Legal

Privacy Policy

Your privacy is important to us.

This policy explains how we collect, use, and protect your information.

Last updated: July 7, 2026

Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Google Account Data (Gmail & Google Calendar)

If you choose to connect a Google account, we access and process Google user data only as needed to provide the features you enable (for example, syncing an inbox, monitoring selected email labels, generating a suggested reply, or scheduling an appointment).

  • Basic profile/identity: your Google account email address and profile information (such as name and profile picture) to display the connected account and associate it with your workspace.
  • Gmail data you enable us to access: email metadata (e.g., sender/recipient, subject, date), labels, snippets, and message body content (plain text and/or HTML) for messages you choose to sync or monitor based on your configuration.
  • Gmail labels: label names/IDs to let you pick which labels (such as Inbox or a custom label) should be monitored.
  • Calendar data you enable us to access: calendar list and event details (e.g., title, time, location, attendees) used to show availability and create or update events when you request scheduling assistance.
  • Attachments: we may record attachment metadata (filename, mime type, size) when syncing email, but we do not download attachment contents by default.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, process transactions, and communicate with you.

How We Use Gmail Data

  • Inbox sync and monitoring: we read messages that match your configured filters (such as sender/subject rules) and selected labels so you can view, search, and manage relevant conversations inside the product.
  • Suggested replies: when you request an AI-generated reply, we may send relevant message content to our processing services to draft a response for your review.
  • Sending email: we send email on your behalf only when you initiate the action (e.g., you press send) or when an outbound message has been approved through an in-app approval/consent workflow.

How We Use Google Calendar Data

  • Availability and scheduling: we read calendar events to help you view availability and avoid double-booking.
  • Create/update events: when you request scheduling assistance, we can create or update calendar events and invite attendees.

Your Choices & Controls

  • Connect/disconnect: you can disconnect your Google account at any time from within the product.
  • Configure monitoring: you can choose which Gmail labels to monitor and define filters (e.g., sender/subject rules) to limit which messages are synced and processed.
  • Approve outbound actions: for certain outbound actions (such as sending an email reply), we may require explicit approval before the message is sent.
  • Revoke at Google: you can also revoke access from your Google Account settings (Security > Third-party access).

Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.

Google API Services

We use Google APIs only to provide the features you enable. We do not use Google user data for advertising, and we do not sell Google user data.

Data Protection & Security

We treat all personal information, and especially sensitive data such as Google user data (Gmail and Google Calendar content), as confidential and protect it with layered technical and organizational safeguards. The specific data protection mechanisms we use include:

  • Encryption in transit: all data exchanged between your browser, our services, and Google APIs is encrypted using industry-standard TLS (HTTPS). We do not accept unencrypted connections for authenticated traffic.
  • Encryption at rest: data stored in our databases and object storage, including any synced Gmail content, is encrypted at rest using AES-256 (or equivalent) provided by our cloud infrastructure.
  • Encrypted credentials and tokens: OAuth access and refresh tokens and other secrets are stored encrypted and are never exposed in client-side code, logs, or URLs.
  • Access controls: access to production systems and stored user data is restricted on a least-privilege, need-to-know basis using role-based access control (RBAC) and multi-factor authentication (MFA) for administrative access.
  • Network isolation: our services run on Microsoft Azure (Azure Kubernetes Service) with network segmentation, firewalls, and restricted ingress so that internal data stores are not publicly reachable.
  • Data minimization and scoping: we request the minimum Google API scopes needed for the features you enable, and we only access the messages, labels, and calendar events that match your configuration.
  • Logging and monitoring: we monitor our infrastructure for unauthorized access and anomalous activity, and we exclude message body content and secrets from application logs.
  • Segregation of AI processing: when message content is sent to AI processing services to generate a suggested reply at your request, it is used solely to produce that output for you and is not used to train generalized or public AI models.

Service Providers & Sub-processors

We use a limited set of trusted service providers to operate our platform, including Microsoft Azure for cloud hosting and storage and AI processing providers used to generate suggested replies. These providers process data only on our behalf, under contractual confidentiality and data protection obligations, and are not permitted to use Google user data for their own purposes.

Google API Services Limited Use Disclosure

AmplifyOne's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell Google user data, and we do not transfer or use it except to provide or improve user-facing features that are prominent in the application, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice. Humans do not read Google user data unless we have your consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy and other laws.

Data Retention

We retain Google user data, including OAuth tokens, your email address, profile information, and synced message metadata, while your account is active and connected. After you disconnect your Google account or delete your AmplifyOne account, we purge Google user data within 30 days. OAuth refresh tokens are stored in encrypted form and are never shared with third parties.

Data Deletion

You can request deletion of your Google data in any of the following ways:

  • Disconnect your Google account in-app: this removes tokens and synced data, and OAuth refresh tokens are revoked and deleted immediately upon disconnect.
  • Delete your AmplifyOne account: this removes your account and associated Google data.
  • Contact support: email support@myworkforceagents.ai to request manual deletion.
  • Revoke access in Google: you can also revoke access from your Google Account settings.

Synced email metadata is purged within 30 days of disconnection.

Contact Us

If you have questions about this Privacy Policy, please contact us at:
Email: support@myworkforceagents.ai