Dash
Request early access Early access

Legal

Privacy Policy

Last updated: 2026-05-19. Effective date: 2026-05-19.

Overview

This Privacy Policy describes the policies and procedures of Process Street, Inc. ("Process Street", "we", "us", "our"), the maker of Dash, regarding the collection, use, and disclosure of information when you use Dash (the "Service"). We will not share information except as described herein. Undefined capitalized terms have the meaning given to them in the Dash Terms of Service.

Dash is an AI teammate that lives in Slack today, with Microsoft Teams support coming later, and is operated by Process Street, Inc. By accessing or using Dash, you agree to this Privacy Policy. If you do not agree, you should not use Dash.

Policy coverage

  • About Dash and Process Street
  • Information we collect
  • Information you provide
  • Information we collect automatically
  • Workspace data Dash processes
  • How we use your information
  • Sub-processors
  • Legal bases for processing (for EEA users)
  • How we protect your information
  • Your privacy rights and choices
  • Data retention
  • International data transfer
  • Data Privacy Framework
  • Jurisdiction-specific provisions
  • Notice to end users
  • Children's privacy
  • Links to other websites
  • Changes to this policy
  • Contact us

About Dash and Process Street

Dash is made by Process Street, Inc., a Delaware corporation headquartered at 201 Spear Street, Suite 1100 PMB 3144, San Francisco, California 94105, USA. Process Street is the data controller for personal information processed in connection with Dash, except where Dash acts as a processor on behalf of your organization (see "Notice to end users" below).

Dash is a managed AI teammate. It lives inside your Slack workspace today, with Microsoft Teams support coming later, connects to the third-party tools you authorize (such as HubSpot, Stripe, Gmail, Google Sheets, Notion, Linear, GitHub, and 1,000+ others), and performs work on your behalf. This Privacy Policy applies to Dash and to dashpup.ai (the marketing site) and app.dashpup.ai (the Dash dashboard).

Information we collect

We collect information to:

  • Operate, maintain, and provide Dash and its features
  • Analyze usage and diagnose technical problems
  • Maintain security and personalize the Service
  • Remember information for efficient account access
  • Monitor aggregate metrics such as visitor counts and traffic patterns
  • Comply with applicable law, including the Digital Millennium Copyright Act

Information you provide

Account and profile information

When you install Dash in a Slack workspace, register on app.dashpup.ai, modify your profile, set preferences, or make a purchase, we collect information that may include your name, email address, profile photo, job title, workspace ID, billing information, and other details you choose to provide. When Microsoft Teams support becomes available, similar workspace and tenant information may be collected for Teams workspaces.

When you use the workspace invitation flow, we collect the email addresses you provide so we can send invitations, register invitees who accept, and measure invitation success.

Content

Content you direct to Dash, including messages, prompts, drafts, files, and outputs Dash produces on your behalf, is processed to provide the Service. Other users in your workspace may see Content according to channel and DM visibility in Slack, and in Microsoft Teams once Teams support is available. Except for operational or legal-compliance purposes, Process Street and its employees will not view Content unless: (i) to maintain, provide, or improve the Service, (ii) to help resolve support requests, or (iii) we believe access is necessary to comply with law or cooperate with law enforcement.

Information we collect automatically

Cookies

We use cookies on dashpup.ai and app.dashpup.ai to identify browsers, speed up login, and improve navigation. Persistent cookies remain after you close your browser; session cookies disappear when you close the tab. You can reset your browser to refuse cookies, but some features may not work properly without them.

Log files

Our servers automatically record information sent by your browser when you use Dash, including web requests, IP addresses, browser types, referring and exit pages, URLs, click counts, interaction patterns, domain names, landing pages, pages viewed, and related data.

Clear gifs

We may use clear gifs (also called web beacons) in HTML emails to track which emails recipients open. This helps us improve communications and the Service.

Device identifiers

When you access Dash from a mobile device, we may access, collect, monitor, or store device identifiers. Device identifiers help with faster login and navigation and may be combined with personally identifiable information.

Third-party analytics

We use third-party analytics tools such as Google Analytics to understand how Dash is used. These tools collect information sent by your browser, including cookies and IP addresses. Their use is governed by their own privacy policies.

Workspace data Dash processes

Because Dash is an AI teammate that runs inside your workspace, it processes a specific set of data on your behalf. This section is in addition to the general categories above and is specific to Dash.

