Legal

Privacy Policy

Last updated: 17 April 2026

This policy describes how PACE(a product of Becloudsmart) collects, uses and protects your information when you use our website, apps, and API (together, the “Service”).

Plain English summary.We only collect data needed to run your workspace. Each customer’s data lives in its own database and blob container. We never sell data. We use Microsoft Entra ID for sign-in, Stripe for billing, Anthropic Claude for AI features, and Resend for email. We do not train any AI on your data.

1. Who we are

PACE is operated by Becloudsmart. Where this policy refers to “we”, “us”, or “our”, it means Becloudsmart. You can reach our privacy team at privacy@pacemos.ai or via the contact form at becloudsmart.com.

2. Information we collect

We collect information in three categories:

Account identity. When you or your administrator sign in via Microsoft Entra ID, we receive your display name, email address, Entra object identifier (oid) and Entra tenant identifier (tid). We do not receive your password.
Workspace content. Actions, decisions, risks, meetings, reports, scorecards, nominations, readiness gates, uploaded knowledge-base documents, and any other data you or your users enter. This is stored in your dedicated database and blob container.
Operational telemetry. Technical logs such as request paths, response codes, latencies, error traces, and AI call metadata (token counts, model name, duration). We do not log request bodies or response contents.

3. How we use it

We use your information only to operate the Service and to comply with law. Specifically:

To authenticate you and route requests to the correct workspace
To render your workspace content back to you and other authorised members
To ground AI-generated outputs (plans, reports, meeting packs) in your uploaded documents
To bill you via Stripe for paid plans
To send transactional email (invitations, billing failures, report notifications) via Resend
To investigate incidents, debug failures, and prevent abuse

We do notuse your workspace content to train any machine-learning model, ours or a third party’s.

4. Third-party processors

We rely on the following sub-processors. Each is bound by an enterprise agreement with appropriate data protection terms:

Microsoft Azure — hosting, database, blob storage, managed identity, Key Vault, Application Insights telemetry. Hosted in the Azure region you select at signup.
Microsoft Entra ID — sign-in. We never see your password.
Anthropic— Claude AI API for grounded generation. Per Anthropic’s terms, API data is not used to train their models.
Stripe — payment processing. We never see your full card number.
Resend — transactional email delivery.

5. Data residency and tenant isolation

Each paying customer’s workspace data — including the knowledge-base documents, actions, decisions and reports — resides in a dedicated PostgreSQL database and a dedicated Azure Blob Storage container, logically and physically isolated from other customers. Control plane data (your account identity, billing state, audit log) lives in a separate database shared across tenants but never mixed with workspace data.

6. How long we keep it

While your account is active: we retain your workspace data so you can use it.
After cancellation: workspace data stays available in a read-only state for 30 days. After that, the database and blob container are permanently deleted.
Billing records: retained for 7 years to satisfy tax law.
Operational logs: retained for up to 90 days.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, Australian Privacy Act), you may have the right to access, correct, export, or delete the personal information we hold about you, to object to certain processing, and to lodge a complaint with a supervisory authority.

To exercise these rights, email privacy@pacemos.ai. We respond within 30 days.

8. Security

We use industry-standard safeguards including TLS 1.2+ for all data in transit, encryption at rest on all Azure storage, per-tenant database passwords stored in Azure Key Vault, managed-identity access control for every backend call, Entra multi-factor authentication, and short-lived SAS URLs for all blob downloads. No system is perfectly secure — report suspected issues to security@pacemos.ai.

9. Cookies

We use a single session cookie (pace.sid) to keep you signed in. It is HTTPS-only, HTTP-only, same-site lax, and expires after 8 hours of inactivity. We do not use advertising or analytics cookies.

10. Children

The Service is not directed at children under 16. We do not knowingly collect information from children.

11. Changes

If we change this policy materially we’ll email account administrators and update the “last updated” date at the top. Continued use after the change means you accept the updated policy.

12. Contact

Privacy: privacy@pacemos.ai
Security: security@pacemos.ai
General: support@pacemos.ai