Effective Date: March 2, 2026

Contact: hello@meetsquad.ai

1. Introduction

This privacy policy explains how Squad AI ("Squad," "we," "us," or "our") collects, uses, stores, and protects your personal data. It applies to:

• The Squad website at meetsquad.ai

• The Squad web application at app.meetsquad.ai

• The Squad MCP (Model Context Protocol) server

• Third-party AI platform integrations where Squad operates as a connected service, including OpenAI ChatGPT and Anthropic Claude

When you use Squad through a third-party AI platform (such as ChatGPT or Claude), that platform's own privacy policy also applies to your use of that platform. This policy covers only the data that Squad receives and processes.

2. Who We Are

Squad AI is a product discovery and strategy platform. We provide tools for managing product opportunities, solutions, goals, feedback, knowledge, and insights.

Our MCP server allows you to access Squad's tools directly within AI assistants like ChatGPT and Claude, so you can research, plan, and manage product strategy without leaving your AI workflow.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Account and Identity Data

• Email address

• User ID (assigned by our authentication provider)

• Organisation and workspace membership

3.2 Authentication Data

• OAuth tokens (access tokens and refresh tokens) used to verify your identity

• These tokens are issued by our authentication provider and are not stored permanently by Squad's MCP server

3.3 Workspace Content Data

• Opportunities, solutions, goals, insights, feedback, and knowledge items you create or modify through Squad

• Relationships between these items

• Workspace configuration and settings

3.4 MCP and AI Platform Interaction Data

• When you use Squad through an AI platform (ChatGPT, Claude, or another MCP client), our server receives only the specific tool calls made by the AI assistant on your behalf. These tool calls contain structured parameters (such as "list my opportunities" or "create an opportunity with this title and description").

• We do not receive your full conversation history with the AI assistant.

• We do not receive prompts or messages you send to the AI assistant that do not result in a Squad tool call.

• Tool call parameters and responses are processed in real time to fulfill your request and are not separately logged or stored beyond standard server operation logs.

3.5 Usage and Technical Data

• Server access logs, which may include IP addresses, timestamps, and request metadata

• Error logs for diagnosing issues

• Session identifiers used to maintain your connection during an MCP session

3.6 Website Data

• Standard web analytics data if you visit meetsquad.ai (see Section 10 on cookies)

4. Data We Do Not Collect

Squad does not collect, process, or store:

• Payment card information (PCI data) — all payment processing is handled by third-party payment processors

• Protected health information (PHI) — Squad is not a healthcare service and does not process health data

• Government-issued identification numbers — such as social security numbers, passport numbers, or national ID numbers

• Passwords or API keys — authentication is handled entirely through OAuth; we never see or store your password or third-party API keys

• Biometric data

5. How We Use Your Data

We use your data for the following purposes:

Authenticating you and authorizing access to your workspaces — Lawful basis: Contractual necessity

Executing tool calls you initiate — Lawful basis: Contractual necessity

Maintaining MCP session state — Lawful basis: Legitimate interest

Diagnosing errors and maintaining service reliability — Lawful basis: Legitimate interest

Improving the Squad platform and MCP integration — Lawful basis: Legitimate interest

Responding to support requests — Lawful basis: Contractual necessity

Complying with legal obligations — Lawful basis: Legal obligation

We do not use your workspace content or MCP interaction data for training AI models. We do not sell your personal data.

6. Data Minimization

We follow a data minimization approach:

• Our MCP server only receives the specific tool call parameters needed to fulfill each request. It does not receive or process your broader AI conversation context.

• Session data is held in memory or Redis with a maximum time-to-live and is automatically evicted.

• OAuth tokens are validated in real time and are not persisted beyond the active session.

• Server logs are retained only as long as needed for operational purposes (see Section 8).

7. Who We Share Data With

We share data with the following categories of recipients, only as necessary to provide the service:

Authentication provider — User authentication and OAuth token management. Data shared: User ID, email, OAuth tokens.