  • Workspace identifiers. Your Slack workspace ID, the IDs of users who interact with Dash, and the names of channels where Dash is invited. When Microsoft Teams support becomes available, this may also include Teams tenant and workspace identifiers.
  • Messages directed to Dash. Messages where Dash is @mentioned or DMed, including any files or attachments you send to Dash in those messages.
  • Channel context that Dash is given. When you invite Dash to a channel, Dash may read recent message titles and channel topic to understand context. Dash does not collect or store private DMs between human teammates that do not include Dash.
  • Tool action inputs and outputs. When Dash performs an action against a connected third-party tool (for example, pulling a HubSpot pipeline, drafting a Gmail message, or building a dashboard), we process the inputs, the tool's response, and the output Dash returns to you.
  • OAuth tokens. For every third-party tool you connect, we store OAuth tokens encrypted at rest. We never see or store your API keys or passwords for those tools.
  • Workspace memory. Dash maintains a per-workspace memory of facts and preferences your team has taught it (for example, who your customers are, what your acronyms mean, how you write internal updates). You can view and edit workspace memory at any time from the Dash dashboard.
  • Approval flow records. When Dash asks for approval before sending an email, posting a message, or spending money, we record the approval decision, who approved, and when.

We do not use Dash workspace data to train AI models, and we instruct our sub-processors not to use it for training either.

How we use your information

We may send Service-related notices via email, including legally required communications. We may also send marketing messages; you can opt out by following the instructions in any marketing email or by emailing [email protected]. We retain email correspondence, including content, addresses, and responses.

Your use of Dash

Personal information may appear on profile pages and elsewhere in the Service according to the preferences you select. You can review and revise your profile information at any time from app.dashpup.ai.

Service providers, business partners, and others

We may share personally identifiable information with third parties that help us provide Dash, bound by this Privacy Policy and by data processing agreements with us. Personal information may be stored with hosting providers outside our direct control. See the "Sub-processors" section below for the current list.

Business transfers

As our business develops, assets or business offerings may be bought or sold. Customer, email, and visitor information are typically transferred business assets in these transactions. Information may transfer during corporate divestitures, mergers, or dissolution.

Third-party services you connect

When you connect a third-party tool to Dash (for example, HubSpot, Stripe, or Gmail), Dash exchanges information with that tool using the OAuth scopes you authorize. Each third-party tool's privacy policy applies to information it receives or sends. You can disconnect any tool from your Dash dashboard at any time.

Compliance with laws and protection of rights

We may disclose personal information if required by law, subpoena, or if reasonably necessary to comply with laws or regulations; protect anyone's safety; address fraud, security, or technical issues; or protect Process Street's rights or property.

Non-personally identifiable information

Non-private, aggregated, or otherwise non-personally identifiable information, such as anonymous usage data and platform types, may be disclosed to third parties to understand Service usage patterns.

Sub-processors

Dash relies on the following sub-processors to operate. Each is bound by a data processing agreement with Process Street. The current authoritative list lives at /security.

  • Anthropic, model inference. Dash is contractually opted out of training use.
  • Composio, OAuth integration catalog and connector infrastructure.
  • Browserbase, browser sandbox used when Dash performs work in a web app.
  • E2B, code sandbox used when Dash builds dashboards and internal tools.
  • Amazon Web Services (AWS), hosting infrastructure.
  • Stripe, billing and payment processing.

We will notify workspace admins by email before adding a new sub-processor that materially changes how your data is processed.

Legal bases for processing (for EEA users)

For individuals in the European Economic Area, we collect and process information only when we have a legal basis under applicable EU law:

  • Providing Dash, including operating it, providing customer support, personalizing features, and maintaining safety and security
  • Pursuing legitimate interests that are not overridden by your data-protection interests, such as research, development, marketing, and legal protection
  • Obtaining your consent for specific purposes
  • Meeting legal obligations

Where you have consented to a specific purpose, you may withdraw consent at any time without affecting prior processing. Where we rely on legitimate interests, you may object to processing, though this may prevent your continued use of Dash.

