Sheaf · Privacy

Plain English. No surprises.

Sheaf is a CRM made of markdown files we host on your behalf. This page tells you exactly what we collect, where it goes, and how to remove it.

What we store.

• Your files. The markdown content of your Sheaf — contacts, deals, interactions, the full folder. Encrypted at rest in Neon Postgres, scoped to your workspace.
• Your connector tokens.OAuth refresh tokens for Salesforce, HubSpot, and Raiser’s Edge — encrypted with AES-256-GCM. Used only to sync your sources.
• Your account. Email, password hash (bcrypt), workspace name and slug, billing status.
• Operational logs. Sync runs, errors, agent invocations. Used for debugging and to email you if a sync fails. Retained 30 days.

What goes to Anthropic.

• Schema metadata when the agent designs your file structure or proposes curated tools. Object names, column names, frontmatter keys — not row data.
• The specific files involved in your active conversation. When you ask Claude a question, the markdown files it reads are sent through the model, just like any other Claude conversation.

What we don’t do.

• We don’t share, sell, or aggregate your data with other tenants.
• We don’t train any model on your data.
• We don’t add third-party trackers to your workspace.
• We don’t hold your CRM’s system of record — we mirror it, read-only, and you can revoke the connection at any time.

Removing your data.

Cancel from your billing settings or email tim@sheaf.so. We export your folder as a tarball within 24 hours and delete the live workspace within 30 days. There’s no clawback.

Sub-processors.

• Vercel — application hosting (SOC 2 Type II)
• Neon — Postgres + file storage (SOC 2 Type II)
• Anthropic — Claude model API (per-call data, see above)
• Stripe — billing
• Resend — transactional email

Contact.

For privacy questions, deletion requests, or anything else: tim@sheaf.so.

Last updated: April 2026