Privacy policy
Last updated: 2026-04-21
Overview
Assemblr connects to your productivity tools, ingests events from them, and discovers behavioral patterns that become workflow agents. This page explains what data we hold, how it is used, how long it is kept, and how you can delete it.
Data we hold
When you connect an integration (GitHub, Slack, Gmail, Notion, Linear, etc.), Assemblr receives events from that integration via Composio and stores them in our event store (Supabase / Postgres). Each event includes:
- Event type (e.g. “commit.pushed”, “message.sent”)
- Timestamp
- Actor (user identifier within that integration)
- Integration-native payload: relevant fields from the event
For messaging integrations this can include message subject, body text, and participant identifiers. For document integrations it can include document titles, summaries, and edit history.
How we use it
Events feed the mining pipeline which discovers behavioral patterns (recurring sequences, rituals, collaboration rhythms). Patterns are compiled into skill graphs that users can activate as workflow agents.
We do not sell data. We do not show your data to other users. Internal employees access production data only for support requests you initiate or to investigate incidents you report.
Deep history ingestion
By default, Assemblr syncs roughly the last 2 years of activity from each connected integration. The behavioral lattice settings page (/dashboard/settings/lattice) lets you extend history to 5, 10, or all years that the integration exposes.
Extending history is an explicit, consented action. When you click “Go deeper” we:
- Record your consent (user, integration, depth, timestamp)
- Enqueue a backfill worker that walks the integration backward in time
- Respect the integration’s rate limits
- Stop when we reach your chosen depth
Deep history data is stored identically to recent data — no separate copy, no separate retention. It is subject to the same retention policy below and the same deletion guarantees.
Retention
We retain events until one of the following occurs:
- You disconnect the integration — events from that integration are preserved unless you also request deletion.
- You request deletion via DSR — all events for the requested scope are purged within 30 days.
- Your organization is deleted — all events are purged immediately.
Consent records (backfill_consent_log entries) are retained indefinitely as a legal record of consent. They are non-PII: org id, user id, integration id, depth requested, timestamp.
Your rights (DSR)
You can request any of the following at any time:
- A copy of all data Assemblr holds about you
- Deletion of all events from a specific integration
- Deletion of all events within a specific time range (e.g. “delete everything before 2023”)
- Complete account + organization deletion
The deletion endpoints cover both recent and deep-history data uniformly — there is no hidden cache. Contact us as described below to initiate a request.
Third-party data
Events about other people — for example, a Slack message they sent to you — are treated as data about you and those other people. The integration’s own terms govern what the integration exposes to us; we process what we receive under the same retention and deletion policies described above.
If someone else requests their data be removed from our systems, we will comply with their request even if that data was received via your connected integration.
Contact
For privacy questions, DSR requests, or data removal: aditya@assemblr.net