How we protect your information

Information security matters to us. Sensitive information such as credit card numbers is transmitted with TLS encryption. Process Street uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of information. Examples include:

  • SOC 2 Type 2 compliance at the Process Street parent level. Dash is undergoing its own SOC 2 Type 1 audit.
  • Continuous regular backups for loss prevention and recovery
  • Defense against common web attack vectors
  • Secure data-center hosting
  • Firewalls and server access restrictions
  • Workspace-isolated data, encrypted at rest, with per-workspace keys
  • OAuth-only third-party access. We never see or store your API keys or passwords for third-party tools.

No method of electronic transmission or storage is 100% secure. If a security breach compromises personal information, we will notify affected parties promptly per our policy procedures or applicable law.

Your privacy rights and choices

Marketing communications

If you do not want marketing emails, you can opt out by clicking the unsubscribe link in any marketing email or by emailing [email protected].

Updating your information

You can request correction or update of inaccurate or incomplete personal information by emailing [email protected]. You can also update your profile and workspace settings directly from app.dashpup.ai. You may decline to submit personally identifiable information, though some Service features may become unavailable.

Requesting data deletion

You can wipe your entire Dash workspace at any time by running the Clean Workspace command from your Dash dashboard. For deletion requests covering accounts, profiles, or specific data:

  1. Email request. Send an email to [email protected] with the subject line "Data Deletion Request," including your full name, contact information, and the deletion details.
  2. Verification. We verify identity before processing deletion requests. We may ask for additional information.
  3. Processing time. We process verified requests as quickly as is reasonably practicable per our policies.
  4. Notification. You will receive a notification if a request cannot be fulfilled, with the reason why.

Additional rights for certain territories

Residents of certain territories (California, the European Economic Area, Switzerland, the United Kingdom, Japan, and Brazil) may exercise additional privacy rights under applicable law. These rights are not absolute and may be subject to exceptions. Depending on jurisdiction, you may have rights to:

  • Refuse or withdraw consent where we rely on your consent, without affecting lawful prior processing.
  • Access and portability. Access personal information we hold about you and, in limited circumstances, receive a copy for porting to another provider.
  • Erasure / deletion. Under certain circumstances, request erasure of personal information we hold (for example, when it is no longer necessary for the original purposes).
  • Object to or restrict processing, including stopping marketing communications.
  • Rectification / correction of inaccurate or incomplete personal information.
  • Lodge a complaint with your local data-protection authority or equivalent regulator.

Rights and our responses vary by residency.

How to assert privacy rights

To assert any privacy right, email [email protected] with the subject line "Privacy Rights Request." We verify identity before processing requests, which may include confirming name, contact details, and information that helps confirm the relationship. Authorized agents may submit requests on your behalf with signed written permission.

When Dash acts as a processor

If you are an individual whose personal information is processed by Dash on a data controller's behalf (for example, your employer), please direct access, correction, amendment, or deletion requests to that controller. We will support your controller in responding to your request.

Sensitive information

Certain categories of personal data, such as medical or health information, racial or ethnic origin, political opinions, and religious or philosophical beliefs, are considered "Sensitive Information." Process Street will not use Sensitive Information for purposes other than those for which it was originally collected or authorized, unless we receive your affirmative explicit consent (opt-in).

Data retention

We retain workspace data while your account is active and as needed to provide Dash. After you delete a workspace or request deletion, we delete workspace data within 30 days, except where retention is required for legal compliance, dispute resolution, or agreement enforcement. Billing records are retained for 7 years as required by US tax law.

International data transfer

Process Street primarily stores personal data in the United States. For our global operations, personal information may be transferred to and accessed from any country where Process Street or its sub-processors operate. When we transfer personal data from the EEA, the United Kingdom, Switzerland, or related onward transfers, we generally rely on our Data Privacy Framework certification or the Standard Contractual Clauses adopted by the EU Commission as appropriate safeguards. Other legally approved mechanisms may also apply.

Data Privacy Framework

Process Street complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce (collectively, the "DPF").

Process Street has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles regarding personal data received from the European Union and United Kingdom under the EU-U.S. DPF and the UK Extension. Process Street has also certified adherence to the Swiss-U.S. Data Privacy Framework Principles regarding personal data received from Switzerland under the Swiss-U.S. DPF. If there is a conflict between this Privacy Policy and the DPF Principles, the Principles govern.

For more information about the DPF program and Process Street's certification, visit dataprivacyframework.gov.

Compelled disclosure

Process Street may be required to disclose personal information in response to lawful requests by public authorities, including to meet national-security or law-enforcement requirements.

