Sift
Pricing Research Docs
Log in Book a demo

Trust

Privacy Policy

Sift is built around a shared brain, so privacy is a product boundary, not a footer detail. This policy explains what we collect, how we use it, and how workspace visibility, connectors, agents, and audit trails affect that data.

Last updated July 4, 2026 charles@sift.wiki Terms and Conditions

Contents

Scope Information Connectors Google data Use AI and agents Work learning Telemetry Sharing Security Choices Rights Cookies Changes Contact

If your organization signs a data processing agreement, order form, or other written agreement with Sift, that agreement may add or replace parts of this policy for that workspace. We do not sell Customer Content or use it for third-party advertising. We do not use Google user data to train generalized AI or machine learning models. We do not use Customer Content to train generalized AI or machine learning models unless your organization explicitly agrees through product settings, an order form, or another written agreement.

1. What this policy covers

This Privacy Policy applies to Sift's public website, the Sift product app, Sift workspaces, connectors and integrations, hosted agent features, and agent access through CLI, MCP, or API surfaces. It covers personal information we collect from visitors, users, workspace members, invited agents, and people who contact us.

Sift workspaces are controlled by the organization or person that created the workspace. If you use Sift through your employer or another organization, that workspace owner may decide what sources are connected, who can access workspace content, how long content is kept, and whether additional contractual privacy terms apply.

2. Information we collect

We collect information in a few practical categories:

  • Account and profile information. Name, email address, login details, workspace membership, role, invitations, and account settings.
  • Workspace and brain content. Documents, meetings, messages, code references, work traces, tasks, decisions, threads, agent runs, tool calls, approvals, corrections, outcome signals, generated records, citations, source metadata, workspace skills and evals, embeddings, indexes, and other content that users, connectors, or agents add to a workspace.
  • Usage and telemetry. Product events, session lifecycle events, feature usage, diagnostics, request metadata, route patterns, statuses, counts, durations, device/browser data, and logs needed to operate, secure, debug, and improve the service.
  • Support and business communications. Messages you send us, demo requests, feedback, billing or procurement details, and related contact history.

In this policy, "Customer Content" means workspace and brain content that you, your workspace, your connectors, or your agents submit to or generate in Sift, including raw source material, derived records, indexes, work traces, corrections, approvals, outcome signals, workspace skills, and evals.

We aim to keep logs and telemetry useful without storing raw secrets, full provider payloads, or private source contents where operational metadata is enough.

3. Connectors and integrations

Sift can connect to third-party tools such as communications, documents, meetings, code, CRM, support, analytics, or other workspace systems. The information Sift can access depends on the provider scopes, selected resources, connection mode, and workspace settings.

  • OAuth grants, API keys, and similar credentials are used to operate the connector and are not meant to be visible to ordinary workspace users.
  • Personal connectors are intended to stay private to the connecting principal unless that person or the workspace explicitly changes the visibility boundary.
  • Workspace connectors may make source material and derived records visible to workspace members or agents according to roles, spaces, source permissions, and selected-resource settings.
  • Disconnecting a connector stops future sync for that connector; existing records, audit logs, backups, or derived indexes may remain until deleted or expired under the applicable workspace policy.

4. Google user data

If you connect a Google account or Google Workspace source to Sift, Sift may access, collect, process, and store Google user data only according to the scopes, resources, connection mode, and workspace settings you authorize. Depending on the Google integration you choose, this may include:

  • Google account information. Account identifiers, name, email address, profile image, and connection metadata used for sign-in, account linking, and connector status.
  • Google Calendar data. Calendar metadata, event details, attendees, times, locations, conferencing links, descriptions, recurrence data, and selected calendar sync state.
  • Google Drive data. File and folder metadata, selected file contents, document text, comments or related metadata where authorized, change tokens, and selected-resource sync state.
  • Google Meet data. Meeting metadata, transcript, recording, summary, or related meeting content only when the connected Google source and authorized scopes provide that data.

Sift uses Google user data only to provide or improve user-facing Sift features that are visible in the application, including connecting selected Google sources, ingesting and indexing authorized content, retrieving and citing evidence, generating user-requested summaries or answers, showing source health and sync status, enforcing permissions, debugging connector failures, and protecting the service.

Sift does not sell Google user data, does not use it for targeted, personalized, retargeted, or interest-based advertising, does not provide it to data brokers, information resellers, or surveillance providers, and does not use it to determine credit-worthiness or for lending purposes. Sift does not use Google user data to train or fine-tune generalized AI or machine learning models. Workspace-specific indexes, embeddings, summaries, citations, and derived records are created to provide the Sift features you requested, not to train a generalized model.

We transfer or disclose Google user data only as needed to provide or improve the user-facing Sift features you authorized, to service providers acting on our behalf, for security and abuse prevention, to comply with law, or as part of a merger, acquisition, financing, reorganization, or sale of assets where required consent or notice is obtained. Sift personnel do not read Google user data except with your affirmative agreement for a specific support or review purpose, for security or abuse investigation, to comply with law, or in aggregated form for internal operations.

Disconnecting a Google connector stops future sync for that connector. Existing Google-derived records, audit logs, backups, and indexes follow the retention, deletion, and workspace-control rules in this policy.

