Privacy Policy

Effective date: 2026-05-11 · Last updated: 2026-05-11

This Privacy Policy describes how Escalate ("we", "us", or "our") collects, uses, and shares information when you visit tryescalate.com, install the Escalate Slack app or Microsoft Teams app, or otherwise use our product (collectively, the "Service").

Escalate is built for founder-CTOs at Series A/B B2B SaaS companies who sell into compliance-gated buyers. The Service automatically creates dedicated chat channels for cross-functional sales deals (legal, security, compliance) and alerts the founder-CTO when one of those sub-threads has gone quiet long enough to put the deal at risk. Operating that Service requires us to process workspace data — which is why this policy exists.

1. Who we are

Escalate is operated by Yash Patel Consulting Inc., a corporation registered in the Province of Ontario, Canada. Contact: hello@tryescalate.com. Our product lives at tryescalate.com; our Slack and Microsoft Teams integrations are distributed through their respective app directories and via custom-app upload for design-partner accounts. Although our corporate entity is Canadian, our compute and storage subprocessors are located in the United States — see Section 5 (Subprocessors) for the full list and Section 10 (International transfers) for the cross- border-flow disclosure.

1.1 Privacy Officer

As required by Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), we have designated a Privacy Officer responsible for handling privacy inquiries and compliance. Privacy Officer: Yash Patel — email privacy@tryescalate.com (or hello@tryescalate.com).

2. Data we collect

2.1 Account data

• Workspace identifiers: Slack team_id / Microsoft Teams tenant_id, channel IDs, user IDs of workspace administrators and team owners.
• OAuth tokens: bot tokens (Slack xoxb-*), installer refresh tokens (Salesforce jsforce), HubSpot OAuth tokens, Microsoft Bot Framework JWTs. Stored encrypted at rest; redacted from all logs via our Sentry scrubbing rules.
• Founder contact details: the email address you provide at signup or via the design-partner intake call, and the Slack / Teams user ID you nominate as the alert-DM target via/escalate config founder.

2.2 Customer data (your operational data we process to deliver the Service)

• Messages from deal channels we create: when Escalate auto-creates a deal channel, we read messages posted in that channel and its sub-threads (legal / security / compliance / other). We do not scan direct messages, private channels we did not create, or any channel that pre-existed Escalate's install.
• CRM record metadata: deal name, stage, amount, owner, and stage-transition history pulled from Salesforce or HubSpot via OAuth scopes you have granted. We do not pull contact lists, activities, emails, calls, tasks, or files unless they appear in a deal record we are actively covering.
• Founder feedback signals: when you click the "Acknowledge" / "Snooze" / "Ping" / "Take it myself" buttons on an alert DM, those events are recorded as part of your corpus so the system can calibrate.

2.3 Classifier metadata (not raw text)

Each message in a covered channel passes through an LLM-based classifier that produces a structured verdict like { isRequest: true, roleTarget: "legal", confidence: 0.85 }. We retain the verdict and event identifiers; we do not retain the LLM's natural-language "reasoning" field in logs or audit exports (it is processed in-memory and discarded after the structured verdict is persisted).

2.4 Web visitor data

• Anonymous request logs (IP address, user-agent, path) retained for 30 days for abuse prevention. We do not place third-party telemetry pixels or remarketing cookies on tryescalate.com.
• Authentication cookies for the customer portal, signed with a server secret, 7-day expiration.

3. How we use data

• Operate the Service: create deal channels, invite configured reviewers, classify messages, run silence-detection thresholds, dispatch alert DMs to the founder.
• Generate the Coverage Report: monthly digest and on-demand report summarizing what Escalate covered, what alerts fired, and what was dismissed.
• Improve the product within your account only: alert dismissals are used to calibrate thresholds and re-train classifier prompts for your account only. We do not train cross-customer models on your data. (See §6 for V2-corpus posture.)
• Service-related communications: transactional emails (welcome, monthly digest summary, billing receipts, churn-survey). You can opt out of the monthly digest without disabling the Service.
• Security and abuse prevention: rate-limiting, anomaly detection, incident response.
• Legal compliance: respond to lawful process; enforce our Terms.

4. What we do NOT do

These are load-bearing commitments cited in our buyer-side trust narrative. They are reflected in product architecture, not just in copy.

• No training on customer data. We do not use messages from your covered channels, your CRM records, your dismissal feedback, or your audit-log to train or fine-tune any model that another customer can benefit from. Cross-customer corpus reuse is explicitly out of scope; per-customer corpus reuse (using your prior answers to draft your future responses) is a V2-roadmap item that ships under its own opt-in contract.
• No LLM-driven actions on your behalf. The LLM classifier produces verdicts; deterministic application code decides what (if anything) to do with those verdicts. The LLM never writes to your CRM, posts to your channels, or modifies any Slack/Teams/Salesforce/HubSpot state.
• No selling or licensing of customer data to data brokers, advertisers, model trainers, or any third party. Full stop.
• No DM scanning. Escalate's permission scopes and architectural design preclude reading direct messages. We only read channels we created on your behalf.
• No human-side impersonation. Our staff cannot "log in as you" in your workspace. Customer-support troubleshooting that needs visibility into your UI is done via a live screenshare you initiate.

