Privacy Policy
Effective date: July 8, 2026
1. Introduction
Garden General Intelligence, Inc. ("Garden", "we", "us") operates the Garden agent for Slack and Discord, the websites at gardenagi.com, the Garden Wiki, and the associated APIs (together, the "Service"). This policy explains what data we collect when you use the Service, what we do with it, whom we share it with, and the choices you have. It applies together with our Terms of Service.
2. What we collect
Account and team information. When you sign in through Slack or Discord, we receive identifiers from that platform: your user ID, display name, and email address, plus the workspace or server ID and name for teams where Garden is installed. We keep a mapping between platform identities and Garden accounts so that grants, memory, and billing attach to the right people and teams.
Channel content. Garden reads messages, threads, and files in the channels your administrators have added it to, and only those channels. We store this content, along with the agent's own responses, task outputs, and the working memory it builds from them, so the agent can maintain context for your team.
Integration credentials. When your team connects a third-party tool, we store the tokens or keys needed to keep that connection working. Secrets are encrypted per organization, and by design they are injected into outbound requests at our network edge rather than handed to the agent itself.
Billing information. Payments run through Stripe. We store your plan, credit balance and ledger, and transaction metadata; your card details go directly to Stripe and never touch our servers.
Usage and log data. We collect operational records such as request timestamps, error logs, metering events for credit accounting, and diagnostic metadata about how the Service is performing. On our websites we collect standard web data: IP address, browser type, pages visited, and cookies used for sessions and security.
Support communications. If you email us or reach us through the community Discord, we keep the correspondence.
3. How we use data
- To operate the Service: authenticate you, run the agent in your channels, maintain team memory, execute the tasks you ask for, and enforce channel-level access to integrations.
- To process AI requests: the content needed to fulfill a request is sent to the model provider your team has selected, solely to generate the response.
- To bill you: meter usage, maintain the credit ledger, and process subscription charges.
- To keep the Service secure: detect abuse and fraud, enforce rate limits, investigate incidents, and maintain audit logs.
- To improve the Service: analyze usage in aggregated or de-identified form that does not identify you or your team.
- To communicate with you: service notices, billing messages, and security alerts, and, if you opt in, product updates you can unsubscribe from at any time.
- To comply with law and enforce our terms.
We do not use your content to train foundation models, ours or anyone else's, and we do not use your channel content for advertising.
4. AI model providers
Garden lets your team choose which model it runs on. When the agent handles a request, the relevant context is sent to that provider through our gateway to generate the response. We use these providers under API terms that prohibit training on your data; providers may retain requests briefly for abuse monitoring under their own policies. Requests are made per team and are not visible to other customers.
5. When we share data
We do not sell your personal data. We share data only in the following cases:
- Service providers that host and operate our infrastructure, including cloud hosting, Stripe for payments, and the AI model providers described above. Each processes data only to provide its service to us.
- The platform your team runs on: operating inside Slack or Discord necessarily means our messages to you pass through that platform, under its own terms and privacy policy.
- Third-party integrations your team connects: when the agent acts on a connected tool at your instruction, the data involved in that action goes to that tool.
- Legal requirements: when disclosure is required by law or valid legal process, or necessary to protect the rights and safety of users, the public, or Garden.
- Business transfers: if Garden is involved in a merger, acquisition, or sale of assets, data may transfer subject to confidentiality protections, and we will notify you of any change in ownership or use of your personal data.
6. Security
Data is encrypted in transit and at rest. Integration secrets are additionally encrypted per organization and released only at the network edge for the specific host they belong to; the agent's code execution happens in an isolated sandbox that holds no tokens or keys. Internal access to production data is restricted to what employees need for their work. No system is perfectly secure, and we cannot guarantee absolute security, but if a breach affects your data we will notify you as required by applicable law.
7. Retention and deletion
We keep personal data for as long as needed to provide the Service, meet our legal obligations, and resolve disputes. When a team removes Garden from its workspace or server, we stop collecting new content from it immediately; removal does not by itself delete stored data. When an account is closed or we receive a verified deletion request, we delete the associated data from production systems within 30 days, and encrypted backups age out on their normal rotation shortly after. For team-level data we may require the request to come from a team administrator.
8. Your rights
Depending on where you live, you may have the right to access the personal data we hold about you, correct it, delete it, receive a copy in a portable format, object to or restrict certain processing, and withdraw consent where processing is based on consent. Residents of the EEA and UK have these rights under the GDPR and UK GDPR and may lodge a complaint with their supervisory authority. Residents of California and other US states with privacy laws may additionally request the categories of data we collect and disclose; we do not sell personal data, so there is nothing to opt out of on that front, and we will never discriminate against you for exercising your rights.
To exercise any of these rights, email support@gardenagi.com. We may ask you to verify your identity, and we will respond within the time required by the applicable law.
9. International transfers
We are a US company and process data in the United States. If you use the Service from elsewhere, your data is transferred to and processed in the US, where data protection law may differ from your jurisdiction's. We protect transferred data as described in this policy regardless of where it is processed.
10. Cookies and analytics
Our websites use cookies for sign-in sessions, security, and remembering preferences. We may use privacy-respecting analytics to understand how the sites are used; analytics data is not joined to your channel content. You can control cookies through your browser settings, though disabling session cookies will prevent sign-in.
11. The wiki
The Garden Wiki is publicly readable without an account, and reading it sends us only the standard web data described above. Wiki page histories credit contributors by the handle they chose to publish under.
12. Children
The Service is not directed to children, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, contact support@gardenagi.com and we will delete it.
13. Changes to this policy
We may update this policy from time to time. We will post the revised version here and update the effective date, and for material changes we will notify team administrators through the Service or by email before they take effect.
14. Contact
Questions or requests about this policy go to support@gardenagi.com.