Privacy Policy
Effective May 17, 2026. Published by Vesuvio Labs LLC ("Vesuvio Labs," "we," "us"), the operator of Curta.
1. What we collect
Workspace data. When your organization installs Curta in Microsoft Teams, we store the tenant ID, your team members' display names, Entra ID object IDs, and email addresses (when available via Microsoft Graph). This is what lets Curta route tickets to the right people.
Ticket content. Messages you send to Curta, AI replies generated, tickets created, replies on those tickets, and knowledge-base articles your admins author or upload.
Operational telemetry. Per-inference token counts and cost (for billing), request timestamps, and basic uptime metrics. We do not sell or share telemetry.
2. What we don't collect
We do not collect content from Microsoft Teams chats outside of messages explicitly addressed to Curta (via @Curta mention or a direct conversation with the bot).
We do not access files, calendars, OneDrive, SharePoint content, email, or any other Microsoft Graph data unless your admin explicitly authorizes a specific integration.
3. AI processing
Ticket content and retrieved knowledge-base passages are sent to our AI provider (DeepInfra, routed via Vercel AI Gateway) for the sole purpose of generating Curta's reply. We do not allow our AI providers to train models on your data. Inference logs are retained for 30 days for debugging, then deleted.
4. Where data is stored
All workspace data is stored in our PostgreSQL database hosted on Supabase in the US-East-1 region (AWS Northern Virginia). Database backups are encrypted at rest and retained for 7 days.
5. Data retention
Active workspaces: data retained for the life of the subscription.
Cancelled or inactive (Free tier, no activity for 18 months) workspaces: data archived with one-click restore for an additional 18 months, then permanently deleted.
6. Your rights
Workspace admins can export or delete their entire workspace's data on request. Email hello@curta.app with the workspace tenant ID and the request — we respond within 7 business days.
Individual users in a tenant can also request their own data (tickets and replies they authored) — same email.
7. Security
TLS 1.3 on all connections. Secrets at rest in Azure Key Vault. Microsoft Entra ID SSO required for paid tiers. SOC 2 Type 1 target: month 6 post-launch. SOC 2 Type 2 target: month 12.
8. Changes to this policy
We'll update this page when material changes happen and notify workspace admins by email at least 30 days before changes take effect.
9. Contact
Vesuvio Labs LLC
hello@curta.app
This is a working draft. The version of record will be updated and professionally reviewed before Curta enters public availability.