Obvious Privacy Policy
Last Updated: December 2, 2025
Obvious ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect your information when you use our collaborative workspace platform.
Obvious is a mixed-surface collaboration platform that enables users to work seamlessly across documents, spreadsheets, presentations, and raw data within shared project workspaces. Our platform integrates with various third-party services to provide enhanced functionality, AI-powered features, and comprehensive data processing capabilities.
Information We Collect
Personal Information
Account Information: Name, email address, username, and profile information
Authentication Data: Login credentials, session tokens, and authentication records
Usage Data: How you interact with our platform, features used, and activity patterns
Communication Data: Messages, comments, and collaborative content within the platform
Content and Project Data
Workspace Content: Documents, spreadsheets, presentations, images, and other artifacts you create or upload
Project Data: File metadata, version history, sharing settings, and collaboration records
Generated Content: AI-assisted content, analysis results, and system-generated insights
Technical Information
Device Information: Browser type, operating system, device identifiers
Log Data: IP addresses, access times, error logs, and system performance data
Analytics Data: Feature usage, performance metrics, and aggregated usage statistics
How We Use Your Information
Core Platform Functions
Provide and maintain the Obvious platform and its features
Enable real-time collaboration and multi-user editing capabilities
Process and store your workspace content and project data
Facilitate AI-assisted content generation and data analysis
Service Enhancement
Improve platform performance, reliability, and user experience
Develop new features and capabilities based on usage patterns
Provide customer support and respond to user inquiries
Ensure platform security and prevent unauthorized access
Communication
Send transactional emails related to your account and platform usage
Notify you of important platform updates or security information
Respond to your requests, questions, and feedback
Data Processing Architecture
Obvious operates through a distributed architecture that processes data across multiple components:
Internal Processing
Artifact Management System: Manages documents, workbooks, presentations, and files
Real-Time Collaboration Engine: Handles concurrent editing and version control
Data Processing Engine: Performs SQL queries, JavaScript transformations, and Python analysis
AI Orchestration Layer: Coordinates AI-powered features and content generation
Data Storage
Platform Database: Stores user accounts, project metadata, and application state
File Storage & CDN: Hosts user uploads, generated artifacts, and static assets
Caching Layer: Temporarily stores frequently accessed data for performance optimization
Third-Party Data Processors (Subprocessors)
Anthropic (Claude Models)
Purpose: Advanced language models for AI-powered features and conversational AI
Data Processed: User prompts, artifact content, project context for content generation
Privacy Policy: anthropic.com/legal/privacy
OpenAI (GPT Models)
Purpose: Generative models for text generation, summarization, and analysis
Data Processed: User prompts and content for AI assistance
Privacy Policy: openai.com/policies/privacy-policy
Google Gemini (Images)
Purpose: Image generation and analysis
Data Processed: Image generation prompts and image content for analysis
Privacy Policy: policies.google.com/privacy
Microsoft Azure (PDF Processing)
Purpose: PDF document processing and analysis
Data Processed: PDF documents and extracted content
Privacy Policy: privacy.microsoft.com/privacystatement
xAI (Grok Models)
Purpose: Advanced AI models for content generation and analysis
Data Processed: User prompts and content for AI assistance
Privacy Policy: x.ai/legal/privacy-policy
AWS Bedrock & AWS Translate
Purpose: Managed service for foundation models and neural machine translation
Data Processed: AI model requests, responses, and text content for translation
Privacy Policy: aws.amazon.com/privacy
Infrastructure and Hosting Services
Data Security and Protection
Security Measures
Encryption in Transit: All data transmission uses TLS/HTTPS encryption
Access Controls: Role-based permissions and authentication systems
Data Isolation: Project data isolated between different user sessions
Regular Security Audits: Ongoing security assessments and vulnerability testing
Data Processing Principles
Minimal Data Exposure: Only necessary data sent to third-party processors
Ephemeral Processing: No persistent storage of user data in vendor systems
Context Isolation: User data processed separately and securely
Purpose Limitation: Data used only for specified, legitimate purposes
Incident Response
We maintain comprehensive incident response procedures to address any potential data breaches or security issues promptly and transparently.
Your Rights and Choices
Access and Control
Data Access: Request copies of your personal information and platform content
Data Correction: Update or correct inaccurate personal information
Data Deletion: Request deletion of your account and associated data
Data Portability: Export your workspace content and project data
Privacy Settings
Sharing Controls: Manage who can access your projects and workspaces
Collaboration Settings: Control real-time editing and commenting permissions
Notification Preferences: Customize email and platform notifications
Opt-Out Options
Analytics: Opt out of non-essential analytics and usage tracking
AI Features: Disable AI-powered features and content generation
Marketing Communications: Unsubscribe from promotional emails
Data Retention
Active Data
Account Information: Retained while your account is active
Workspace Content: Retained according to your workspace settings and usage
Activity Logs: Retained for operational purposes and security monitoring
Deleted Data
Account Deletion: Personal information deleted within 30 days of account closure
Content Deletion: Workspace content permanently deleted according to retention policies
Backup Data: Removed from backup systems within 90 days
International Data Transfers
Obvious and our third-party processors may transfer and process data internationally. We ensure appropriate safeguards are in place for international transfers, including:
Adequacy Decisions: Transfers to countries with adequate data protection laws
Standard Contractual Clauses: EU-approved contractual protections for data transfers
Processor Agreements: Binding agreements with all third-party processors
Children's Privacy
Obvious is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify users of material changes through:
Email Notifications: Direct notification to your registered email address
Platform Announcements: In-app notifications and announcements
Website Updates: Updated policy posted on our website with revision date
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at compliance@obvious.ai
For specific requests regarding your personal information or to exercise your privacy rights, please contact us directly using the email above.