DianaGet Started

Privacy Policy

Effective Date: March 28, 2026 · Last Updated: March 28, 2026

Diana Intelligence Corp. (“Diana,” “we,” “us,” or “our”) operates the Diana AI assistant for Slack. This Privacy Policy describes how we collect, use, store, and protect information when you use the Diana application (“Service”).

1. Information We Collect

Information You Provide

  • Account Information:When you install Diana, we receive your Slack workspace ID, team name, and the installing user's Slack user ID and email address via Slack OAuth.
  • Messages to Diana: When you interact with Diana through direct messages, mentions, or slash commands in Slack, we receive the content of those messages.
  • Integration Credentials: If you connect third-party services (e.g., Notion, GitHub) through Diana, we store encrypted OAuth tokens necessary to access those services on your behalf.
  • Preferences and Configuration: Settings you configure for Diana within your workspace, including agent behavior preferences and notification settings.

Information We Receive Automatically

  • Slack Event Metadata: We receive event metadata from Slack (e.g., channel IDs, timestamps, user IDs) as part of the Slack Events API. We do not store Slack message content or channel history beyond what is directly sent to Diana.
  • Usage Data: We collect aggregate, non-identifying usage metrics such as the number of tasks processed and feature usage patterns to improve the Service.

Information We Do Not Collect

  • We do not access or store Slack message history or channel archives.
  • We do not read messages in channels where Diana is not explicitly mentioned or invoked.
  • We do not collect personal information beyond what is provided through Slack OAuth and direct interactions with Diana.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your requests, execute tasks, and deliver responses within Slack.
  • Maintain Agent Memory: Store contextual information from your interactions with Diana to provide continuity across sessions within your workspace. This memory is workspace-isolated and can be viewed and deleted at any time.
  • Improve the Service: Analyze aggregate usage patterns to improve reliability, performance, and features. We do not use individual message content for analytics.
  • Communicate With You: Send service-related notifications (e.g., billing, security alerts, product updates).
  • Ensure Security: Detect and prevent fraud, abuse, and security incidents.

We do not use your data for advertising, profiling, or selling to third parties.

3. AI and Language Models

Diana uses third-party large language models (LLMs), including Anthropic Claude and OpenAI GPT, to process tasks and generate responses. Important details about how your data interacts with these models:

  • No Model Training: Your conversations, files, and business data are never used to train third-party AI models. Both Anthropic and OpenAI operate under commercial API agreements that explicitly prohibit using customer data for model training.
  • Real-Time Processing Only: Task prompts and responses are processed in real time by the LLM provider and are not retained by the provider after the API response is returned.
  • Data Tenancy:Diana operates a multi-tenant architecture with strict logical isolation. Each workspace's data is segregated by authentication and workspace identifiers. There is no cross-tenant data access.
  • AI-Generated Content Disclaimer: Diana uses AI to generate responses and perform tasks. While we strive for accuracy, AI-generated content may occasionally contain errors or inaccuracies. Users should verify critical information independently.

4. Data Retention

  • Active Account Data: We retain your data for as long as your Diana account is active and as needed to provide the Service.
  • Agent Memory: Conversation context and agent memory are retained while your account is active. You can view and delete agent memory at any time through the Diana dashboard.
  • Integration Credentials: OAuth tokens for connected services are retained while the integration is active and are revoked and deleted when the integration is disconnected or the account is deleted.
  • Aggregate Analytics: De-identified, aggregate usage data may be retained indefinitely for service improvement purposes.
  • Post-Deletion: Upon account deletion or app uninstallation, we delete all associated customer data from active production systems within 14 days. Encrypted backups containing residual data are purged within 14 days.

5. Data Storage and Security

  • Hosting: All data is hosted in the United States using Cloudflare (compute and edge infrastructure), Supabase (managed PostgreSQL database), and Vercel (web application).
  • Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • Access Controls: Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
  • Isolation:Each workspace's agent execution runs in sandboxed environments (Cloudflare Durable Objects and Containers) with no cross-tenant access.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties except as follows:

  • Sub-Processors: We use third-party service providers (sub-processors) to help deliver the Service. Each sub-processor is contractually bound to process data only as instructed and maintain appropriate security measures.
  • Third-Party Integrations:When you connect external services (Notion, GitHub, etc.) through Diana, data is shared with those services as necessary to perform the requested tasks, subject to those services' own privacy policies.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same privacy protections.

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: You can request a copy of the personal data we hold about you.
  • Deletion: You can request deletion of your data at any time by contacting us at privacy@getdiana.com or by uninstalling Diana from your Slack workspace. Data is deleted from production systems within 14 days and from backups within 14 days.
  • Correction: You can request correction of inaccurate personal data.
  • Data Portability: You can request an export of your data in a machine-readable format.
  • Opt-Out: You can disconnect integrations or uninstall Diana at any time.

To exercise any of these rights, contact us at privacy@getdiana.com.

California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising your privacy rights.

European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing is performance of a contract (providing the Service) and legitimate interests (improving and securing the Service).

8. Children's Privacy

Diana is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Diana Intelligence Corp.
Email: privacy@getdiana.com
Security Issues: security@getdiana.com