Privacy Policy

1. Introduction

We are committed to transparency about our data practices. Because our Service involves AI processing of your data, it is important that you understand what happens to the information you provide. This Policy applies to all users of the Service, including free-tier users, paid subscribers, Marketplace creators, and affiliate program participants.

2. Information We Collect

2.1 Account Information

When you register, we collect: name, email address, and password; profile information you choose to add; payment information for paid subscriptions (processed by our payment provider — we do not store full card numbers); and company or organization information if you create a company profile.

2.2 Content You Provide

When you use the Service, you may provide:

• Text content: Messages in sessions, personality prompts, knowledge source text, agenda items
• Documents: PDFs, Word documents, spreadsheets, text files uploaded as knowledge sources
• Images and photos: Uploaded for Teammate analysis, OCR processing, or as knowledge sources
• Audio and video recordings: Voice recordings, meeting recordings, and other audio/video files uploaded as knowledge sources. These may be transcribed using automated speech-to-text processing.
• Conversation exports: Email archives, text message exports, WhatsApp exports, and other communication data you choose to upload
• Handwritten materials: Photographs of handwritten notes, recipes, letters, or other documents processed through OCR

2.3 Data from Connected Services

With your explicit authorization, we access data from:

• Google Gmail / Microsoft Outlook (via IMAP): Email content and metadata to provide context for Teammate responses, accessed via IMAP using an app-specific password you provide
• Google Calendar: Schedule, events, and availability information
• Google Sheets / Google Docs / Google Slides: Spreadsheet, document, and presentation data for analysis and output
• Slack: Channel information for posting session summaries
• Dropbox / Google Drive / Box: Files and folders you choose to sync as knowledge sources
• Notion: Pages and databases you authorize
• GitHub: Repository information you authorize
• Monday.com: Project and task data you authorize
• tl;dv: Meeting recordings and transcripts you authorize
• Zapier: Workflow data as configured by you

We access ONLY the data and permissions you explicitly grant. You may revoke access to any connected service at any time through your account settings or through the respective third-party platform.

2.3.1 Google OAuth Scopes and Permissions

When you authorize MyTeam365 to access your Google account, we request the following OAuth scopes. Each is shown to you on Google's standard consent screen before you authorize.

Basic identity (always requested)

• userinfo.email — your primary Google Account email address
• userinfo.profile — your name and any publicly available profile information
• openid — associate the session with your Google identity

Google Drive — narrow file scope

• Scope: drive.file
• What this means: MyTeam365 can see, edit, create, and delete only the specific files you explicitly authorize through MyTeam365 or that MyTeam365 itself creates on your behalf.
• What we do NOT do: We cannot see, access, or enumerate any other files in your Google Drive. Your existing Drive contents remain inaccessible to us unless you specifically link them.

Google Docs, Sheets, and Slides (sensitive scopes)

• Scopes: auth/documents, auth/spreadsheets, auth/presentations
• What we access: Read, edit, create, and delete capability for Google Docs, Google Sheets, and Google Slides files in your account.
• What we do with it: Allow your AI Teammates to read documents, spreadsheets, and slide decks you reference by name in a task; edit existing files when you direct your Teammate to update them; and create new documents, spreadsheets, or presentations your Teammate is preparing for you.
• What we do NOT do: We do not enumerate, scan, index, or read documents outside the scope of a specific task you've directed. We do not modify or delete documents without your explicit instruction. We do not retain or share document content beyond what is necessary to complete the task you've requested.

Google Calendar — events scope

• Scope: calendar.events
• What we access: Events on your calendars, including titles, attendees, times, and locations.
• What we do with it: Help your Teammates read your schedule for meeting prep, identify scheduling conflicts, and propose new events for your explicit approval.
• What we do NOT do: We do not create, modify, or delete calendar events without your explicit approval of the specific action.

Note about Gmail: MyTeam365 does not currently request OAuth access to Gmail. If you want your Teammates to read or send email on your behalf, MyTeam365 supports an IMAP-based connection where you generate an app-specific password through your email provider. We may evaluate a Gmail OAuth integration in the future; if added, this policy will be updated and you will be asked to authorize the new scope separately.

You can review the exact OAuth scopes being requested at the time of authorization on Google's consent screen. You may revoke MyTeam365's access to your Google data at any time at myaccount.google.com/permissions.

2.4 Automatically Collected Information

We automatically collect: device information (browser type, operating system); IP address and approximate location; usage data (features used, session frequency, interaction patterns); cookies and similar tracking technologies; and error logs and performance data.

