1) Introduction and Scope

This Privacy Policy explains how Smart Logic AI, Inc. (“Company,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use SmartSolo.ai websites, applications, platforms, and third-party integrations (collectively, the “Service”). By using the Service, you agree to this Policy.

Your privacy is paramount. We comply with the Google API Services User Data Policy (including the Limited Use requirements), GDPR, and CCPA/CPRA.

Important Google User Data Notice: We use Google user data only to provide user-facing features you explicitly request. We do not use Google user data for advertising, marketing, analytics, profiling, or training generalized AI/ML models. We do not sell or share personal information under CCPA/CPRA definitions.

2) Data We Collect

a) Information You Provide

• Account Data: Name, email address, organization, role.
• Configuration and Support Data: Preferences, settings, support tickets.
• Payment Data: Payments are processed through Stripe (PCI DSS–compliant). We do not store or access full card numbers.

b) Information from Third-Party Services You Connect

When you connect external accounts, we request the minimum access necessary via OAuth consent screens provided by Google or Microsoft.

• Google: Gmail, Calendar, Google profile info (basic account details).
• Microsoft: Outlook Mail, Outlook Calendar.

c) Automatically Collected Technical Data

• Device and log data: IP address, browser type, device type, operating system, timestamps.
• Usage diagnostics (non-Google/Microsoft API data): anonymous or aggregated usage events, error logs. Amplitude never receives Gmail, Calendar, or Microsoft API data.

3) How We Use Data

• Provide user-facing features you request (e.g., searching, summarizing, drafting emails, managing calendars).
• Maintain your account and personalized settings.
• Ensure reliability, performance, and security of the Service.

4) User Rights and Control

• Google: Revoke access via Google Account Security.
• Microsoft: Revoke access via My Apps or Entra permissions.
• Request deletion of stored data at privacy@smartsolo.ai.
• Delete your account and associated data in-app at Settings → Account → Delete Account (live production control, irreversible).

Your Rights (GDPR/CCPA/CPRA): Access, correction, deletion, portability, restriction, objection, and opt-out of sale/sharing (we do not sell/share). Responses within legal timelines (30 days GDPR, 45 days CCPA/CPRA).

5) Data Storage and Retention

• API content (Gmail, Calendar, Outlook) is not stored permanently. Cached only as needed for user-initiated features and purged within 24 hours unless you explicitly save it.
• Encryption: TLS 1.2+ in transit, AES-256 at rest.
• Account/configuration data retained until account deletion or deletion request.
• Technical data deleted or anonymized after 12 months, unless required longer by law or security investigations.

6) Sharing of Data

• We share data only with subprocessors essential to the Service.
• All subprocessors are bound by written agreements including GDPR-compliant Data Processing Addenda (DPAs).
• No Gmail or Outlook content is shared externally except as required by law or with your consent.

7) Subprocessors

Current providers:

• Vercel (hosting, edge delivery)
• Supabase (database, authentication)
• Memberstack (membership management)
• Stripe (payments, PCI DSS–compliant)
• Amplitude (usage analytics — limited to non-Google/Microsoft telemetry; never receives Gmail, Calendar, or Microsoft Graph content)

We update this list as needed and publish changes at smartsolo.ai/privacy.

8) Security Practices

• Role-based access controls and row-level security (RLS).
• Continuous audit logging, monitoring, intrusion detection.
• End-to-end encryption (TLS 1.2+ in transit, AES-256 at rest).
• No unrestricted service accounts.
• All human access to Google user data is pre-approved, logged, and monitored; permitted only for security, legal compliance, or user-requested troubleshooting.
• Independent third-party audits (e.g., SOC 2 Type II, ISO 27001) validate our security controls.

9) Children’s Privacy

The Service is not directed to individuals under 16. We do not knowingly collect such data.

10) International Transfers

Data is processed in the United States. For EU/EEA users, transfers rely on Standard Contractual Clauses (SCCs). By using the Service, you consent to transfer and processing under these safeguards.

11) Data Protection Addendum (DPA)

We provide a GDPR/CCPA-compliant DPA for enterprise customers. It incorporates GDPR Article 28 processor obligations, Standard Contractual Clauses (SCCs), and CCPA/CPRA restrictions. Available upon request at privacy@smartsolo.ai.

12) Google API Services Disclosures

Our use and transfer of Google API data complies with the Google API Services User Data Policy, including Limited Use.

13) Microsoft Services Disclosures

• OAuth 2.0 authentication; we never collect Microsoft credentials.
• Microsoft Graph data used only for user-requested features.
• No use for advertising, analytics, or profiling.
• Revocation is always available via My Apps or Entra.

14) Artificial Intelligence and Machine Learning Use

• AI providers (e.g., OpenAI, Anthropic, Google Gemini) are accessed only via official APIs that prohibit training on inputs.
• Google Workspace data is never used to train or improve generalized AI/ML models.
• AI use is transient and user-initiated (e.g., summarization, draft generation).
• Workspace data is not stored, logged, or retained by AI providers beyond minimal caching.

15) Updates to this Policy

We may update this Policy as practices or laws change. Updates will be posted at smartsolo.ai/privacy with a new “Last updated” date.

16) Contact Us