Privacy Policy

Last Updated: April 21, 2025

Welcome to Sage ("we," "us," or "our"), an AI-powered chatbot on World App designed to provide personalized responses by leveraging your calendar data and Gmail emails. This Privacy Policy explains how we collect, use, store, and protect your information when you use our product. We are committed to respecting your privacy and giving you control over your data.

1. What Information We Collect

We collect information from you when you use Sage and authorize us to access your Google account via OAuth. Specifically:

• Calendar Data: With your explicit consent through Google OAuth, your calendar events (e.g., event titles, descriptions, dates, times, attendees) from your Google Calendar account are added to your local storage.
• Email Data: With your explicit consent through Google OAuth, your Gmail emails (e.g., message content, subjects, senders, recipients, dates) from your Gmail account are added to your local storage.
• Technical Data: We may collect limited metadata about your usage, such as browser type, operating system, and interaction logs (e.g., timestamps of queries), to improve the product. This data is processed locally and not sent to our servers.

No Other Data: We do not collect additional personal information (e.g., name, address) beyond what you authorize via OAuth, and we do not access data outside your Google Calendar and Gmail scopes.

2. How We Collect Your Information

• OAuth Authorization: We use Google's OAuth 2.0 protocol to securely request access to your Google account. You will see a consent screen from Google asking for permission to access your calendar events and Gmail emails. This access is limited to the scopes we request (e.g., https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/gmail.readonly).
• Local Storage: Once authorized, your calendar and email data is pulled directly to a local database. No data is transmitted to our servers.

3. How We Use Your Information

We process your calendar and email data locally on your device to enhance your experience with Sage. Specifically:

• Embedding Model: An embedding model runs entirely in your browser to convert your calendar and email content into numerical representations (vectors). This enables us to understand the context of your events and communications without sending raw data elsewhere.
• Retrieval-Augmented Generation (RAG): We use these embeddings to perform RAG, retrieving relevant calendar and email content to personalize chatbot responses based on your schedule, activities, and communications.
• Personalization: The chatbot leverages this data to tailor answers to your specific needs, preferences, or schedule reflected in your calendar events and email communications.

Local Processing: All processing—embedding and RAG—occurs on your device. We do not upload your calendar events, emails, embeddings, or any derived data to our servers or third parties.

4. No Usage of Data for Training AI/ML Models

We want to be explicitly clear about how your data is and is not used:

• No AI/ML Training: We do not use any data obtained through Google Workspace APIs (including your Google Calendar and Gmail data) to develop, improve, or train generalized or non-personalized AI and/or ML models. Your data remains exclusively for your personal use.
• No Third-Party AI Tools: We do not transfer any Google user data to third-party AI tools for any purpose, including for training generalized/non-personalized AI/ML models.
• Personal Use Only: Any AI functionality in our service processes your data locally and exclusively for personalizing your experience, not for improving our underlying models.

5. Data Storage and Retention

• Where Data is Stored: Your calendar and email data and embeddings are stored exclusively on your device. We do not maintain copies on our servers or in the cloud.
• Retention Period: Data persists in your local DB until you manually clear it (e.g., via browser settings or our app's "Clear Data" feature) or revoke our OAuth access via your Google account settings. We do not control retention beyond your actions.
• No Backup: Since data stays local, there are no backups or redundant copies created by us.

6. Data Sharing and Disclosure

• No Sharing with Us: Because all data processing happens locally, we do not receive, store, or access your calendar or email content or embeddings.
• Third Parties: We do not share your data with third parties, except as required to facilitate OAuth authentication with Google (e.g., token exchange). Google's own privacy policies govern their handling of your data during this process.
• Legal Requirements: If compelled by law (e.g., a court order), we would only disclose what we have—which is minimal (e.g., usage metadata)—and we'd notify you unless prohibited.

7. Security Measures

We prioritize your data's security, even though it remains on your device:

• Local Encryption: We recommend using a modern, secure browser (e.g., Chrome, Firefox) for optimal protection.
• OAuth Security: We use industry-standard OAuth protocols with secure token handling to ensure safe access to your Google Calendar and Gmail accounts.
• No Server Risk: Since we don't store your data centrally, there's no risk of a server breach exposing your calendar or email information.

Your Responsibility: You are responsible for securing your device (e.g., with passwords or encryption) to prevent unauthorized access to IndexedDB.

8. Your Rights and Choices

• Revoke Access: You can revoke our Google access anytime via your Google Account settings (Security > Third-party apps with account access). This stops new data retrieval instantly.
• Clear Data: send us an email to tiagofneto29@gmail.com to delete your calendar and email data.
• Consent: You control what data we access by approving or denying OAuth permissions. You can withdraw consent at any time.

If you're in a region like the EU (GDPR) or California (CCPA), you have additional rights (e.g., access, deletion). Since we don't hold your data centrally, exercising these rights involves managing your local storage as described above.

9. Third-Party Services

• Google OAuth: We rely on Google's OAuth service to access your Google Calendar and Gmail data. Google may log authentication events per their own policies (see Google's Privacy Policy).

10. Children's Privacy

Sage is not intended for users under 13 (or 16 in some regions). We do not knowingly collect data from children. If you believe a child has used our service, contact us to revoke access.

11. Changes to This Privacy Policy

We may update this policy as we introduce new features or technologies. We will notify you of material changes through the app or email. Your continued use constitutes acceptance of revised terms.

12. Contact Us

For questions about this policy or our privacy practices, contact: tiagofneto29@gmail.com.