Privacy Policy

Last Updated: March 19, 2025

Welcome to Sage ("we," "us," or "our"), an AI-powered chatbot on World App designed to provide personalized responses by leveraging your email data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our product. We are committed to respecting your privacy and giving you control over your data.

1. What Information We Collect

We collect information from you when you use Sage and authorize us to access your Gmail account via OAuth. Specifically:

  • Email Data: With your explicit consent through Google OAuth, your email content (e.g., subject lines, body text, sender/recipient details) from your Gmail account is added to your local storage.
  • Technical Data: We may collect limited metadata about your usage, such as browser type, operating system, and interaction logs (e.g., timestamps of queries), to improve the product. This data is processed locally and not sent to our servers.

No Other Data: We do not collect additional personal information (e.g., name, address) beyond what you authorize via OAuth, and we do not access data outside your Gmail scope.

2. How We Collect Your Information

  • OAuth Authorization: We use Google's OAuth 2.0 protocol to securely request access to your Gmail account. You will see a consent screen from Google asking for permission to access your emails. This access is limited to the scopes we request (e.g., https://www.googleapis.com/auth/gmail.readonly).
  • Local Storage: Once authorized, your email data is pulled directly to a local database. No email data is transmitted to our servers.

3. How We Use Your Information

We process your email data locally on your device to enhance your experience with Sage. Specifically:

  • Embedding Model: An embedding model runs entirely in your browser to convert your email content into numerical representations (vectors). This enables us to understand the context of your emails without sending raw data elsewhere.
  • Retrieval-Augmented Generation (RAG): We use these embeddings to perform RAG, retrieving relevant email content to personalize chatbot responses based on your past correspondence.
  • Personalization: The chatbot leverages this data to tailor answers to your specific needs, preferences, or history reflected in your emails.

Local Processing: All processing—embedding and RAG—occurs on your device. We do not upload your emails, embeddings, or any derived data to our servers or third parties.

4. No Usage of Data for Training AI/ML Models

We want to be explicitly clear about how your data is and is not used:

  • No AI/ML Training: We do not use any data obtained through Google Workspace APIs (including your Gmail data) to develop, improve, or train generalized or non-personalized AI and/or ML models. Your data remains exclusively for your personal use.
  • No Third-Party AI Tools: We do not transfer any Google user data to third-party AI tools for any purpose, including for training generalized/non-personalized AI/ML models.
  • Personal Use Only: Any AI functionality in our service processes your data locally and exclusively for personalizing your experience, not for improving our underlying models.

5. Data Storage and Retention

  • Where Data is Stored: Your email data and embeddings are stored exclusively on your device. We do not maintain copies on our servers or in the cloud.
  • Retention Period: Data persists in your local DB until you manually clear it (e.g., via browser settings or our app's "Clear Data" feature) or revoke our OAuth access via your Google account settings. We do not control retention beyond your actions.
  • No Backup: Since data stays local, there are no backups or redundant copies created by us.

6. Data Sharing and Disclosure

  • No Sharing with Us: Because all data processing happens locally, we do not receive, store, or access your email content or embeddings.
  • Third Parties: We do not share your data with third parties, except as required to facilitate OAuth authentication with Google (e.g., token exchange). Google's own privacy policies govern their handling of your data during this process.
  • Legal Requirements: If compelled by law (e.g., a court order), we would only disclose what we have—which is minimal (e.g., usage metadata)—and we'd notify you unless prohibited.

7. Security Measures

We prioritize your data's security, even though it remains on your device:

  • Local Encryption: We recommend using a modern, secure browser (e.g., Chrome, Firefox) for optimal protection.
  • OAuth Security: We use industry-standard OAuth protocols with secure token handling to ensure safe access to your Gmail account.
  • No Server Risk: Since we don't store your data centrally, there's no risk of a server breach exposing your emails.

Your Responsibility: You are responsible for securing your device (e.g., with passwords or encryption) to prevent unauthorized access to IndexedDB.

8. Your Rights and Choices

  • Revoke Access: You can revoke our Gmail access anytime via your Google Account settings (Security > Third-party apps with account access). This stops new data retrieval instantly.
  • Clear Data: send us an email to tiagofneto29@gmail.com to delete your email.
  • Consent: You control what data we access by approving or denying OAuth permissions. You can withdraw consent at any time.

If you're in a region like the EU (GDPR) or California (CCPA), you have additional rights (e.g., access, deletion). Since we don't hold your data centrally, exercising these rights involves managing your local storage as described above.

9. Third-Party Services

  • Google OAuth: We rely on Google's OAuth service to access your Gmail data. Google may log authentication events per their own policies (see Google's Privacy Policy).

10. Children's Privacy

Sage is not intended for users under 13 (or 16 in some regions). We do not knowingly collect data from children. If you believe a child has used our service, contact us to revoke access.

11. Changes to This Privacy Policy

We may update this policy to reflect product changes or legal requirements. We'll notify you via in-app alerts. The "Last Updated" date at the top will change, and significant updates will be highlighted.

12. Contact Us

Questions or concerns? Reach out at:

Email: tiagofneto29@gmail.com