OrgX Privacy

Privacy information for OrgX workspaces, ChatGPT app usage, MCP tools, data handling, recipients, retention, and user controls.

Data collected

Account and workspace context: OrgX user, organization, workspace, initiative, workstream, milestone, task, decision, artifact, agent, plan-session, and settings records needed for requested work.
Tool inputs: prompts, search queries, entity IDs, workspace IDs, initiative names, task instructions, approval notes, rejection reasons, artifact URLs, GitHub pull request URLs, quality scores, activity updates, and linked artifact text.
Tool outputs: structured responses, generated summaries, decisions, artifacts, tasks, recommendations, cost estimates, receipts, status updates, widgets, and links returned to the requesting client.
Connection and security data: OAuth client registrations, authorization state, access and refresh tokens, token expiry, granted scopes, MCP session IDs, session-bound workspace context, request IDs, rate-limit state, audit events, and diagnostic logs.

Authenticate users and MCP clients, enforce OAuth scopes and workspace access, execute requested tools, return structured outputs, render widgets, maintain organizational memory, coordinate agent work, and support human approval flows.
Operate, debug, secure, audit, and rate-limit the service. OrgX does not sell MCP data, ChatGPT app data, tool inputs, tool outputs, connector data, or workspace records for advertising.

OrgX-operated application APIs and databases receive records needed to store memory, initiatives, tasks, decisions, artifacts, agent records, plan sessions, receipts, and workspace settings.
User-authorized MCP clients and ChatGPT app surfaces receive tool descriptors, prompts, tool inputs they send, OrgX tool outputs, and widget resources needed to display the requested app experience.
Infrastructure providers may process limited data for hosting, database, authentication, queueing, observability, email, billing, and AI inference, including Supabase, Hetzner, OpenAI, Anthropic, Trigger.dev, Cloudflare, Stripe, GitHub, and Vercel.

Durable OrgX records remain until a user or workspace administrator deletes them, the workspace is deleted, or the workspace retention policy removes them.
OAuth client registrations, tokens, authorization state, and MCP session state are retained only as long as needed to maintain connections, honor refresh behavior, enforce access controls, and support security review.
Operational telemetry and diagnostic logs are retained for the period needed to operate, debug, secure, and audit the service, then deleted or aggregated.

Users can disconnect OrgX from ChatGPT, Claude, Cursor, Codex, or another MCP client, stopping that client from making further authenticated tool calls.
Users and workspace administrators can review, update, export, correct, or delete OrgX records through OrgX workflows and authorized write-capable MCP tools.
Users can revoke connector permissions, rotate credentials, remove workspace members, request account or workspace deletion, and contact support for privacy or data-control requests.