Privacy policy

Who we are

Laki Bits ("we", "us") builds AI-native Salesforce tools. Reach us at hello@lakibits.com.

What we collect

  • Account information. Your email address and the metadata your sign-in method returns (display name, profile photo URL). Authentication is handled by Google Firebase.
  • Salesforce data you query (LakiQL). When you run a query, the query text and result rows transit our backend to compile and execute against the org(s) you've connected. We log the query text and caller identity for one week to debug failures. Result rows are returned to your browser and not retained; for large extracts and cross-org joins, source rows are held in memory transiently to compute the result, then discarded when the request completes.
  • Org metadata & findings (Laki Agent). To analyze your org, we read configuration and metadata (objects, automation, code, security settings) over your authenticated connection and produce findings. Laki Agent is read-only on live orgs by default; any change is generated, previewed, and applied only after you explicitly approve it.
  • AI prompts. LakiQL's "Ask in English" sends your prompt plus a compact schema description to Anthropic via AWS Bedrock. Laki Agent's analysis is processed by Laki's own open-weight models, self-hosted on Laki's cloud — not a third-party model API. We log prompts and token counts for one week to debug failures.
  • Salesforce OAuth tokens. Stored encrypted at rest, refreshed automatically on expiry, and deleted when you disconnect the org.

What we do not collect

  • We do not sell, share, or use your Salesforce data for advertising or to train models.
  • We do not retain your query result rows beyond the duration of the single request.
  • We do not store Google Workspace content — exports run from your browser to Google's APIs using your OAuth grant under the drive.file scope, limited to files Laki Bits creates. We never see your wider Drive.

Who else processes your data (sub-processors)

  • Google (Firebase Auth; Drive / Docs / Sheets / Slides APIs). Identity provider and export destinations; exports request only the drive.file scope. Subject to Google's Privacy Policy.
  • Amazon Web Services. Hosts the LakiQL backend (Lambda, Secrets Manager) and the "Ask in English" model (Bedrock) in us-west-2. Subject to AWS's Privacy Notice.
  • Anthropic (via AWS Bedrock). Powers LakiQL's "Ask in English". Anthropic does not retain or train on data sent through Bedrock per their data-protection terms.
  • Google Cloud. Hosts the Laki Agent service and its grounding database (Cloud Run, Cloud SQL) in us-central1. Laki Agent's language models are self-hosted by Laki on its own cloud, not a third-party model API.
  • Salesforce. The system of record we query. Subject to your org's own terms.
  • Resend. Delivers transactional email (invitations, sign-in links). Receives the recipient address and message content. Subject to Resend's Privacy Policy.

Retention

  • Query, prompt, and analysis logs: 7 days.
  • Salesforce OAuth tokens: until you disconnect the org or 90 days of inactivity, whichever comes first.
  • Account metadata: until you delete the account.

Cookies & local storage

We don't use advertising or third-party tracking cookies. Firebase Authentication stores a session token in your browser to keep you signed in, and we use local storage to remember in-progress work so a refresh doesn't lose it. This never leaves your device except when you run a query or analysis.

Where your data is processed

The LakiQL backend and its AI model run in AWS (us-west-2); the Laki Agent service runs in Google Cloud (us-central1), both in the United States. If you connect a Salesforce org or export to Google hosted elsewhere, that data is processed in those providers' regions under their terms. By using Laki Bits you consent to this processing.

Your rights

Email hello@lakibits.com to request a copy of the data we hold on you, deletion of your account, or revocation of a Salesforce org connection. We respond within 30 days.

Children

Laki Bits is not directed at children under 16 and we do not knowingly collect data from them.

Changes

We'll update this policy as the product evolves and post the new version here with a fresh "last updated" date. Material changes will be emailed to active account holders.