5. How we use information

We use information to provide and improve Sift, including to:

  • create and authenticate accounts, sessions, workspaces, and agent access;
  • ingest, index, retrieve, cite, summarize, and organize workspace knowledge;
  • show provenance, timestamps, confidence, source health, contradictions, and audit history;
  • operate connectors, imports, backfills, webhooks, polling, and sync jobs;
  • support collaboration through threads, decisions, evidence bundles, tasks, generated views, and shared agent work;
  • record work traces, approvals, corrections, and outcome signals so workspace-specific skills, retrieval, context assembly, evals, and agent guidance can improve over time;
  • measure source relevance, answer quality, connector health, run reliability, latency, and other operational patterns using telemetry, diagnostics, and aggregated information;
  • detect abuse, debug failures, secure the service, and enforce permissions;
  • respond to support requests, product feedback, billing, procurement, and legal obligations.

6. AI, agents, and model providers

Sift may send relevant workspace context to AI model providers, tool providers, or hosted agent infrastructure when you ask Sift or a connected agent to read, answer, generate, summarize, extract, or act on that context. The context sent should follow the permissions and workspace scope available to the user or agent making the request.

External agents can access Sift through CLI, MCP, or API surfaces. Those agents may be operated by you, your organization, or another provider, and their handling of data can also be governed by the agent provider's own terms and privacy practices.

Sift's product commitment is that answers should not cite content the asker could not already read. Important decisions should still be reviewed by a human, especially where legal, financial, employment, health, security, or safety consequences are involved.

7. Work traces, learning, and outcomes

Sift is designed to help a workspace learn from real work. When humans or agents use Sift, we may record work traces such as the goal, relevant context, citations, agent steps, tool calls, approvals, corrections, generated work products, and outcome signals from connected systems of record where authorized.

We use this information to provide workspace-specific learning features, including improving workspace skills, playbooks, retrieval, context assembly, outcome watchers, evals, and agent guidance. These workspace learning artifacts remain governed by the workspace's permissions, visibility settings, retention rules, and contractual controls.

Sift may use de-identified, aggregated, or content-minimized operational information to understand product reliability and improve Sift. We do not use Customer Content for generalized model training unless your organization explicitly agrees. If Sift offers shared learning features that contribute sanitized workflow patterns, evals, corrections, or playbooks beyond your workspace, those features will be governed by product controls or written agreement.

8. Telemetry, diagnostics, and product improvement

Telemetry and diagnostics help us operate, secure, debug, measure, and improve Sift. They may include events, route patterns, statuses, counts, durations, feature usage, connector health, model/provider reliability, error states, and aggregated trends.

We design telemetry to avoid raw Customer Content where operational metadata is enough. Telemetry should not intentionally include raw source text, prompts, completions, secrets, credentials, full provider payloads, full URLs, or free-text customer content. Some operational, security, billing, audit, and diagnostic records may be retained even if ordinary product telemetry is limited or disabled.

9. How we share information

We share information only where needed for Sift to work or where required by law:

  • Inside your workspace. Workspace members, admins, and connected agents may see content according to roles, source visibility, spaces, and settings.
  • Service providers. Infrastructure, storage, database, security, analytics, model, support, and communications providers may process information for us under their service terms.
  • Third-party integrations. We exchange information with connected providers as needed to authenticate, sync, import, update, or disconnect integrations.
  • Legal, safety, and business transfers. We may disclose information to comply with law, protect Sift or others, enforce terms, investigate abuse, or support a merger, financing, reorganization, or sale.

We do not sell Google user data or transfer Google user data to third parties for advertising, data-broker, information-reseller, credit, lending, or surveillance purposes.

10. Permissions, audit, and security

Permissions and audit are core Sift product primitives. Visibility should follow the source where possible; derived records should not become more visible than the source material that supports them; and agents should inherit the permissions of the user, token, workspace, or delegation that authorized their work.

We use technical and organizational safeguards designed to protect information, including encryption in transit, encryption at rest where supported by our providers, access controls, restricted credential handling, audit events, and operational monitoring. Google OAuth credentials, API keys, and similar secrets are intended to be stored encrypted or in managed secret storage and are not meant to be visible to ordinary workspace users. No internet service is perfectly secure, so please report suspected security issues to charles@sift.wiki.

11. Retention, deletion, and choices

Sift keeps information for as long as needed to provide the service, maintain the workspace brain, comply with legal obligations, resolve disputes, secure the service, and preserve auditability. Workspace owners may have controls for source connection, export, deletion, retention, and member access. Some operational records, backups, security logs, billing records, and audit trails may be retained for longer where necessary.

  • You can request help with account, export, deletion, or workspace privacy questions at charles@sift.wiki.
  • You can disconnect integrations through available product controls or by contacting us.
  • You can unsubscribe from marketing emails by using the unsubscribe link or contacting us.

12. Regional privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, object to, restrict, or opt out of certain processing of your personal information. California, European, UK, and other regional privacy laws may also require additional disclosures or request processes. We will respond to verified requests as required by applicable law.

If your information is controlled by a workspace owner, we may route your request to that owner or ask for their help before acting on workspace content.

13. Cookies and similar technologies

Sift may use cookies, local storage, session storage, and similar technologies for authentication, security, preferences, product telemetry, diagnostics, and website operation. Browser controls may let you block or delete some of these technologies, but doing so can affect login or product functionality.

14. Changes to this policy

We may update this policy as Sift, our providers, or applicable laws change. When we make material changes, we will update the date above and provide additional notice where required.

If we change how Sift accesses, uses, stores, or shares Google user data in a way that was not previously disclosed, we will update this policy and prompt users for any consent required before using Google user data in the new way.

Contact

Questions, privacy requests, DPA requests, and security reports can be sent to charles@sift.wiki.

Sift Sift

The collaborative brain for humans and agents: shared memory that's cited, current, and compounding.

© 2026 Sift

Product

Log in Book a demo How it works Provenance Pricing Docs

Trust

Security Privacy Terms

Company

Contact