Last updated: 2026-04-15
TAMagotchi is an internal UiPath tool for Technical Account Managers. This notice describes what data the application collects, why it is collected, where it is stored, and how long it is retained.
All data is stored in a PostgreSQL database hosted on AWS RDS (eu-west-2 region) with encryption at rest enabled. Access is restricted to authenticated users with appropriate role-based permissions. No data is sold or shared with third parties outside of UiPath.
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Email address | Authentication, user identification, communication | PostgreSQL (users table) | Duration of account |
| Display name | User identification across the application | PostgreSQL (users table) | Duration of account |
| Profile photo | Visual identification in user lists and UI | PostgreSQL (users table, base64-encoded) | Duration of account |
| Job title, office location, manager name, phone | Organizational context, synced from Microsoft Entra | PostgreSQL (users table) | Duration of account |
| Microsoft Entra ID, SCIM external ID | SSO provisioning and identity federation | PostgreSQL (users table) | Duration of account |
| Role and permissions | Access control and authorization | PostgreSQL (users, roles tables) | Duration of account |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Last login timestamp | Admin visibility into account usage | PostgreSQL (users table) | Overwritten on each login |
| Last login IP address | Security monitoring, geographic context for admins | PostgreSQL (users table, plaintext) | Overwritten on each new session |
| Last login country (derived from IP) | Geographic context displayed as country flag | PostgreSQL (users table, ISO country code only) | Overwritten on each new session |
| JWT session token | Stateless authentication across requests | HTTP-only cookie (browser) | Session duration (expires on logout or timeout) |
| Invitation token (hashed) | Secure email-based account provisioning | PostgreSQL (invitations table, SHA-256 hash only) | Expires after configured TTL or acceptance |
| Verification token (hashed) | Magic link email authentication | PostgreSQL (verification_tokens table) | Expires after 15 minutes or single use |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Last activity timestamp | Real-time online status indicator for admins | PostgreSQL (users table) | Overwritten every 2 minutes while active |
| Last visited page path | Admin visibility into current user activity | PostgreSQL (users table) | Overwritten on each heartbeat |
| Activity sessions (start time, end time, duration) | Usage analytics, average usage calculations | PostgreSQL (user_activity_sessions table) | Indefinite (used for historical analytics) |
| Daily activity rollups (total seconds, session count per day) | DAU/MAU metrics, average usage per day | PostgreSQL (user_activity_rollups table) | Indefinite (aggregated, non-identifying per row) |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Audit log entries (action, entity type, entity ID, metadata) | Compliance trail for data modifications (notes, tags, bookmarks, custom fields, saved views) | PostgreSQL (audit_logs table) | Indefinite |
| Impersonation sessions (admin ID, target user ID, timestamps) | Accountability for admin impersonation actions | PostgreSQL (impersonation_sessions table) | Auto-expire after configured TTL |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Account notes (free-text content) | TAM note-taking on customer accounts | PostgreSQL (entity_notes table) | Until deleted by user or admin |
| Account tags, bookmarks, custom fields | Account organization and personalization | PostgreSQL (account_tags, account_bookmarks, account_custom_fields tables) | Until deleted by user or admin |
| Saved views and dashboard state | Personalized dashboard configurations | PostgreSQL (saved_views, user_preferences tables) | Duration of account |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Natural language prompts | History of NL-to-SQL queries for reuse | PostgreSQL (nl_prompt_history table) | Indefinite |
| SQL queries executed | Query history, saved queries, shared query links | PostgreSQL (sql_query_history, saved_sql_queries, shared_query_links tables) | Indefinite (queries); shared links until revoked |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Feedback text, category, screenshots | Bug reporting and feature requests | PostgreSQL (feedback table, S3 for attachments) | Until resolved or deleted by admin |
| IP address (hashed with SHA-256) | Rate limiting and feedback deduplication | PostgreSQL (feedback table, irreversible hash) | Duration of feedback record |
| User agent, viewport dimensions, locale, timezone | Bug reproduction context | PostgreSQL (feedback table) | Duration of feedback record |
| Page screenshot (captured on submission) | Visual context for bug reports | S3 bucket (attachments) | Duration of feedback record |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| OAuth tokens (access, refresh) for Salesforce, Atlassian, Google, Slack, UiPath, Microsoft | Authenticated API access to integrated services | PostgreSQL (integration_configs table, encrypted at rest) | Until disconnected or token expiry |
| Snowflake connection credentials | Data warehouse connectivity | PostgreSQL (integration_configs table) | Until disconnected |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Watched Slack user IDs, usernames, display names | Monitoring customer-facing Slack channels for TAM awareness | PostgreSQL (slack_watched_users table) | Until unwatched by admin |
| Slack presence snapshots (active/away status over time) | Customer engagement patterns | PostgreSQL (slack_presence_snapshots table) | Indefinite |
| Slack messages from watched users (text, channel, timestamp) | Surfacing relevant customer communications | PostgreSQL (slack_watched_messages table) | Indefinite |
| Data | Purpose | Storage | Retention |
|---|---|---|---|
| Missing page reports (404 paths, referring page, user ID) | Identifying broken links and navigation issues | PostgreSQL (missing_page_reports table) | Until resolved |
TAMagotchi integrates with the following external services. Data shared with these services is governed by their respective privacy policies:
TAMagotchi uses cookies and browser local storage strictly for functional purposes. We do not use third-party tracking cookies or advertising cookies.
authjs.session-token) — Maintains your authenticated session. Expires when the browser is closed or after the configured session lifetime. Essential for the application to function.authjs.csrf-token) — Protects against cross-site request forgery attacks. Essential security cookie.authjs.callback-url) — Stores the return URL during authentication redirects. Cleared after login completes.All cookies are first-party, HttpOnly where applicable, and transmitted over HTTPS only. No personal data is stored in cookies beyond the encrypted session identifier.
As a UiPath employee using this internal tool, you can request access to, correction of, or deletion of your personal data by contacting the TAMagotchi admin team at christopher.krah@uipath.com.
For questions about data handling in TAMagotchi, contact christopher.krah@uipath.com.