How Andru Handles Your Data

Plain language. No surprises. Every claim verifiable.

What We Collect

Only what you give us. Andru processes the product information, buyer intelligence, and pipeline data you provide through the platform, CLI, or MCP tools.

Product intelligence: Product name, description, target buyer, vertical, distinguishing features. Provided by you during onboarding or via MCP tool arguments.
Buyer intelligence: ICP criteria, persona data, buying committee profiles, competitive positioning. Generated by AI from your product intelligence.
Pipeline data: Deal stage, company names, contact names, meeting context. Provided by you or imported from connected CRM.
Account data: Email, name, company, role. Required for authentication and service delivery.
Usage data: Tool invocation counts and token usage for billing. Pages visited for product improvement.

What We Do NOT Collect

No CLI/MCP telemetry: The andru-intel CLI and MCP server send no usage analytics, no telemetry, and no background data to Andru. They only make API calls when you explicitly invoke a tool.
No local file access: The CLI and MCP server do not read files from your machine beyond the optional SQLite offline cache.
No customer data in logs: Application logs contain correlation IDs, timestamps, and status codes. Never product descriptions, ICP data, or pipeline content.
No third-party tracking: No browser fingerprinting. No third-party analytics pixels on customer data.

Where Your Data Is Stored

Store	What	Location
Supabase (PostgreSQL)	All persistent customer data	US (AWS us-east-1)
Redis	Transient cache (sessions, events)	US
SQLite (your device)	MCP offline cache	Your machine

Encryption: AES-256 at rest, TLS 1.2+ in transit. No customer data stored outside these three locations. Database backups: automated daily with point-in-time recovery (PITR) via Supabase, encrypted at rest on AWS.

Who Processes Your Data

Anthropic (primary AI): Claude API for intelligence generation. Anthropic does not train on API data. Customer Content is Customer's Confidential Information under Anthropic's Commercial Terms. Zero-retention API.
Fallback AI providers: Google (Gemini), Mistral, Together AI. Used only when Anthropic is unavailable. Same data handling principles apply.
Algorithmic engines: Local engines for ICP scoring, positioning, cost calculation. No external API calls. Customer data does not leave the platform.
Infrastructure: Supabase (database), Render (hosting), Stripe (payments), Resend (email), Netlify (frontend — no customer data).

No provider uses your data for model training or their own purposes. All sub-processors listed in our Data Processing Agreement.

How Your Data Is Isolated

Database level: Row-Level Security (RLS) policies scope every query to your authenticated user ID. You cannot access another customer's data, and they cannot access yours.
AI call level: Each AI call is independent and scoped to one customer. Your product description, ICP data, and pipeline context never appear in another customer's prompt.
Session level: CLI and MCP sessions are API-key-scoped. Each session creates an independent client bound to your user ID.

Data Retention

Data Type	Retention
Active account data	Until you delete your account
Deactivated accounts	30 days, then purged
Deleted accounts	3-day grace period, then permanent deletion cascade
AI call logs	90 days
Performance metrics	30 days
Redis cache	TTL-based (minutes to hours, auto-expires)

How to Delete Your Data

Self-service: Settings → Account → Delete Account. Type 'DELETE' to confirm.
Grace period: 3 days. Cancel by logging back in.
What's deleted: All data from all tables: profiles, assessments, ICP data, pipeline runs, generated resources, API keys, usage logs, AI cost tracking. Stripe subscriptions cancelled. OAuth tokens revoked. Auth credentials permanently removed.
What's NOT deleted automatically: Local MCP cache (SQLite on your device) — your responsibility to clear by uninstalling or deleting the cache file.
Verification: Deletion cascade coverage is verified by an automated integration test. The test fails if any customer-data table is added without being included in the cascade.

Or email geter@andru-ai.com to request deletion.

What We Collect

Only what you give us. Andru processes the product information, buyer intelligence, and pipeline data you provide through the platform, CLI, or MCP tools.

Product intelligence

Product name, description, target buyer, vertical, distinguishing features. Provided by you during onboarding or via MCP tool arguments.

Buyer intelligence

ICP criteria, persona data, buying committee profiles, competitive positioning. Generated by AI from your product intelligence.

Pipeline data

Deal stage, company names, contact names, meeting context. Provided by you or imported from connected CRM.

Account data

Email, name, company, role. Required for authentication and service delivery.

Usage data

Tool invocation counts and token usage for billing. Pages visited for product improvement.

What We Do NOT Collect

No CLI/MCP telemetry

The andru-intel CLI and MCP server send no usage analytics, no telemetry, and no background data to Andru. They only make API calls when you explicitly invoke a tool.

No local file access

The CLI and MCP server do not read files from your machine beyond the optional SQLite offline cache.

No customer data in logs

Application logs contain correlation IDs, timestamps, and status codes. Never product descriptions, ICP data, or pipeline content.

No third-party tracking

No browser fingerprinting. No third-party analytics pixels on customer data.

Where Your Data Is Stored

Store

What

Location

Supabase (PostgreSQL)

All persistent customer data

US (AWS us-east-1)

Redis

Transient cache (sessions, events)

SQLite (your device)

MCP offline cache

Your machine

Who Processes Your Data

Anthropic (primary AI)

Claude API for intelligence generation. Anthropic does not train on API data. Customer Content is Customer's Confidential Information under Anthropic's Commercial Terms. Zero-retention API.

Fallback AI providers

Google (Gemini), Mistral, Together AI. Used only when Anthropic is unavailable. Same data handling principles apply.

Algorithmic engines

Local engines for ICP scoring, positioning, cost calculation. No external API calls. Customer data does not leave the platform.

Infrastructure

Supabase (database), Render (hosting), Stripe (payments), Resend (email), Netlify (frontend — no customer data).

No provider uses your data for model training or their own purposes. All sub-processors listed in our Data Processing Agreement.

How Your Data Is Isolated

Database level

Row-Level Security (RLS) policies scope every query to your authenticated user ID. You cannot access another customer's data, and they cannot access yours.

AI call level

Each AI call is independent and scoped to one customer. Your product description, ICP data, and pipeline context never appear in another customer's prompt.

Session level

CLI and MCP sessions are API-key-scoped. Each session creates an independent client bound to your user ID.

Data Type

Retention

Active account data

Until you delete your account

Deactivated accounts

30 days, then purged

Deleted accounts

3-day grace period, then permanent deletion cascade

AI call logs

90 days

Performance metrics

30 days

Redis cache

TTL-based (minutes to hours, auto-expires)

How to Delete Your Data

Self-service

Settings → Account → Delete Account. Type 'DELETE' to confirm.

Grace period

3 days. Cancel by logging back in.

What's deleted

All data from all tables: profiles, assessments, ICP data, pipeline runs, generated resources, API keys, usage logs, AI cost tracking. Stripe subscriptions cancelled. OAuth tokens revoked. Auth credentials permanently removed.

What's NOT deleted automatically

Local MCP cache (SQLite on your device) — your responsibility to clear by uninstalling or deleting the cache file.

Verification

Deletion cascade coverage is verified by an automated integration test. The test fails if any customer-data table is added without being included in the cascade.

Or email geter@andru-ai.com to request deletion.