OrgtopusPrivacy Policy
This Privacy Policy explains how Orgtopus ("Orgtopus", "we", "us") collects, uses, stores, and protects information when you use the Orgtopus AI assistant and connect third-party services such as your Google Account. Orgtopus connects to a range of workplace tools and chat channels; this policy explains our practices generally and, in particular, how we handle data accessed through your Google Account. It applies to all users who authorize Orgtopus to access Google services.
1. Who we are & how to contact us
Orgtopus provides an AI assistant that acts on your behalf, at your explicit direction, across the workplace tools you connect. For any privacy question, data access, or deletion request, contact us at [email protected].
2. Google account data we access
When you connect Google, you grant Orgtopus access only to the scopes you approve on Google's consent screen. Orgtopus may request the following Google API scopes, used solely to perform the actions you ask the assistant to carry out:
- Gmail (
gmail.modify) — read, search, compose, send, and organize (label/archive) email messages on your behalf. We do not permanently delete your mailbox content. - Google Calendar (
calendar) — view, create, and update calendars and events on your behalf. - Google Drive (
drive) — view, create, and modify files and folders on your behalf. - Google Docs (
documents) — read and edit documents on your behalf. - Google Sheets (
spreadsheets) — read and edit spreadsheets on your behalf.
Orgtopus accesses this data only when needed to fulfil a request you make to the assistant (for example, "summarize today's emails", "schedule a meeting", or "update this spreadsheet"). We do not browse, bulk-export, or process your Google data for any purpose you did not ask for.
3. How we use the data
- To provide the specific assistant features you request, in real time and on your explicit instruction.
- To maintain the authenticated connection (securely storing the OAuth tokens required to act on your behalf).
- To operate, secure, debug, and prevent abuse of the service.
We do not use your Google data for advertising, we do not sell it, and we do not use it to train generalized or foundation AI/ML models.
4. Limited Use disclosure (Google API Services User Data Policy)
Orgtopus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide or improve user-facing features that are prominent in the Orgtopus assistant experience.
- We do not transfer or sell Google user data for advertising, marketing, or other unrelated purposes.
- We do not use Google user data to train generalized/AI models.
- Humans do not read Google user data unless (a) you give explicit consent for specific messages/files, (b) it is necessary for security or to comply with applicable law, or (c) the data is aggregated and anonymized for internal operations.
5. Sharing & sub-processors
We do not sell your data. We share it only with infrastructure sub-processors strictly necessary to operate the service (e.g. cloud hosting and the large-language-model provider that powers the assistant), under confidentiality and data-protection obligations and only to the extent required to fulfil your request; or where required by law; or with your explicit consent.
6. Storage, security & retention
- OAuth tokens and any processed content are encrypted in transit (TLS) and at rest, with access restricted to the systems serving your requests.
- Google content is processed transiently to answer your request and is not retained longer than necessary to provide the feature; OAuth tokens are retained while your Google connection is active.
- When you disconnect Google or delete your account, the stored tokens and associated data are deleted.
7. Revoking access & deleting your data
You can revoke Orgtopus's access at any time from your Google Account permissions page, or by disconnecting Google within Orgtopus. To request deletion of data we hold about you, email [email protected]; we action verified deletion requests within 30 days.
8. Children
Orgtopus is not directed to children under 16 and we do not knowingly collect their data.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you within the product.