Hosting provider — Infrastructure hosting for the MCP server. Data shared: Data in transit and at rest on their platform.

Session storage provider — Persistent session management. Data shared: Session identifiers, workspace selections.

Squad API backend — Storing and retrieving your workspace content. Data shared: All workspace content data, authenticated via your token.

AI platform providers (OpenAI, Anthropic, Google) — These platforms send tool calls to our server on your behalf; tool responses are returned to them. Data shared: Tool call responses containing your workspace data.

We do not share your data with advertisers. We do not sell personal data to any third party.

When you use Squad through ChatGPT or Claude, the AI platform provider receives the tool responses from our server. How that provider handles that data is governed by their own privacy policy.

8. Data Retention

Account data (user ID, email, org membership) — Retained while your account is active; deleted within 30 days of account deletion.

Workspace content (opportunities, solutions, goals, etc.) — Retained while your workspace exists; deleted within 30 days of workspace deletion.

MCP session data — Maximum 24 hours, automatically evicted.

OAuth tokens in session — Duration of active session only.

Server operation logs — 90 days.

Error/debug logs — 90 days.

9. Data Processing Locations

Our services are hosted on infrastructure in the United Kingdom and the Netherlands. If you access Squad from outside these regions, your data will be transferred to these locations for processing. We rely on standard contractual terms with our service providers to ensure adequate data protection for international transfers.

10. Cookies and Tracking

10.1 Squad Website (meetsquad.ai)

When you visit our website, we may use:

• Essential cookies: Required for site functionality, such as session management and authentication state. These cannot be disabled.

• Analytics cookies: We use privacy-focused analytics to understand how visitors use our site. This may include page views, referral sources, and general geographic region.

We do not use third-party advertising cookies or trackers on our website.

10.2 MCP Server

The MCP server does not use cookies. Authentication is handled via OAuth bearer tokens transmitted in HTTP headers.

10.3 Third-Party AI Platforms

When you use Squad through ChatGPT, Claude, or another AI platform, any cookies or tracking are governed by that platform's privacy policy, not ours. Our MCP server does not set cookies in these contexts.

11. Children's Privacy

Squad is a professional product management tool intended for business use. Our service is designed for users aged 13 and older. We do not knowingly collect personal data from children under 13.

If you are between 13 and 18, you may use Squad only with the involvement and consent of a parent or guardian.

If we learn that we have collected personal data from a child under 13, we will delete that data promptly. If you believe a child under 13 has provided us with personal data, please contact us at hello@meetsquad.ai.

12. Your Data Rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you

• Correction: Request correction of inaccurate data

• Deletion: Request deletion of your personal data

• Portability: Request your data in a structured, machine-readable format

• Restriction: Request that we limit how we process your data

• Objection: Object to processing based on legitimate interest

• Withdraw consent: Where processing is based on consent, withdraw it at any time

How to Exercise Your Rights

You can exercise your rights in any of the following ways:

1. Email: Send a request to hello@meetsquad.ai with the subject line "Privacy Rights Request"

2. In-app: Delete your workspace content directly through the Squad application or MCP tools

3. Account deletion: Request full account deletion by emailing hello@meetsquad.ai

We will respond to verified requests within 30 days. If we need more time, we will notify you of the reason and extension period. We will verify your identity before processing any rights request to protect your data.

13. Security

We protect your data through:

• OAuth 2.0 authentication with token validation for every request

• HTTPS/TLS encryption for all data in transit

• User-isolated data access — you can only access workspaces you are authorized for

• Scoped access tokens with limited permissions

• Automatic session expiration and cache eviction

• No storage of passwords or credentials on our servers

14. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will:

• Update the effective date at the top of this page

• Post the revised policy on our website

• Notify active users via email for significant changes

Your continued use of Squad after changes are posted constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Squad AI
Email: hello@meetsquad.ai
Website: https://meetsquad.ai

For data protection inquiries, please include "Privacy" in your email subject line.