Data Processing
Addendum.

Customer

The customer is responsible for deciding what personal data is added to its workspace, including account data, project data, client data, documents, messages, meeting details, and integration content.

CollaboraOne

CollaboraOne processes customer data to provide the hosted collaboration platform, including authentication, workspace features, file storage, notifications, integrations, billing, and AI-assisted workflows.

Users

Company users and client users are responsible for using invite links, sharing controls, connected apps, and AI outputs appropriately within their workspace.

Account And Workspace Data

Names, email addresses, role, company name, company ID, subscription status, member records, client records, and invite-related information.

Work Management Data

Projects, tasks, milestones, notes, approvals, deadlines, statuses, priorities, assignees, comments, notifications, and related timestamps.

Documents And Messages

Uploaded document metadata, storage IDs, sharing lists, chat conversations, chat messages, attachments, file names, attachment types, and file sizes.

Meetings And Bookings

Meeting titles, descriptions, dates, invited users, meeting provider, join URLs, booking links, invitee names, invitee emails, scheduled times, notes, and booking statuses.

Integration Data

Connected provider names, OAuth scopes, encrypted access tokens, encrypted refresh tokens, team or account metadata, external file IDs, external meeting IDs, and integration timestamps.

Billing And Usage Data

Plan names, subscription IDs, customer IDs, billing status, billing period data, AI credits, credit logs, AI request usage, and processed webhook IDs.

AI Data

AI conversation titles, user prompts, assistant messages, tool calls, tool results, agent steps, message previews, and workspace context used to complete requested AI actions.

Provide The Service

Create and operate workspaces, dashboards, projects, tasks, meetings, documents, chats, approvals, notifications, booking links, and client portals.

Authenticate And Authorize

Authenticate users, enforce role-based access between company and client areas, and associate records with users and workspaces.

Operate Integrations

Connect optional third-party tools such as Slack, Google Drive, Gmail, Google Meet, and GitHub when a user authorizes those integrations.

Operate Billing

Create checkout sessions, update subscriptions, process signed billing webhooks, enforce plan limits, and maintain AI credit balances.

Provide AI Features

Use prompts and relevant workspace context to generate responses, create or update records, summarize information, and track AI usage against plan limits.

Support And Communications

Send account notifications, product support messages, workflow emails, and responses to contact requests.

Authentication Provider

Used for sign-in, account management, and user session handling.

Application Hosting And Data Services

Used for application hosting, database records, server-side functions, real-time data, scheduling, and file storage.

Video Infrastructure

Used for platform video meetings.

Payment Processor

Used for paid plan checkout, subscriptions, billing events, and payment status.

Analytics And Performance Services

Used for product analytics and performance insights in the web app.

Optional Connected Apps

Google services, Slack, and GitHub process data only when users connect those integrations and use the related features.

Email Delivery

Workspace email notifications and contact workflows use configured email infrastructure, including Gmail/Nodemailer where configured by the platform.

CollaboraOne processes customer data according to the customer's use of the platform, including actions taken through the dashboard, integrations, billing settings, invite links, sharing controls, and AI prompts.

Customers should not submit data they are not authorized to process or share, and should configure client, employee, document, integration, and meeting access according to their own obligations.

Authentication

Protected app areas require authenticated user sessions and route protection.

Role And Workspace Controls

The product separates company and client areas and stores workspace identifiers plus explicit assignment or sharing lists for project and document access.

Integration Tokens

OAuth tokens are encrypted before storage, and token values are not returned by public integration status queries.

Webhook Controls

Billing webhooks are verified before processing and tracked for duplicate handling.

Account Requests

Users may request access to or deletion of their data by contacting support@collaboraone.com.

Integration Disconnect

Users can disconnect integrations, which removes the stored integration record for that provider.

Documents

Document deletion removes the document record and deletes the associated file from managed application storage.

Billing Retention

Certain billing, subscription, webhook, and transaction-related records may need to be retained where required for payment, tax, dispute, abuse-prevention, or legal reasons.

CollaboraOne will provide reasonable assistance for privacy, security, and data handling questions related to the platform. Contact support@collaboraone.com for DPA requests, deletion requests, or vendor review questions.