Privacy Policy

Last updated: April 20, 2026

Summary

Assistant for Basecamp is a Chrome extension and web app that enhances Basecamp 3 with features like tags, statuses, custom fields, Kanban boards, and automations. We take the minimum amount of data needed to run the product. We don't sell data. We don't share it with advertisers.

What we store

• Account metadata: Basecamp account ID, name, and your Basecamp user profile (email, name, avatar URL).
• Authentication tokens: OAuth access and refresh tokens from Basecamp, used to call Basecamp's API on your behalf. Encrypted at rest.
• Extension-added data: Tags, statuses, custom field values, automation rules, and voice note recordings you create inside Assistant.
• Billing data: Handled by Stripe. We store your Stripe customer ID and subscription status but never your card details.
• Technical logs: Request logs (IP, user agent, endpoint) kept for 30 days for security and debugging.

What we do NOT store

• Your Basecamp project content (messages, to-do titles, comments, files). We read them live via the Basecamp API when rendering features, but we don't persist them.
• Your Basecamp password.
• Tracking pixels or advertising cookies.

How we use your data

• To authenticate you and keep your session active.
• To render Assistant features inside Basecamp by calling Basecamp's API with your OAuth token.
• To bill you via Stripe.
• To send transactional emails (password resets, billing receipts, seat invites).
• To investigate security incidents and debug errors.

Who we share data with

Only these sub-processors, each for a specific purpose:

• Cloudflare — hosting, CDN, and DDoS protection.
• Stripe — payment processing.
• Basecamp (37signals) — to read/write data inside your Basecamp account via OAuth.
• PostHog — product analytics (aggregate events, no PII sold or shared).

We will never sell your data or share it with advertisers.

Your rights

• Access: Email us at hello@getassistant.io to request a copy of your data.
• Delete: Disconnect your Basecamp account and we will purge your account data within 30 days. Automated deletion endpoint available on request.
• Revoke access: You can revoke our OAuth access from your Basecamp account settings at any time. We will no longer be able to call Basecamp on your behalf.

Data location

Data is stored on Cloudflare's global infrastructure (D1 database, KV store). Stripe data is stored by Stripe under their own policies.

Cookies

We use a single HTTP-only cookie on app.getassistant.io to store your session token. No tracking cookies, no third-party cookies, no advertising cookies.

Children's privacy

Assistant is not directed at children under 16. We do not knowingly collect data from children.

Changes to this policy

If we make material changes, we will email active admins and post a notice on this page. The "Last updated" date at the top will reflect the change.

Contact

Questions? Email hello@getassistant.io.