Security & Data Policy
LemonSupport is built for teams that care about control, security, and clear data boundaries. This page explains how we handle your data when you use AI, agents, and integrations.
Data we process
LemonSupport connects to tools like email, Slack, business data, and documentation so agents can do real work. We only process the data needed to perform the tasks you configure (for example, reading an email thread to draft a reply, or reading a Slack channel to summarize a discussion).
Data is scoped to your organization. We do not train shared models on your data, and we do not sell or share your workspace content with third parties beyond the subprocessors required to run the product (for example, LLM providers and infrastructure).
Storage & retention
We store configuration (agents, permissions, integrations), logs of actions agents take, and limited context from runs so you can audit what happened. Email bodies, Slack messages, and documents are fetched on demand from the underlying tools where possible, rather than fully mirrored into LemonSupport.
You can delete agents, integrations, and knowledge sources at any time from the product. When you delete data, we remove it from our primary systems and logs within a reasonable period, subject to backups and legal requirements.
Integrations & permissions
Integrations (for example Google Workspace, Slack, Buffer, and Notion) are connected on a per‑organization basis using OAuth where available. We request only the scopes needed for the workflows you enable, and we store encrypted tokens so agents can act on your behalf.
Inside LemonSupport you decide which agents can use which integrations and what actions they're allowed to perform. Approvals and audit logs give you a record of high‑impact actions.
Model providers
LemonSupport uses third‑party large language model providers to generate and evaluate content. We only send the minimum context required for a given request. Where providers offer data‑control options, we configure them so that your data is not used to train public models.
Access control & security
Access to production systems is restricted to authorized team members and protected with strong authentication. We monitor usage and errors to keep the service reliable, and we regularly review permissions and integrations for unnecessary access.
Privacy
For how we process personal data and how to request access or deletion, see our Privacy Policy.
Questions or requests
If you have security, privacy, or data‑handling questions, or if you'd like to sign a DPA or request deletion of specific data, please reach out to us at hello@team.lemonsupport.app.