Privacy Policy

Last updated: March 6, 2026

This Privacy Policy explains how Assistant accesses, uses, stores, and protects Google user data when users connect Google Accounts through OAuth to use Gmail and Google Calendar features.

1) Data Accessed

When a user connects Google services, Assistant may access:

• OAuth account and authorization data: access tokens, refresh tokens, and related authentication metadata.
• Gmail data (when user enables Gmail): mailbox content and metadata needed to read, search, draft/modify messages and labels, based on scopes https://www.googleapis.com/auth/gmail.modify and https://www.googleapis.com/auth/gmail.settings.basic.
• Google Calendar data (when user enables Google Calendar): calendar lists, events, attendees, and free/busy data needed to list/search/create/update/delete events, based on scope https://www.googleapis.com/auth/calendar.
• User input and generated output: prompts, responses, and operational metadata needed to provide assistant features.

2) Data Usage

Assistant uses Google user data only to provide requested product features, including:

• authenticating users and maintaining authorized sessions;
• executing user-requested Gmail and Calendar actions;
• generating assistant responses based on user prompts and requested connector results;
• maintaining local runtime state needed for secure operation and troubleshooting.

3) Data Sharing

Assistant does not sell Google user data.

Google user data is shared only as necessary with:

• Google APIs to fulfill Gmail/Calendar requests initiated by the user.
• Configured AI processing endpoints used by the assistant runtime (for example, managed AI gateway endpoints) only to process user requests.

Assistant does not use Google user data for advertising and does not transfer it to data brokers.

4) Data Storage & Protection

• OAuth credential files and token files are stored locally on the user device in application data folders under the operating system user profile.
• Network requests to Google APIs and configured model endpoints are sent over TLS/HTTPS.
• Access to local data is limited by OS account controls and app-level permission checks.

5) Data Retention & Deletion

• Local assistant history is retained for a limited period (currently 7 days by default), unless removed earlier by the user.
• Google OAuth tokens remain stored until the user disconnects the connector, revokes access, or requests deletion.

Assistant is a local-only application and does not maintain a centralized backend store of user Google data. Data deletion is self-service.

To delete data and revoke access:

• disconnect Gmail/Calendar inside Assistant;
• revoke access at Google Account permissions: https://myaccount.google.com/permissions.
• remove local app data from the device or uninstall the application.

6) Google API Services User Data Policy Commitments

Assistant's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Google user data is used only to provide or improve user-facing features requested by the user.
• Google user data is not sold.
• Google user data is not used for advertising.
• Google Workspace API data is not used to develop, improve, or train generalized AI/ML models.

7) Contact

For privacy questions or deletion support: alpha@i-con.cloud