Privacy Policy

Last updated: April 16, 2026

Pith ("we," "our," "the Service") is operated by Pith. This policy describes what data we collect, how we use it, and your rights regarding that data.

1. Data we collect

When you install and use Pith, we collect and store the following:

• Slack identifiers: workspace ID, user ID, and bot tokens required to send and receive messages.
• X/Twitter OAuth tokens: encrypted at rest using Fernet symmetric encryption (AES-128-CBC). Used to read your tweet history and post on your behalf.
• Tweet history: your recent public tweets, read once during onboarding to build your voice profile. Raw tweet text is not stored after profiling completes.
• Voice profile: a structured analysis of your writing patterns, tone, vocabulary, and style. Contains no raw tweet text.
• Conversation messages: messages you send to Pith and drafts Pith returns during a session.
• Draft records: tweets generated by Pith on your behalf, including text, character count, model used, and voice profile version.
• Feedback events: your explicit feedback (via /pith feedback), responses to feedback probes, and signals when you abandon a draft mid-flow.
• Quality scores: automated classifier outputs that score draft outcomes for friction signals (frustration, repeated revisions). Contains no raw message content.
• Scheduled posts: tweet drafts you have scheduled for future posting, including scheduled time and content.
• Posted tweet records: the tweet ID and text of tweets posted through Pith.
• Rate-limiting events: timestamps of your interactions, used to enforce usage limits.

2. How we use your data

• Building and maintaining your voice profile so drafts match your writing style.
• Generating tweet drafts in response to your messages.
• Posting approved tweets to your X account.
• Improving draft quality by analyzing feedback events and classifier signals.
• Enforcing rate limits and preventing abuse.
• Processing subscription billing through Stripe.

We do not sell, rent, or share your data with advertisers or data brokers.

3. Automated processing

Pith uses automated systems to process your messages. There is no real-time human review of your raw message content during normal use.

• Draft generation: every message you send to Pith is processed by the Anthropic Claude API to generate, refine, or critique tweet drafts.
• Quality classifier: a separate lightweight model scores draft outcomes for friction signals (frustration, abandonment, repeated revisions) so we can detect when our drafting isn't working for you. Classifier scores contain no raw message content.
• Explicit-feedback review: when you submit feedback through /pith feedback or respond to a feedback probe, the content of your response MAY be reviewed by the Pith team to improve drafting quality. By submitting feedback or responding to a probe, you consent to that review.
• Abandonment telemetry: when you abandon a draft mid-flow (closing the conversation, ignoring a prompt for an extended period), Pith records the event as a passive quality signal. We process these signals to detect drafting failures and improve the product. The signal itself (which draft, when) is operational telemetry, not explicit feedback. The content of the abandoned draft is governed by the same 30-day retention as other draft records.

4. Third-party services

Your messages and voice profile are sent to the Anthropic Claude API to generate tweet drafts. Per Anthropic's API terms, inputs sent via their API are not used for model training and are not retained beyond the request lifecycle.

We also use the following third-party services:

• Stripe for subscription billing. We never see or store your card number, CVV, or billing address. Stripe handles all payment data directly. See Stripe's privacy policy.
• X/Twitter API for reading tweets and posting content you approve.
• Slack API for sending and receiving messages in your workspace.
• Railway for application hosting and managed Postgres.
• Sentry for error monitoring. Personally identifying content is scrubbed before transmission (see Security below).

We also operate a self-hosted observability stack (Langfuse) on our own infrastructure to capture AI trace metadata (timing, model used, token counts, cost, error class). Raw prompt and response content is not sent to Langfuse or to any third-party observability vendor. Note: as described in section 3 above, the content of your messages is transmitted to the Anthropic Claude API for inference.

5. Feedback prompts and check-ins

To improve drafts and catch problems early, Pith may occasionally send you:

• A short feedback probe after a posted draft ("how did that one land?")
• A weekly check-in DM, timezone-aware, sent Tuesday morning local time, asking how Pith has been working for you
• A post-error empathy ping if a draft attempt fails

Once feedback prompts are active in your workspace, you can mute all probes and check-ins at any time by typing /pith mute feedback in your Pith DM. Until the beta framework is enabled in your workspace, no probes are sent. Critical operational notices (billing, account deletion confirmation, security alerts) cannot be muted.

6. Data retention

• Conversation messages: 30 days, then automatically deleted.
• Draft records: 30 days, then automatically deleted.
• Feedback events: 365 days, then automatically deleted.
• Quality scores: 90 days, then automatically deleted.
• Rate-limiting events: automatically deleted after 48 hours.
• Voice profile: retained while your account is active. Deleted on account deletion.
• Scheduled posts: retained until posted or canceled. Deleted on account deletion.
• Posted tweet records: retained while your account is active. Deleted on account deletion.
• X OAuth tokens: encrypted at rest. Deleted immediately on account deletion or disconnection.

All of the above are deletable on demand. Type delete my data in your Pith DM (the dedicated /pith delete-my-data slash command will be available as the beta framework rolls out). Soft deletion is immediate. Full purge completes within 30 days. You may reactivate within that window.

7. Your rights

You can exercise the following rights at any time:

• Delete your data: type delete my data in your Pith DM (the dedicated /pith delete-my-data slash command will be available as the beta framework rolls out). Soft deletion is immediate. Full purge completes within 30 days. You may reactivate within that window.
• Mute feedback prompts: once feedback prompts are active in your workspace, type /pith mute feedback to opt out of probes and check-ins. Until prompts are enabled, no probes are sent.
• Export your data: request an export of your voice profile and posted tweet history via Slack DM or email.
• Disconnect accounts: revoke X or Slack access at any time. Revoking X access deletes your stored OAuth tokens immediately.
• Correct your data: request corrections to any stored personal data via email.

8. Security and PII scrubbing

• All X OAuth tokens are encrypted at rest using Fernet (AES-128-CBC) symmetric encryption.
• Free-text feedback content is encrypted at rest.
• Row-level security is enforced per tenant in Postgres. No user can access another user's data.
• All connections use HTTPS/TLS. No user data is stored in Slack itself.
• Application deployed on Railway with managed infrastructure and automated backups.

Before any error report is sent to our error monitoring (Sentry), the following are automatically stripped:

• User message content (anything you type to Pith)
• Draft content (anything Pith generates for you)
• Tweet text (drafted or posted)
• Voice profile contents
• OAuth tokens (Slack and X)
• Stripe customer IDs and payment metadata

What is sent to Sentry: tenant ID, correlation ID, operation name, timing, error class, and stack trace location. Never your message content.

9. Cookies and tracking

The Pith website (getpith.ai) does not use cookies, analytics scripts, or tracking pixels. We have no interest in tracking you outside of the service you signed up for.

10. Children's privacy

Pith is not intended for use by anyone under the age of 13. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy. Material changes will be communicated via Slack DM at least 14 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact

Questions, requests, or concerns about your data: team@getpith.ai