Data Processing
Addendum.

The customer is responsible for deciding what personal data is added to its workspace, including account data, project data, client data, documents, messages, meeting details, and integration content.

CollaboraOne processes customer data to provide the hosted collaboration platform, including authentication, workspace features, file storage, notifications, integrations, billing, and AI-assisted workflows.

Company users and client users are responsible for using invite links, sharing controls, connected apps, and AI outputs appropriately within their workspace.

Names, email addresses, role, company name, company ID, subscription status, member records, client records, and invite-related information.

Projects, tasks, milestones, notes, approvals, deadlines, statuses, priorities, assignees, comments, notifications, and related timestamps.

Uploaded document metadata, storage IDs, sharing lists, chat conversations, chat messages, attachments, file names, attachment types, and file sizes.

Meeting titles, descriptions, dates, invited users, meeting provider, join URLs, booking links, invitee names, invitee emails, scheduled times, notes, and booking statuses.

Connected provider names, OAuth scopes, encrypted access tokens, encrypted refresh tokens, team or account metadata, external file IDs, external meeting IDs, and integration timestamps.

Plan names, subscription IDs, customer IDs, billing status, billing period data, AI credits, credit logs, AI request usage, and processed webhook IDs.

AI conversation titles, user prompts, assistant messages, tool calls, tool results, agent steps, message previews, and workspace context used to complete requested AI actions.

Create and operate workspaces, dashboards, projects, tasks, meetings, documents, chats, approvals, notifications, booking links, and client portals.

Authenticate users, enforce role-based access between company and client areas, and associate records with users and workspaces.

Connect optional third-party tools such as Slack, Google Drive, Gmail, Google Meet, and GitHub when a user authorizes those integrations.

Create checkout sessions, update subscriptions, process signed billing webhooks, enforce plan limits, and maintain AI credit balances.

Use prompts and relevant workspace context to generate responses, create or update records, summarize information, and track AI usage against plan limits.

Send account notifications, product support messages, workflow emails, and responses to contact requests.

Used for sign-in, account management, and user session handling.

Used for application hosting, database records, server-side functions, real-time data, scheduling, and file storage.

Used for platform video meetings.

Used for paid plan checkout, subscriptions, billing events, and payment status.

Used for product analytics and performance insights in the web app.

Google services, Slack, and GitHub process data only when users connect those integrations and use the related features.

Workspace email notifications and contact workflows use configured email infrastructure, including Gmail/Nodemailer where configured by the platform.

CollaboraOne processes customer data according to the customer's use of the platform, including actions taken through the dashboard, integrations, billing settings, invite links, sharing controls, and AI prompts.

Customers should not submit data they are not authorized to process or share, and should configure client, employee, document, integration, and meeting access according to their own obligations.

Protected app areas require authenticated user sessions and route protection.

The product separates company and client areas and stores workspace identifiers plus explicit assignment or sharing lists for project and document access.

OAuth tokens are encrypted before storage, and token values are not returned by public integration status queries.

Billing webhooks are verified before processing and tracked for duplicate handling.

Users may request access to or deletion of their data by contacting support@collaboraone.com.

Users can disconnect integrations, which removes the stored integration record for that provider.

Document deletion removes the document record and deletes the associated file from managed application storage.

Certain billing, subscription, webhook, and transaction-related records may need to be retained where required for payment, tax, dispute, abuse-prevention, or legal reasons.

CollaboraOne will provide reasonable assistance for privacy, security, and data handling questions related to the platform. Contact support@collaboraone.com for DPA requests, deletion requests, or vendor review questions.