Effective Date: June 10, 2026
AI Partners ("we," "our," or "us") provides an AI assistant and productivity portal for owner-led small businesses (the "App"), available as a web application and companion mobile/desktop clients. This Privacy Policy explains what information we collect, how we use it, and how we protect it — including data you choose to connect from your Google account.
Account Information: When you create an account, we collect your email address and password. Authentication is managed through Supabase Authentication; passwords are hashed and never stored in plain text.
Conversation & Workspace Data: Messages, documents you upload, and content you create within the App are stored to provide chat history, document search, and continuity across sessions.
Usage Data: We track AI token usage for billing and budgeting (model used, token counts, estimated cost), associated with your company account.
Connected Google Account Data (optional): Only if you explicitly connect a Google service, we access the specific data described in the "Google User Data" section below. Connecting Google is entirely optional and is never required to sign in or use the core App.
If you choose to connect a Google service, we request access through Google's standard OAuth consent screen and use the data only to provide the feature you connected it for. We request the narrowest scopes that make each feature work:
gmail.readonly): We read messages in your inbox so the AI assistant can summarize unread mail and help you respond. Reading is limited to your unread inbox.gmail.compose): We use Google's Gmail compose permission to create draft replies in your mailbox for you to review. Although this Google permission also technically permits sending, our app only creates drafts — it never sends email on your behalf, and we do not request full-mailbox-modify access.calendar.events.readonly): We read your calendar events so the assistant can show and reason about your schedule. We do not create or modify events.webmasters.readonly): We read your site's search-performance metrics (impressions, clicks, queries, positions) to power SEO reporting. Read-only.You can review or revoke these grants at any time in your Google Account permissions, or by disconnecting the service inside the App (see "Data Retention & Deletion").
Limited Use disclosure. AI Partners' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train generalized or large-language models, and we do not sell Google user data. Our staff do not read your connected Gmail, Calendar, or Search Console content except with your affirmative request, where necessary to investigate a security or abuse issue, or where required by law.
To deliver App features, content you submit (which may include connected email content when you ask the assistant to act on it) is processed by the following sub-processors. Google user data is sent to these processors only when needed to provide the specific user-facing feature you invoked — never for advertising, resale, or training generalized AI models. Each call is made through our server-side proxies — never directly from your browser with our credentials.
We do not sell your personal information to third parties. Sub-processors are bound by their own terms and process data only to provide their service to us.
Data is stored using Supabase (enterprise-grade PostgreSQL with row-level security). All transmission is encrypted via HTTPS/TLS. Each company's data is isolated by row-level security so one tenant cannot access another's.
OAuth token handling: Google access tokens are short-lived. Long-lived Google refresh tokens are encrypted at rest using AES-256-GCM before being stored. OAuth tokens are never exposed to the browser — all Google API calls are made server-side. The authorization-code exchange is performed server-side and our Google client secret is never shipped to clients.
Disconnecting a Google service: When you disconnect Gmail, Calendar, or Search Console in the App, we revoke the grant with Google and delete the associated tokens. For Gmail, we also delete the cached copy of mailbox data we derived from the connection.
Account deletion: You can delete your account from within the App. Doing so removes your account and associated personal data — including any connected-account tokens and cached Google data, which are removed automatically when your user record is deleted.
Conversation and workspace data are retained while your account is active; you may delete individual conversations at any time.
The App is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children under 13.
The App may request access to your camera, microphone, and speech recognition for image attachments and voice input. These are used only for the features you invoke, and only with your explicit permission. Audio and images are processed to provide the feature (which may involve the voice/vision sub-processors listed above) and are not used for advertising.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page.
If you have questions about this Privacy Policy or want to exercise any of your rights, contact us at: