Obvious
Log inRequest early access

Obvious Privacy Policy

Effective Date: September 17, 2025

Last Updated: September 17, 2025

Obvious ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect your information when you use our collaborative workspace platform.

Obvious is a mixed-surface collaboration platform that enables users to work seamlessly across documents, spreadsheets, presentations, and raw data within shared project workspaces. Our platform integrates with various third-party services to provide enhanced functionality, AI-powered features, and comprehensive data processing capabilities.

Information We Collect

Personal Information

  • Account Information: Name, email address, username, and profile information
  • Authentication Data: Login credentials, session tokens, and authentication records
  • Usage Data: How you interact with our platform, features used, and activity patterns
  • Communication Data: Messages, comments, and collaborative content within the platform

Content and Project Data

  • Workspace Content: Documents, spreadsheets, presentations, images, and other artifacts you create or upload
  • Project Data: File metadata, version history, sharing settings, and collaboration records
  • Generated Content: AI-assisted content, analysis results, and system-generated insights

Technical Information

  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, error logs, and system performance data
  • Analytics Data: Feature usage, performance metrics, and aggregated usage statistics

How We Use Your Information

Core Platform Functions

  • Provide and maintain the Obvious platform and its features
  • Enable real-time collaboration and multi-user editing capabilities
  • Process and store your workspace content and project data
  • Facilitate AI-assisted content generation and data analysis

Service Enhancement

  • Improve platform performance, reliability, and user experience
  • Develop new features and capabilities based on usage patterns
  • Provide customer support and respond to user inquiries
  • Ensure platform security and prevent unauthorized access

Communication

  • Send transactional emails related to your account and platform usage
  • Notify you of important platform updates or security information
  • Respond to your requests, questions, and feedback

Data Processing Architecture

Obvious operates through a distributed architecture that processes data across multiple components:

Internal Processing

  • Artifact Management System: Manages documents, workbooks, presentations, and files
  • Real-Time Collaboration Engine: Handles concurrent editing and version control
  • Data Processing Engine: Performs SQL queries, JavaScript transformations, and Python analysis
  • AI Orchestration Layer: Coordinates AI-powered features and content generation

Data Storage

  • Platform Database: Stores user accounts, project metadata, and application state
  • File Storage & CDN: Hosts user uploads, generated artifacts, and static assets
  • Caching Layer: Temporarily stores frequently accessed data for performance optimization

Third-Party Data Processors (Subprocessors)

To provide our services, we work with carefully selected third-party processors. Each processes data only as necessary to deliver specific functionality:

AI and Machine Learning Services

Anthropic (Claude Models)

  • Purpose: Advanced language models for AI-powered features and conversational AI
  • Data Processed: User prompts, artifact content, project context for content generation
  • Privacy Policy: anthropic.com/legal/privacy

OpenAI (GPT Models)

  • Purpose: Generative models for text generation, summarization, and analysis
  • Data Processed: User prompts and content for AI assistance
  • Privacy Policy: openai.com/policies/privacy-policy

Cerebras

  • Purpose: High-performance AI inference for complex machine learning models
  • Data Processed: Model inputs for specialized AI processing
  • Privacy Policy: cerebras.net/privacy-policy

AWS Bedrock & AWS Translate

  • Purpose: Managed service for foundation models and neural machine translation
  • Data Processed: AI model requests, responses, and text content for translation
  • Privacy Policy: aws.amazon.com/privacy

Braintrust

  • Purpose: LLM evaluation, monitoring, and experimentation
  • Data Processed: AI model performance metrics and evaluation data
  • Privacy Policy: braintrustdata.com/privacy-policy

Infrastructure and Hosting Services

AWS Lambda

Serverless compute for platform functions

AWS S3

Scalable object storage for files and assets

Render

API hosting, dashboard hosting, and Storybook hosting

Neon

Serverless Postgres database for scalable data storage

Render Redis (Valkey)

In-memory data store for caching and real-time features

Additional Services

E2B

Cloud sandboxes and code execution environments

Browserless

Browser automation for PDF generation

Firecrawl

Web scraping and content extraction

Exa

AI-powered search functionality

PostHog

Product analytics and session replay

BetterStack

Logging and monitoring

Resend

Transactional email services

Inngest

Event-driven serverless functions

Doppler

Environment variable and secret management

Data Security and Protection

Security Measures

  • Encryption in Transit: All data transmission uses TLS/HTTPS encryption
  • Access Controls: Role-based permissions and authentication systems
  • Data Isolation: Project data isolated between different user sessions
  • Regular Security Audits: Ongoing security assessments and vulnerability testing

Data Processing Principles

  • Minimal Data Exposure: Only necessary data sent to third-party processors
  • Ephemeral Processing: No persistent storage of user data in vendor systems
  • Context Isolation: User data processed separately and securely
  • Purpose Limitation: Data used only for specified, legitimate purposes

Incident Response

We maintain comprehensive incident response procedures to address any potential data breaches or security issues promptly and transparently.

Your Rights and Choices

Access and Control

  • Data Access: Request copies of your personal information and platform content
  • Data Correction: Update or correct inaccurate personal information
  • Data Deletion: Request deletion of your account and associated data
  • Data Portability: Export your workspace content and project data

Privacy Settings

  • Sharing Controls: Manage who can access your projects and workspaces
  • Collaboration Settings: Control real-time editing and commenting permissions
  • Notification Preferences: Customize email and platform notifications

Opt-Out Options

  • Analytics: Opt out of non-essential analytics and usage tracking
  • AI Features: Disable AI-powered features and content generation
  • Marketing Communications: Unsubscribe from promotional emails

Data Retention

Active Data

  • Account Information: Retained while your account is active
  • Workspace Content: Retained according to your workspace settings and usage
  • Activity Logs: Retained for operational purposes and security monitoring

Deleted Data

  • Account Deletion: Personal information deleted within 30 days of account closure
  • Content Deletion: Workspace content permanently deleted according to retention policies
  • Backup Data: Removed from backup systems within 90 days

International Data Transfers

Obvious and our third-party processors may transfer and process data internationally. We ensure appropriate safeguards are in place for international transfers, including:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses: EU-approved contractual protections for data transfers
  • Processor Agreements: Binding agreements with all third-party processors

Children's Privacy

Obvious is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify users of material changes through:

  • Email Notifications: Direct notification to your registered email address
  • Platform Announcements: In-app notifications and announcements
  • Website Updates: Updated policy posted on our website with revision date

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at hello@obvious.ai

For specific requests regarding your personal information or to exercise your privacy rights, please contact us directly using the email above.