separate privacy notices for their own end users and products.

Information we collect

We collect account email addresses, authentication records, OAuth identity metadata, workspace and project settings, allowed origins, hosted backend settings, API key metadata, end-user identity and session records, billing status, usage events, gateway request metadata, replayable response bodies where needed for idempotency, Stripe identifiers, webhook records, logs, support communications, and device/request metadata such as IP address and user agent.

How we use information

We use information to provide and secure the Service, authenticate users, route AI requests, meter usage, calculate fees, process billing, support customers, detect abuse, troubleshoot incidents, satisfy legal obligations, communicate service updates, and improve reliability and product quality.

Service providers

We use subprocessors and service providers for hosting, database services, payment processing, AI provider routing, email delivery, monitoring, support, security, and operations. Stripe processes payment and connected-account data. OpenAI and other configured AI providers process prompts and outputs submitted through the gateway according to the applicable provider terms.

Legal bases and consent

For Canadian commercial activities, we collect, use, and disclose personal information for identified business purposes with consent where required by PIPEDA or other applicable law. Consent may be express or implied depending on the context, the sensitivity of the information, and the reasonable expectations of the individual.

Safeguards

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including hashed credentials, scoped sessions, access controls, TLS, webhook signature verification, secret management, logging, backup practices, and operational review of billing and security events.

Retention and deletion

We retain information only as long as reasonably needed for the Service, account administration, billing, tax, audit, security, fraud prevention, dispute handling, backup, legal compliance, and legitimate business purposes. Some billing, webhook, usage, and security records may be retained after account or project deletion where required for accounting, compliance, or dispute resolution.

Privacy rights

Individuals may request access to or correction of their personal information, subject to legal limits. Developers should handle requests from their own end users when they control the relationship; Switchboard will support developer requests where the information is processed by Switchboard on the developer's behalf.

Breaches

If a breach of security safeguards involving personal information creates a real risk of significant harm, Switchboard will assess reporting and notification obligations under PIPEDA and applicable provincial laws, keep required records, and notify affected parties as required.

Commercial electronic messages

Switchboard sends transactional service messages and may send commercial electronic messages where permitted by CASL, including with consent or another lawful basis. Marketing messages should include required identification information and an unsubscribe mechanism where CASL applies.