Privacy Policy

1. Introduction

Welcome to Consul Agent ("we," "our," or "us"). Consul Agent is an AI-powered executive assistant platform that helps you manage email, calendar, documents, and more through intelligent automation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Consul Agent, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name
• Password (encrypted)
• Account preferences and settings

2.2 Google Account Data

With your explicit authorization via OAuth 2.0, we may access:

• Gmail: Email messages, labels, drafts, and metadata (sender, subject, date, recipients)
• Google Calendar: Calendar events, attendees, meeting details, and availability
• Google Docs: Document content, metadata, and access permissions
• Google Drive: File access, metadata, and organization

2.3 Communication Data

We collect and process:

• Messages you send through our chat interface
• iMessage and SMS communications (if you connect Photon)
• Email communications via AgentMail integration
• Conversation history and context for AI processing

2.4 Usage and Technical Data

We automatically collect:

• Device information (browser type, operating system)
• IP address and location data (city/region level)
• Log data (access times, pages viewed, clicks)
• Performance and diagnostic information

2.5 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card information. We receive limited information from Stripe including:

• Last four digits of your payment method
• Billing email address
• Payment transaction history
• Subscription status

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Process and respond to your requests, manage your calendar, organize emails, and create documents
• AI Processing: Analyze your data using artificial intelligence to provide intelligent automation, email triage, scheduling assistance, and contextual responses
• Personalization: Customize your experience based on your preferences and usage patterns
• Communication: Send you service-related notifications, updates, and support messages
• Improvement: Analyze usage patterns to improve our service, features, and user experience
• Security: Detect, prevent, and respond to fraud, abuse, security risks, and technical issues
• Compliance: Comply with legal obligations and enforce our terms of service

4. Third-Party Services and Data Sharing

We use the following third-party services to operate our platform:

4.1 Infrastructure and Database

• Supabase: Authentication, database storage (PostgreSQL), and file storage
• Vercel: Web application hosting and deployment
• Railway: Backend services hosting

4.2 AI and Processing

• OpenAI: AI language models (GPT-4) for intelligent responses and embeddings for semantic search. Your data is processed through OpenAI's API but is not used to train their models per our enterprise agreement.

4.3 Google Services

• Google APIs: Gmail API, Google Calendar API, Google Docs API, and Google Drive API for accessing your authorized Google data

4.4 Messaging Services

• AgentMail: Email routing and processing
• Photon: iMessage and SMS communication (if you enable this feature)

4.5 Payment Processing

• Stripe: Payment processing and subscription management. Stripe's privacy policy is available at stripe.com/privacy

Important: We do not sell your personal information to third parties for marketing purposes. Data is only shared with third-party service providers necessary to operate our service, and they are contractually obligated to protect your data and use it only for the purposes we specify.

5. Google API Services User Data Policy

Consul Agent's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Scope of Access

We request the minimum necessary scopes to provide our services:

• Gmail: Read, compose, send, and organize emails
• Calendar: Read and write calendar events
• Docs: Read and edit documents you authorize
• Drive: Access files you explicitly share with the service

5.2 How We Use Google Data

Google user data is used exclusively to:

• Provide and maintain the features you've requested
• Display your data back to you within the application
• Process your requests via AI to provide intelligent assistance

5.3 Data Retention

We do not permanently store the full contents of your Gmail messages, calendar events, or documents. We temporarily cache data necessary to fulfill your requests and store minimal metadata for service functionality (e.g., email action logs, processed calendar events).

5.4 Revoking Access

You can revoke Consul Agent's access to your Google data at any time by:

• Visiting your Google Account's connected apps page
• Disconnecting the integration from your Consul Agent settings

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: AES-256-GCM encryption for OAuth tokens and sensitive data at rest; TLS/SSL for data in transit
• Access Controls: Row-Level Security (RLS) policies in our database ensure users can only access their own data
• Authentication: JWT-based authentication via Supabase Auth
• Token Management: Automatic token refresh and secure storage of OAuth credentials
• Monitoring: Continuous security monitoring and logging
• Regular Audits: Periodic security assessments and updates

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide our services and as required by law:

• Account Data: Retained while your account is active
• OAuth Tokens: Stored securely until you revoke access or delete your account
• Conversation History: Retained for service functionality; you can delete individual conversations
• Email Action Logs: Retained for up to 90 days for service analytics
• Billing Records: Retained for 7 years for tax and accounting purposes

When you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Data Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing under certain circumstances

8.2 GDPR Rights (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

8.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@consul.ai. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and core functionality
• Preference Cookies: Remember your settings and preferences
• Analytics: Understand how you use our service to improve performance

You can control cookies through your browser settings. Note that disabling essential cookies may impact your ability to use certain features.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with third-party service providers
• Compliance with applicable data protection laws

11. Children's Privacy

Consul Agent is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@consul.ai, and we will delete it.

12. Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activities tracked. We do not currently respond to Do Not Track signals.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice in our application
• For significant changes, request your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of Consul Agent after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to protecting your privacy and will respond to your inquiries as quickly as possible, typically within 30 days.