// legal

Privacy Policy

Last updated: 16 May 2026

In one paragraph

Pickle is built stateless. The only thing I store is your email and Pickle key, captured when you sign up. Your ClickUp / Slack / Microsoft Teams tokens only travel through a single HTTPS request to call those platforms on your behalf — never written to disk, never logged. Your task or chat content never lands on a Pickle disk.

1. Who runs Pickle

Pickle is built and operated by Aditya Sharma, a solo founder based in Kolkata, India. Contact for any privacy question: [email protected]. I am the Data Fiduciary (under India's DPDP Act 2023) and Data Controller (under GDPR if you are in the EU).

2. What data Pickle collects, and why

A. When you sign up for a Pickle Beta key

Field	Why	Retention
Email address	To send your Beta key + occasional product updates	Until you ask me to delete it
Pickle key (generated by us)	Authentication for MCP requests	Lifetime of your account
IP address	Rate-limiting (5 signups/hour/IP), spam prevention	Stored with the signup record
User-agent string	Debugging + abuse detection	Stored with the signup record
Intent (Free or Pro waitlist)	To segment which list you go on	Stored with the signup record
Signup timestamp	Audit + analytics	Stored with the signup record

B. When you use Pickle via your assistant

Every time your Claude / Cursor / Codex / Cline calls Pickle's MCP endpoint, the request carries your Pickle key plus one or more platform tokens (ClickUp pk_…, Slack xoxp-…, Microsoft Graph bearer).

The tokens are used only to call the respective platform's API (api.clickup.com, slack.com, graph.microsoft.com) on your behalf.
Tokens are never written to disk, never logged, never persisted in any database.
The task data, chat content, time entries, comments, etc. that Pickle reads from those APIs are processed in memory inside a single request and discarded when the response is sent.

What I do log per request: a counter (number of MCP requests this key has made), a "first seen" / "last seen" timestamp for that key. This drives the "active install" KPI in the admin dashboard and is keyed only to the Pickle key (not your work content).

3. What data Pickle does NOT collect

No tracking cookies, no analytics scripts, no fingerprinting on the landing page or admin pages
No copy of your task descriptions, comments, time entries, messages, DMs, channel content, planner items, or any other workspace content
No ClickUp / Slack / Microsoft Teams tokens stored at rest
No payment information (Pickle is free during Beta; when Pro launches, payment will be handled by a separate processor under its own privacy terms)

4. Third-party processors Pickle uses

Service	What it sees	Where
ZeptoMail (Zoho)	Your email address to deliver the welcome email with your Pickle key	India / EU data centers
Brevo (Sendinblue)	Your email + signup metadata for marketing automation	EU (Paris)
Cloudflare	Routes HTTPS traffic to Pickle's server. May log IP at the edge.	Global edge network
Hetzner Cloud	Hosts Pickle's server in Germany	Falkenstein, Germany (EU)
ClickUp, Slack, Microsoft Graph	Receive Pickle's API requests made with YOUR token, on YOUR behalf. Your existing relationship with them governs that data.	Per each platform's terms

5. Your rights (DPDP Act 2023 + GDPR)

Regardless of where you are based, you have the right to:

Access — ask for a copy of everything I have on you. I'll reply with your full signup record + usage counter within 7 days.
Correction — fix any wrong field on your record.
Erasure / "right to be forgotten" — ask me to delete your email, Pickle key, and usage record. I'll do it within 7 days and confirm.
Portability — ask for your data in JSON. Same 7-day window.
Withdraw consent — unsubscribe from emails anytime via the link in every email, or just reply "unsubscribe".
Object to processing — ask me to stop using your data for product updates / nurture emails while keeping your account active.
Lodge a complaint — with India's Data Protection Board, or your local EU supervisory authority if you're in the EEA.

To exercise any of these, email [email protected]. I respond direct.

6. How long Pickle keeps your data

While Pickle is in Beta and free, I keep your signup record for as long as the account exists or until you ask me to delete it. When you delete your account, the email + Pickle key + usage counter are removed from signups.json on the server and from Brevo's list within 7 days.

Per-request token data has a retention period of zero — it lives inside one HTTPS request, then disappears.

7. Children

Pickle is for managers and team leads using ClickUp, Slack, and Microsoft Teams in a professional context. It is not directed at children under 18. I do not knowingly collect data from anyone under 18. If you believe a child has signed up, email me and I will delete the account.

8. International transfers

Pickle's server lives in Germany (EU). If you sign up from India or anywhere else, your signup data is transferred to that server. Brevo stores in the EU. ZeptoMail routes via Zoho's India / EU infrastructure. All transfers are encrypted in transit (TLS 1.2+).

9. Security

HTTPS everywhere (Cloudflare TLS)
Server credentials stored mode-0600 in a .env file readable only by the service user
Admin dashboard protected by HTTP Basic Auth
Rate-limited signup endpoint (5/hour/IP)
SSRF whitelist — Pickle's MCP can only call api.clickup.com, slack.com, graph.microsoft.com

That said, no online service is invulnerable. If you suspect a breach involving your data, email me immediately at [email protected].

10. Changes to this policy

If I change anything material — what data I collect, who I share it with, retention windows — I will update the "Last updated" date at the top and email everyone on the signup list at least 14 days before the change takes effect.

11. Contact

For everything privacy-related, email [email protected]. I am the only person who reads it.