Back to home
Privacy

Privacy Policy.

Last updated: 16 May 2026

We process the minimum data we need to deliver your morning brief, store it in India, and never sell or share it for advertising. This page is the long version.

1. Who we are

9AM CEO ("we", "us", "our") is operated by Dreamyhook Pvt. Ltd., a private limited company registered in India. Reach our privacy team at privacy@9amceo.com.

2. What this policy covers

This policy explains what personal data we collect when you use 9AM CEO, why we collect it, how long we keep it, who we share it with, and what rights you have. It applies to the 9AM CEO web app, our APIs, and any data we receive from third-party services you choose to connect — Slack, WhatsApp, and email.

3. What we collect

Account data. Your email, name, optional company name, optional industry and team size, time zone, and the WhatsApp number you ask us to deliver briefs to. You provide this directly during sign-up and onboarding.

Authentication data. We use Firebase Authentication (Google LLC) to verify it's you. Firebase issues us a unique user ID; we never see your password.

Slack workspace data. When you connect a Slack workspace, we receive a bot access token and read-only access to the channels you select. We use this to fetch yesterday's messages each morning. The bot token is encrypted at rest using Google Cloud KMS with a customer-managed key.

Brief content. The 250-word morning brief generated from your Slack data, stored for the retention window of your plan.

Billing data. If you subscribe, we share your email and plan choice with Razorpay, who collects and processes your payment. We don't store card details; Razorpay does.

Logs. Request metadata — IP, user agent, timestamps — captured by Google Cloud Logging for security and operational debugging.

4. What we do with it

  • Generate and deliver your daily brief — the core service you signed up for.
  • Send transactional emails about your account: billing, security, support replies.
  • Improve the product using aggregated, non-identifying patterns only. We do not train AI models on your Slack messages.
  • Comply with Indian law and lawful regulatory requests.

5. What we do not do

  • We don't sell your data. Not to anyone.
  • We don't train AI models on your Slack content. Your data is sent to Vertex AI (Google) for inference only; per our agreement with Google, that content is not used for model training.
  • We don't store raw Slack messages beyond the brief-generation window. After your brief is generated for a given day, the underlying raw messages are discarded within 24 hours.
  • We don't share your data with marketers, ad networks, or analytics resellers.

6. Who processes your data on our behalf

We rely on a small set of trusted sub-processors. Each was chosen for its security posture and its compliance with applicable Indian and EU privacy law:

  • Google Cloud (Mumbai) — hosting, database (Firestore), encryption keys (Cloud KMS), AI inference (Vertex AI Gemini).
  • Firebase Authentication — sign-in identity provider.
  • Meta Platforms (WhatsApp Business) — brief delivery on WhatsApp.
  • Resend — transactional email delivery.
  • Razorpay — payment processing.
  • Slack Technologies — the workspace you connect, on your existing terms with Slack.

7. Where your data lives

Almost everything is stored in Google Cloud's asia-south1 region (Mumbai). WhatsApp routes through Meta's global infrastructure as part of their Cloud API.

8. How long we keep it

  • Brief history: 30 days on Starter, 90 days on Growth.
  • Account profile: as long as your account is active. Deleted within 48 hours of cancellation.
  • Encrypted Slack tokens: deleted within 48 hours of cancellation or when you disconnect Slack manually.
  • Audit logs: 400 days (Google Cloud's default retention for security logs).

9. Your rights

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data, subject to legal retention requirements.
  • Withdraw consent at any time — note this may prevent us from delivering the service.
  • File a complaint with the Data Protection Board of India.

Email privacy@9amceo.com for any of the above. We respond within 30 days.

10. Children

9AM CEO is a B2B tool for professionals. We don't knowingly collect data from anyone under 18. If we learn we have, we'll delete it.

11. Changes to this policy

We'll email you about material changes at least 14 days before they take effect. Continued use after that date constitutes acceptance.

12. Contact

Questions, requests, or concerns: privacy@9amceo.com. We aim to reply within one business day.