5. Sharing with third parties (subprocessors)

We use the following subprocessors to operate the Service. Each receives only the minimum data needed to perform its function and is contractually obligated to handle it consistently with this policy.

We will publish a current subprocessor list on this page and notify customers via email at least 30 days before adding a new subprocessor whose change affects data processing for existing customers.

6. Per-customer corpus and V2 roadmap

Escalate accumulates an append-only event log of everything we observe and decide in your account. This log is the foundation of two commitments:

• Today (V1): you can export your full audit log at any time via the /escalate audit-export slash command or the customer portal. The export is in CSV or NDJSON format and covers every event recorded for your workspace.
• Future (V2, opt-in): when you opt in, Escalate uses your accumulated corpus to help your team draft responses for your future deals. V2 ships under a separate opt-in addendum; it does not modify this policy unless and until you elect into it.

7. Retention

• Events table (audit log): retained for the lifetime of your active subscription, plus a 30-day read-only grace window after cancellation, after which it is deleted on a scheduled deletion job. You can export at any point during that window.
• OAuth tokens: deleted within 7 days of subscription cancellation or workspace uninstall.
• Anonymous web logs: 30 days.
• Backups: Supabase point-in-time recovery retains backups for up to 7 days; backups inherit all retention limits above and roll off on the same schedule.

8. Security

• Tenant isolation: every row in our database is tagged with a workspace identifier; row-level security policies enforce that one tenant cannot read another tenant's data even through a developer error.
• Encryption: TLS for all data in transit; Supabase-managed encryption at rest for the events table and OAuth tokens.
• Secret hygiene: a custom Sentry redactor strips credential patterns (Slack tokens, HubSpot keys, Microsoft JWTs, jsforce refresh tokens, Stripe keys) before any error event leaves our compute.
• Access controls: production access is limited to the founder. There is no internal customer-support team to grant access to.
• Incident response: documented runbooks for Postgres outages, LLM-provider outages, RLS-bypass incidents (treated as code-red), and partial-deploy hazards. Customer notification timelines align with GDPR-72h and SOC-2 obligations where applicable.

9. Your rights

Regardless of your location, you have the right to:

• Access the personal data we hold about you via the audit-export tools.
• Correct inaccurate or incomplete data by editing your workspace records or contacting us.
• Delete your data by cancelling your subscription (initiates the 30-day grace and then scheduled deletion) or by contacting us with a deletion request.
• Object to processing or restrict it (note: in most cases this means cancellation, since the Service requires processing your operational data to function).
• Portability: audit-exports are in machine-readable NDJSON/CSV.
• Lodge a complaint with a supervisory authority if you believe we have mishandled your data:
  • Canada: the Office of the Privacy Commissioner of Canada (priv.gc.ca).
  • Ontario: if your complaint involves health or municipal-sector information, the Information and Privacy Commissioner of Ontario (ipc.on.ca).
  • EEA / UK / Switzerland: your national or local data-protection supervisory authority.

10. International transfers

Our corporate entity (Yash Patel Consulting Inc.) is in Ontario, Canada. Our compute and storage subprocessors are located in the United States (see Section 5 for specifics). This means that data you submit to the Service crosses the Canada–US border to reach our processing infrastructure.

For Canadian customers: PIPEDA permits transfers of personal information to a foreign jurisdiction for processing provided we use contractual or other means to ensure a comparable level of protection. Our subprocessor agreements impose data-protection obligations consistent with this policy.

For EEA / UK / Swiss customers: the European Commission has issued an adequacy decision for Canadian commercial organizations subject to PIPEDA, which generally permits transfers from the EEA to Canada without additional safeguards. Because our processing infrastructure forwards data to US-based subprocessors, we additionally rely on the European Commission's Standard Contractual Clauses ("SCCs") for the onward Canada→US flow. The SCCs are incorporated by reference into our Data Processing Addendum (/legal/dpa) and activate automatically when you are subject to GDPR. The UK ICO's International Data Transfer Addendum and the Swiss FADP mapping are likewise incorporated.

For California customers: we are a Service Provider under the California Consumer Privacy Act ("CCPA", as amended by the CPRA). We do not sell or share Personal Information within the meaning of those statutes.

11. Children

Escalate is a B2B sales-operations product. It is not directed to children under 16 and we do not knowingly collect data from them.

12. Changes to this policy

We will post material changes on this page and notify the founder contact on each active workspace by email at least 14 days before the change takes effect.

13. Contact

Questions about this policy or your data: write to our Privacy Officer at privacy@tryescalate.com (or hello@tryescalate.com).

Yash Patel Consulting Inc.
Province of Ontario, Canada
Registered office address available on request.