Privacy Policy

Million Software, Inc. (“Million Software”, “we” or “us”) maintains a strong commitment to respecting privacy and securing shared information. This Privacy Policy explains how the company collects, uses, discloses, and processes personal data when using Million Software's software, platform, APIs, Documentation, and related tools, including the website and the Pookie Slack app (“Service”). It describes how you can access and update personal information and outlines available data protection rights under applicable laws. By accessing or using the Service, you acknowledge consent to these practices.

This Privacy Policy does not apply when Million Software acts as a data processor handling personal data on behalf of commercial customers using commercial services, such as workspace-provisioned installations of Pookie. Such use is governed by applicable customer agreements.

1. Personal data we collect

A. Personal data you provide directly

• Account Information: Name, email address, Slack workspace identifier, and Slack user identifier received via Slack OAuth when you install or sign in to the Service
• Payment Information: Collected when accessing paid Pookie products and services
• Inputs and Suggestions: Messages you send to Pookie (including in channels Pookie is invited to, in DMs, and in threads where you tag it) and the responses Pookie generates. To produce a reply, the relevant turn of conversation is sent to OpenAI for inference; OpenAI does not train on API traffic by default. Personal data or external content references in Inputs are collected and may be reproduced in Suggestions.
• Connected Service Data: When you or your workspace administrator configure MCP servers or other integrations, Pookie may access and process data from those services on your behalf
• Communication Information: Name, contact information, and message contents from direct communication
• Feedback: Ideas, suggestions for improvement, or Suggestion ratings stored as part of exchanges

B. Personal data received from Service use

• Device Information: Device type, browser information, operating system, mobile network or ISP details
• Log Information: Service performance data including IP address, browser type and settings, error logs, and interaction methods
• Usage Data: Access dates and times, browsing history, search information, clicked links, viewed pages, and usage patterns
• Cookies & Similar Technologies: Cookies, pixels, scripts, or similar technologies operate and manage the Service and improve experience
• Location Information: Geographic location determined from IP address for security and performance

C. Information Not Collected

Million Software does not knowingly collect sensitive or special category personal information including genetic data, biometric data for identification, health information, or religious information. The company does not knowingly collect information from children under 18. Upon discovering or suspecting a user under 18, Million Software investigates and deletes personal data and/or the account if appropriate.

2. How we use personal data

Personal data may be used for:

• Providing and maintaining the Service, including optional enhancement features and connected integrations
• Creating, managing, and administering accounts, including payment facilitation and inquiry responses
• Improving and developing the Service through research, debugging, and identifying or repairing functionality issues
• Communicating with users regarding updates, Service information, and events
• Preventing, detecting, and investigating fraud, abuse, security incidents, and Terms of Service violations
• Complying with legal obligations and protecting user rights, safety, privacy, and property
• Investigating and resolving disputes or security issues
• Enforcing Terms of Service and applicable agreements

We do not use Inputs or Suggestions to train our models, or permit third parties to use them for training, unless: (1) they are flagged for security review, (2) you explicitly report them to us (for example, as Feedback), or (3) you've explicitly agreed to their use for such training purposes.

Aggregated or de-identified personal data may be used for described purposes. De-identified information is maintained in de-identified form and will not be reidentified except as required by law.

3. How we share personal data

Personal data may be disclosed in these circumstances:

• Service Providers and Business Partners: Third-party vendors and service providers supporting business operations and Service delivery, including OpenAI (for LLM inference, image generation, and code execution), Vercel (application hosting), and Upstash (managed Redis for state, OAuth tokens, and memory)
• Business Transfers: In merger, acquisition, restructuring, bankruptcy, or corporate transaction events, personal data may be disclosed to counterparties and advisers or transferred as part of the transaction
• Legal Compliance and Protection of Rights: Disclosure to government authorities or third parties when necessary for legal compliance, lawful requests response, safety or rights protection, fraud prevention, Terms of Service enforcement, or Million Software legal liability protection
• Affiliates: Entities controlling, controlled by, or under common control
• Third-Party Services and Integrations: When you or your workspace administrator connect MCP servers or other Third-Party Services, Inputs and related data may be shared with those services as needed to fulfill your request, governed by their own terms and privacy policies
• Workspace Administrators: Workspace administrators who installed the Service may have visibility into account-related information, configuration, and usage within their Slack workspace
• With Your Consent: Personal data disclosure when permission is granted, including through Service-designed information sharing features

4. Retention

Million Software retains personal data only as long as necessary for effective Service operation and legitimate business needs including legal compliance, safety, dispute resolution, and agreement enforcement. Retention periods vary based on collection purpose, sensitivity, potential use or exposure risks, and applicable legal requirements.

User and workspace settings may influence certain data retention duration. Temporary Service interactions may not appear in history and could be stored briefly for safety and system monitoring purposes.

When personal data is no longer needed, Million Software and service providers follow deletion, erasure, de-identification, or anonymization procedures complying with applicable laws.

5. Security

Commercially reasonable technical and organizational measures protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no internet transmission or electronic storage method is completely secure. Users should exercise caution when deciding what information to share. Million Software is not responsible for circumventing privacy settings or security features on the Service or third-party linked websites.

6. Your rights and choices

Depending on residence location and applicable laws, users may have certain rights regarding personal data. These may include accessing, deleting, correcting, or transferring personal data; objecting to or restricting processing; or withdrawing consent where processing is consent-based. Users may also lodge complaints with local data protection authorities.

To exercise these rights, contact founders@million.dev. Million Software may request identity verification information before processing requests. The company will not discriminate against users exercising available privacy rights.

Available rights may include:

• Right to know: Categories of collected personal data, use purposes, and third-party sharing types
• Access and portability: Requesting copies of held personal data and, where applicable, portable format provision
• Deletion: Personal data deletion collected in connection with Service use, subject to exceptions
• Correction: Inaccurate personal data correction
• Objection: Opposing certain processing types
• Restriction: Processing limitation in limited circumstances
• Withdrawal of consent: Where processing is consent-based
• No automated decisions: Million Software does not make solely automated processing decisions impacting legal rights or having similarly significant effects
• No sale or targeted advertising:The company does not “sell” or “share” personal data for cross-contextual behavioral advertising and does not process personal data for “targeted advertising” purposes

Million Software processes personal data for described purposes on servers in various jurisdictions, including the United States. While data protection laws vary by country, outlined protections apply regardless of processing location.

7. Jurisdiction-Specific Disclosures

Some jurisdictions require specific personal data handling disclosures. This Privacy Policy supplements jurisdiction-specific requirements by providing additional collection purpose, data type, and legal basis details. See “Personal data we collect,” “How we use personal data,” and “Retention” sections above for additional information.

8. Privacy policy changes

Million Software may update this Privacy Policy periodically. Updated versions with effective dates are published at the top of this page unless legally required notice differs. Continued site use following Privacy Policy changes constitutes change acceptance.

9. Contacting us

Contact founders@million.dev with Privacy Policy questions.