Privacy Policy

Last Updated: February 22, 2025

This Privacy Policy explains how we collect, use, and process information when you use our service. By using our service, you agree to the collection and use of information as described in this policy. If you have any questions, you can contact us at korzhov.work2019@gmail.com.

1. Information We Collect

Our service allows users to connect third-party services such as Gmail, Google Drive, Google Calendar, Notion, and others. When you connect an external service, you explicitly grant us permission to access specific data scopes that you select.

We collect and process only the data within the scopes you authorize. The types of data we may process include:

  • Emails
  • Files
  • Calendar events
  • Documents and notes

2. How We Use Your Information

The information collected is used exclusively to provide, maintain, and improve our service. Specifically, we use it to:

  • Process and analyze data within the selected scopes to deliver requested functionalities.
  • Enhance user experience by integrating data from connected services.
  • Provide insights and automated workflows based on authorized data.
  • Communicate with you regarding your account and support inquiries.

3. Actions We May Perform

With your explicit consent, our service may perform actions on your behalf within authorized third-party services. These actions may include, but are not limited to:

  • Sending emails from your account (only with granted permissions).
  • Creating and managing calendar events
  • Generating and editing documents
  • Interacting with other third-party services as specified by the user.

These actions will only be performed within the scope you explicitly authorize. We do not take any action without your consent.

4. Data Sharing and Third-Party Services

We share data only with specific third-party services that are essential for our application's functionality:

  • OpenAI - for processing and analyzing data within authorized scopes
  • Qdrant - for storing and retrieving indexed data only if user has enabled it via settings

We only transmit data that falls within the specific scopes you have authorized. No data is shared with any other third parties. All Google Workspace API data is handled in strict compliance with Google API Services User Data Policy, Microsoft APIs Terms of Use, and other third-party services with their respective User Data Policy.

We do not permanently store any of your data from connected services. The only exception is vector embeddings stored in Qdrant, which are only created and stored if you explicitly enable and authorize this feature in your settings.

5. Data Protection and Security Measures

We implement robust security measures to protect your sensitive data. Our data is stored in Supabase, which provides enterprise-grade security features:

  • All user data and refresh tokens are stored in Supabase's secure, encrypted database
  • Supabase implements Row Level Security (RLS) policies to ensure data isolation
  • Data is encrypted at rest using AES-256 encryption and in transit via TLS
  • Sensitive information like refresh tokens and keys are encrypted at the application level
  • Multi-factor authentication (MFA) is available for additional security
  • SOC2 Type 2 certified and HIPAA compliant infrastructure
  • Regular security audits, vulnerability scanning, and penetration testing
  • DDoS protection through Cloudflare and built-in rate limiting
  • Automated daily backups and disaster recovery capabilities

6. AI and Machine Learning Policy

We want to be absolutely clear about how we handle your data in relation to AI and machine learning:

  • We do NOT use your data to train, develop, or improve any AI or machine learning models
  • We do NOT retain user data obtained through Google Workspace APIs / Microsoft Graph API or other third-party services for AI/ML purposes
  • The AI services we use (OpenAI, Qdrant) are compliant with data protection requirements and do not train on your data
  • All AI processing is performed on-demand and solely within the scope of providing our service functionality

7. User Control and Data Deletion

You have full control over your data, including the ability to delete it at any time. You can:

  • Manage and revoke access to third-party services through your account settings.
  • Request data deletion by contacting us at korzhov.work2019@gmail.com.
  • Completely remove all stored information associated with your account.

8. Children's Privacy

Our service is not intended for children under the age of 13, and we do not knowingly collect personal data from individuals under this age. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and, if material changes occur, we will notify you via email or an in-app notification before they take effect.

10. Contact Us

If you have any questions about this Privacy Policy or your data, you can contact us at korzhov.work2019@gmail.com.