Privacy Policy

Graybridge Labs ("Company", "we", "us") is a Delaware C-Corporation that operates Cockpit, a software-as-a-service platform for tracking, attributing, and reviewing the work of AI agents, at getcockpit.co. For GDPR purposes, we are the data controller.

Account information: Email address, name, and authentication credentials handled by Supabase Auth when you sign up.

Usage data: Pages visited, features used, timestamps, and browser/device type. We do not use third-party analytics trackers.

Your content: Agent records, activity events, review records, manual burn records, tasks, projects, settings, messages, and other data you store in Cockpit.

Integration data: If you connect tools such as Linear, GitHub, or Notion, we collect the workspace metadata, OAuth tokens, and activity data needed to operate those integrations. Tokens are encrypted at rest.

Payment data: If you enter a paid plan, payment data is processed by Stripe. We never store card numbers, CVVs, or full payment details on our servers.

Cookies: We use essential cookies for authentication and session management. No advertising or tracking cookies.

• To provide, maintain, and improve the Service
• To operate user-directed integrations you connect
• To process payments and manage subscriptions if you enter a paid plan
• To send transactional emails (account confirmation, password reset, billing)
• To respond to support requests
• To detect and prevent fraud or abuse

We do not sell your personal data. We do not use your content to train AI models. We do not share your data with advertisers.

• Contract: Processing necessary to provide the Service you signed up for
• Legitimate interest: Security, fraud prevention, and service improvement
• Consent: Marketing communications (opt-in only, withdraw any time)
• Legal obligation: Tax records, compliance with lawful requests

We share data only with:

• Supabase (database and authentication hosting)
• Vercel (application hosting)
• Stripe (payment processing)
• Connected services such as Linear, GitHub, and Notion, only when you choose to connect them and only as needed to perform requested integration actions

Our infrastructure and payment providers are bound by data processing agreements. Connected services are governed by your relationship with those services. We do not share data with other third parties unless requested by you through an integration or required by law.

Our servers and sub-processors are located in the United States. If you are in the EU/EEA/UK, your data is transferred to the US under Standard Contractual Clauses (SCCs) maintained by our sub-processors. You consent to this transfer by using the Service.

We retain your data for as long as your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, retained for up to 7 years).

Under GDPR, CCPA, and applicable law, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data ("right to be forgotten")
• Export your data in a portable format
• Object to processing based on legitimate interest
• Restrict processing in certain circumstances
• Withdraw consent for marketing at any time

To exercise any of these rights, email privacy@getcockpit.co. We will respond within 30 days.

You can export Cockpit-held workspace data at any time from your account settings. On account closure, we provide an export path before deletion. This is a core commitment — your data is yours.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, secure authentication via Supabase Auth, and regular security reviews. No system is 100% secure — if you discover a vulnerability, please report it to security@getcockpit.co.

Cockpit is not intended for use by anyone under 18. We do not knowingly collect data from minors.

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete, and the right to opt out of the "sale" of personal information. We do not sell personal information. To exercise your CCPA rights, contact privacy@getcockpit.co.

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect.

For privacy inquiries: privacy@getcockpit.co

Graybridge Labs
Delaware, United States