2.5 AI-Generated Data

Through your use of the Service, our AI systems generate:

• Session learnings: Summaries of what the AI learned about you, your preferences, and topics discussed during sessions
• Deliberation results: Structured outputs from multi-Teammate deliberation sessions
• Meeting summaries: Auto-generated overviews of session content
• Teammate intelligence: Accumulated context that makes your Teammates more effective over time

This AI-generated data is associated with your account and treated with the same protections as data you provide directly.

2.6 Affiliate Program Data

If you participate in our affiliate program, we collect and process: your unique affiliate code and referral links; referral tracking data (which users signed up through your link); commission calculations, earnings, and payout history; Stripe Connected Account information for payouts; and tier status and advancement history.

3. How We Use Your Information

We use your information to:

• Provide the Service: Power your AI Teammate interactions, process your knowledge sources, generate session outputs, and enable Teammate intelligence
• Process with AI models: Your content is sent to third-party AI model providers (see Section 5) for processing. This is core to how the Service works.
• Improve Teammate quality: Session learnings and accumulated knowledge improve your Teammates' responses over time
• Enable integrations: Access connected services to provide context-aware Teammate responses
• Process transactions: Handle subscription billing, credit purchases, affiliate commissions, and affiliate payouts
• Operate the affiliate program: Track referrals, calculate tiered commissions, process payouts, detect fraud, and manage tier advancement
• Communicate with you: Send service announcements, respond to support requests, provide onboarding guidance, and send affiliate program notifications
• Monitor and improve: Analyze usage patterns to improve Service quality, fix bugs, and develop new features
• Ensure safety: Detect and prevent fraud, abuse, and violations of our Terms of Service
• Comply with law: Meet legal obligations, respond to lawful requests, and enforce our terms

We do NOT:

• Sell your personal data to third parties
• Use your content to train our own AI models
• Share your knowledge sources or session content with other users (unless you explicitly publish a Teammate to the Marketplace)
• Access more data from connected services than necessary to provide the features you've enabled

4. Google API Services — Limited Use Disclosure

Specifically, with respect to data received from Google APIs (including Google Calendar, Google Drive, Google Sheets, Google Docs, and Google Slides):

• We use Google user data solely to provide and improve user-facing features that are prominent in the MyTeam365 user interface — specifically, providing your AI Teammates with context from your authorized Google data to generate more relevant responses, summaries, and outputs during sessions you initiate.
• We do not transfer Google user data to third parties except (a) as necessary to provide or improve user-facing features that are prominent in the requesting application's user interface, (b) to comply with applicable law, or (c) as part of a merger, acquisition, or sale of assets, with notice to users.
• We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Google user data, except (a) with your affirmative agreement for specific messages, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized and is used for internal operations.
• Your Google data is processed through the AI model providers listed in Section 5 solely to generate responses to you. These providers are contractually prohibited from using your data to train their models and do not retain it beyond the processing period.

Where Google user data flows through these AI model providers as part of generating your Teammate responses, those providers act as service providers processing data on MyTeam365's behalf, under contractual restrictions equivalent to the Limited Use requirements. They do not store Google user data beyond the immediate processing window required to return a response, and they may not use the data for any other purpose, including model training, advertising, or analytics.

You may revoke MyTeam365's access to your Google data at any time via your Google Account at myaccount.google.com/permissions or through your MyTeam365 account settings.

5. How We Share Your Information

5.1 Third-Party AI Model Providers

To generate Teammate responses, your content (messages, knowledge source excerpts, and integration data relevant to the conversation) is sent to the AI model providers that power your Teammates:

• OpenAI (GPT-4 and related models)
• Anthropic (Claude models)
• Google (Gemini models)

These providers process your data to generate responses and return them to us. Under our agreements with these providers, your data is NOT used to train their general AI models and is NOT stored beyond the processing period required to generate the response.

Links to provider privacy policies: OpenAI, Anthropic, Google.

5.2 Voice Processing

If you use voice features, text may be processed by ElevenLabs for text-to-speech voice generation. Your voice recordings uploaded as knowledge sources are transcribed using automated speech-to-text services and are not shared with ElevenLabs.

5.3 Payment Processing

Subscription billing and affiliate payouts are processed through Stripe. Stripe receives payment information necessary to process transactions. Affiliate payouts are processed through Stripe Connected Accounts. Stripe's privacy policy applies to payment data they handle.

5.4 Service Providers

We share information with service providers who assist us in operating the Service, including hosting providers, email services, and analytics tools. These providers are bound by confidentiality agreements and may only use your data to provide services to us.

5.5 Marketplace

If you publish a Teammate to the Marketplace: other users can INTERACT with your Teammate; other users CANNOT see your uploaded knowledge sources, personality prompts, or configuration details; your Teammate's name, title, description, and avatar are publicly visible; usage statistics and community ratings are publicly visible; and you can unpublish your Teammate at any time.

