Cherokee AI Solutions
/ legal · privacy

Privacy Policy

Last updated: 2026-04-24

1. What we collect

From you when you sign up:

  • Name, email address, phone number, business name, business description, service area, hours.
  • Authentication credentials (Google or Microsoft OAuth identifiers, or password hash).
  • Email integration: IMAP/SMTP host plus an app password you generate for our use.
  • Payment processing identifiers from your chosen rail (Lemon Squeezy / PayPal / NOWPayments / Wise / bank). We never see or store full card numbers, bank account numbers, or crypto private keys.

From your connected email account, on your instruction:

  • Inbound email metadata (sender, subject, timestamp, message ID).
  • Inbound email body content, when an enabled agent processes a message.
  • Records of replies drafted and sent on your behalf.

From your usage: agent run logs, dashboard activity, error reports, IP addresses, browser/device info for security.

2. How we use it

  • To run the automations you enable (drafting replies, following up, requesting reviews).
  • To deliver the dashboard and surface metrics you can see.
  • To process payments via the rail you select at checkout (Lemon Squeezy, PayPal, NOWPayments, Wise, or bank/Zelle).
  • To send you product updates, billing emails, and (rarely) operational notices. You can opt out of marketing email anytime.
  • To detect abuse, debug errors, and improve reliability.

3. AI processing

When an enabled agent acts on a message, we send the relevant text (and your business context) to Anthropic to generate a draft. Anthropic processes the request under their enterprise data terms and does not train models on Cherokee AI traffic. We do not sell or share your data with any other AI provider.

4. Who we share with

  • Anthropic — to generate AI-drafted replies. Purpose: service delivery.
  • Lemon Squeezy / PayPal / NOWPayments / Wise — payment rail you select at checkout. We hand them only what's needed to settle the charge.
  • Hetzner — our hosting provider (servers in the United States).
  • Google / Microsoft — only to authenticate you when you sign in via OAuth.
  • Law enforcement — only when legally required by valid process.

We do not sell your personal information. We do not share it with advertisers.

5. Customer data (your customers' info)

You are the controller of your customers' personal data. Cherokee AI is a processor acting on your instructions. Our handling of customer data is governed by the Data Processing Addendum.

6. Retention

  • Account data: while your account is active, plus 90 days after cancellation, then deleted.
  • Email content: cached only while needed to send a reply or schedule a follow-up; raw bodies are not stored long-term.
  • Agent run logs: 12 months for debugging and reporting, then aggregated/anonymized.
  • Billing records: 7 years for tax compliance.

7. Your rights

You can access, export, correct, or delete your account data at any time from your Settings page, or by emailing hello@cherokeeai.com. We respond within 30 days.

8. Security

Passwords are hashed with PBKDF2-SHA256 (200,000 iterations, salted). All traffic is encrypted in transit (TLS 1.2+). Email app passwords are stored encrypted at rest. Database backups are encrypted. We restrict production access to the founder.

9. Cookies

We use a single session cookie to keep you logged in. We do not use third-party advertising cookies. If we add analytics later, we will tell you here first.

10. Children

The service is not for anyone under 18.

11. Changes to this policy

We will notify you of material changes by email and update this page.

12. Contact

Questions about privacy: hello@cherokeeai.com

Terms of Service · Data Processing Addendum