Enforcement

Process Street's DPF compliance is subject to the U.S. Federal Trade Commission's investigatory and enforcement powers. Process Street remains liable for onward transfers to third parties that process personal information in a manner inconsistent with the DPF, unless we prove we were not responsible for the event giving rise to the alleged damage.

Questions and complaints

In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Process Street commits to resolving DPF Principles-related complaints about personal information collection and use. EU, UK, and Swiss individuals with inquiries or complaints regarding personal data handling received under these frameworks should first contact Process Street at [email protected] or write to:

Process Street, Inc.
201 Spear Street
Suite 1100 PMB 3144
San Francisco, California 94105
USA

Unresolved privacy or data-use concerns may be directed to JAMS, the third-party dispute resolution provider (free of charge).

In some cases, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by Process Street or by the third-party dispute resolution provider, as described in Annex I to the DPF framework text.

Jurisdiction-specific provisions

Australia

Australian residents dissatisfied with our handling of a complaint may consider contacting the Office of the Australian Information Commissioner.

Brazil

Rights under the Lei Geral de Proteção de Dados Pessoais ("LGPD") may be exercised by contacting our Data Protection Officer at [email protected]. Brazilian residents covered by the LGPD have the rights set forth in Article 18 of the LGPD.

EEA and UK

Rights under the GDPR or UK GDPR may be exercised by contacting our Data Protection Officer at [email protected]. EEA residents who believe processing contravenes the GDPR may direct questions or complaints to the Spanish Data Protection Agency (Agencia Española de Protección de Datos). UK residents may direct concerns to the UK Information Commissioner's Office. Additional rights exist under the EU-U.S. DPF and the UK Extension. See the Data Privacy Framework section above.

Switzerland

For Swiss residents, "applicable law" includes the Swiss Federal Act on Data Protection (FADP), as revised. To exercise FADP rights, contact our Data Protection Officer at [email protected]. Additional rights may exist under the Swiss-U.S. Data Privacy Framework. See the Data Privacy Framework section above.

California

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of sale or sharing, and the right to non-discrimination for exercising these rights. We do not sell personal information. To exercise CCPA/CPRA rights, email [email protected].

Notice to end users

Dash is intended for organizational use. Where Dash is made available through an organization (such as your employer), that organization administers your access and controls your account. Direct data-privacy questions to your administrator first; your use of Dash is subject to your organization's policies. Process Street is not responsible for the privacy or security practices of your administrator organization, which may differ from this Policy.

Administrators may, depending on their plan:

  • Require account password resets
  • Restrict, suspend, or terminate Dash access
  • Access account information
  • Access or retain information stored in the account
  • Change email addresses associated with accounts
  • Restrict the ability to edit, restrict, modify, or delete information

If you use an organization-provided email address (such as a work email) to access Dash, the domain owner (such as your employer) may assert administrative control of your account later. We will notify you if this happens. If you do not want an administrator to control your account, use a personal email address to register. Once administrator control is asserted, you cannot change the email address on the account without administrator approval.

Children's privacy

Protecting young children's privacy matters to us. Dash is not directed to persons under 16. We do not knowingly collect or solicit personal information from anyone under 16 or allow such persons to register. If we discover we have collected personal information from a child under 16 without parental consent, we will take steps to remove it. If you believe we hold information from or about a child under 16, please contact [email protected].

Links to other websites

Process Street is not responsible for the practices, information, or content of linked websites. When you leave Dash via a link, this Privacy Policy no longer applies. Your browsing of and interaction with other websites is subject to their own rules and policies.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. Changes will appear on this page, and material changes will be communicated through prominent notice in app.dashpup.ai or by email to workspace admins at least 30 days before they take effect. Prior versions are archived for review. Review this Privacy Policy whenever you use Dash to stay informed about our practices.

If you disagree with a change, stop using Dash and deactivate your account as outlined above.

Contact us

For questions or concerns about how we handle information, contact us at:

  • Email (Dash): [email protected]
  • Email (Process Street parent company): [email protected]
  • Mail: Process Street, Inc., 201 Spear Street, Suite 1100 PMB 3144, San Francisco, California 94105, USA

This Privacy Policy is adapted from the Process Street, Inc. Privacy Policy. Dash is made by Process Street, Inc.