5.6 Team & Company Sharing

If you use the Service within a team or company: team administrators may have access to shared Teammates and company-wide knowledge sources; individual session content remains private to session participants unless explicitly shared; and company-wide knowledge sources are accessible to all Teammates assigned to that company.

5.7 Affiliate Leaderboard

If you participate in the affiliate program, your affiliate tier and anonymized performance data may be displayed on the affiliate leaderboard. Your email address is masked. You can opt out of leaderboard visibility in your affiliate settings.

5.8 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Storage and Retention

6.1 Storage

Your data is stored on secure servers provided by our hosting infrastructure. Data may be stored and processed in the United States.

6.2 Retention

• Account data: Retained for the life of your account plus 30 days after deletion
• Session content and messages: Retained for the life of your account. You may delete individual sessions at any time.
• Knowledge sources: Retained until you delete them or close your account
• Session learnings: Retained until you delete them or close your account
• Affiliate data: Referral records and commission history are retained for 7 years after account closure for tax reporting purposes. Affiliate profile data is deleted 30 days after account closure.
• Payment records: Retained for 7 years as required by tax and accounting regulations
• Usage logs: Retained for 12 months for analytics and troubleshooting

6.3 Deletion

You may delete your account, individual knowledge sources, sessions, and Teammates at any time through your account settings. When you delete data: it is removed from our active systems within 30 days; it may persist in encrypted backups for up to 90 days before being permanently purged; and data that has been processed by third-party AI providers cannot be recalled from their systems, though they do not retain it beyond the processing period.

7. Data Security

We implement technical and organizational security measures including: encryption of data in transit (TLS/SSL) and at rest; access controls limiting employee access to user data; regular security assessments and monitoring; and secure authentication including password hashing.

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a security breach affecting your data, we will notify you in accordance with applicable law.

8. Your Rights and Choices

8.1 Access and Portability

You may access your data through your account settings. You may export your Teammate configurations, knowledge sources, and session history at any time.

8.2 Correction

You may update or correct your account information and knowledge sources at any time.

8.3 Deletion

You may delete your account and all associated data by contacting privacy@myteam365.ai or through your account settings.

8.4 Integration Disconnection

You may disconnect any integrated service at any time through your account settings. Disconnection stops future data access but does not retroactively remove data already processed.

8.5 Opt-Out of Communications

You may opt out of promotional communications at any time. Service-related communications (security alerts, billing notices) and affiliate transactional notifications (payout confirmations, tier changes) cannot be opted out of while your account is active.

8.6 For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights including: right to restrict processing; right to data portability; right to object to processing; and right to lodge a complaint with a supervisory authority. To exercise these rights, contact privacy@myteam365.ai.

8.7 For California Residents (CCPA)

California residents have the right to: know what personal information is collected; know whether personal information is sold or disclosed; say no to the sale of personal information (we do not sell personal information); access their personal information; request deletion of personal information; and not be discriminated against for exercising these rights.

9. Sensitive Data Categories

9.1 Voice and Audio Data

Voice recordings you upload are processed for transcription and knowledge extraction. We do not use your voice recordings to create voice models, clone your voice, or for biometric identification purposes. Voice playback features use ElevenLabs' pre-built voice library, not recordings of your voice.

9.2 Health and Wellness Data

If you upload health-related information (fitness data, health records, wellness notes), this data is treated with heightened security and is used solely to provide your requested Teammate interactions. We are not a healthcare provider and this data is not subject to HIPAA unless we enter into a specific Business Associate Agreement with a covered entity.

9.3 Financial Data

Financial information you upload (budgets, tax documents, investment data) is used solely to power your Teammate interactions. We are not a financial institution and do not provide regulated financial services.

9.4 Minors' Data

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@myteam365.ai.

10. Third-Party Avatar and Identity Services

You may choose to create your Teammate's visual identity using third-party services such as HeyGen, Synthesia, D-ID, or similar platforms, and import the resulting avatar into MyTeam365. When you do so: your biometric and likeness data is processed by the third-party service under THEIR privacy policy, not ours; we store only the resulting avatar asset (image or video), not the underlying biometric data used to create it. This option is available for users who prefer to keep their likeness data off our platform.

If you use our built-in AI avatar generation, the avatar is created from AI generation, not from your actual likeness, and no biometric data is collected.

11. Cookies and Tracking

We use cookies and similar technologies to: maintain your session and authentication; remember your preferences and settings; understand how you use the Service (analytics); and prevent fraud and abuse. You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations. For material changes, we will: update the "Last updated" date; provide notice through the Service (in-app notification); and for significant changes affecting your data rights, request renewed consent.

13. Contact Us