Privacy Policy

1. What We Collect

We collect only the data necessary to provide and improve our service:

• Account information — name, email address, and authentication credentials when you sign up.
• Connected service data — calendar events, emails, contacts, and task data from services you explicitly connect (e.g., Google Calendar, Gmail, Google Contacts).
• Conversation history — messages exchanged with your TendBot assistant to maintain context and provide continuity.
• Memory data — preferences, facts, and patterns that TendBot learns about you to personalize the experience.
• Usage data — anonymized interaction patterns to improve service quality.
• Technical data — device type, browser version, and IP address for security and troubleshooting.

2. How We Use Your Data

Your data is used exclusively to:

• Provide and operate the TendBot assistant service.
• Personalize your experience through Memory (your AI-learned preferences).
• Execute approved actions on your behalf — email drafting, calendar management, and task handling.
• Improve service quality and develop new features.
• Ensure security and prevent abuse.
• Comply with legal obligations.

3. Your Approval, Every Time

TendBot operates on a strict approval model. Every write action — sending an email, creating a calendar event, modifying a task — requires your explicit approval before execution. TendBot reads data to help you, but never changes anything without your consent.

4. AI Processing

TendBot uses Anthropic's Claude language model via their commercial API to understand your requests and generate responses. To provide useful assistance, the following data is sent to the AI model with each message:

• Your name and timezone — used to personalize responses and understand scheduling context.
• Upcoming calendar events — including titles, times, and attendee names, so the assistant can help with scheduling.
• Recent email metadata and summaries — sender addresses, subjects, and short AI-generated summaries (not full email bodies).
• Relevant notebook entries — only entries matching your current query, retrieved via search.
• Memory — preferences and patterns the assistant has learned about you.
• Conversation history — your recent messages for continuity across the conversation.

Your data is protected by Anthropic's commercial API terms: API data is not used for model training, data is encrypted in transit via TLS, and temporarily retained for up to 30 days for safety monitoring only. Your data is never shared across accounts or with other users.

5. Data Storage & Security

We take data security seriously:

• All data is encrypted in transit (TLS 1.3) and at rest at the infrastructure level. OAuth tokens are individually encrypted using Supabase Vault.
• Infrastructure hosted on secure, SOC 2 compliant cloud providers in the EU.
• Access controls with row-level security and audit logging for key operations.
• Per-user data isolation — your data is never mixed with other users'.
• privacy.sections.dataStorage.items.retention

5b. Data Retention & Deletion

We retain your data for the following periods:

• Conversation history — duration of your subscription plus 30 days.
• AI-processed emails — 90 days.
• Notebook entries — duration of your subscription.
• Memory data — duration of your subscription.
• Audit logs — 2 years (compliance requirement).
• Technical and usage data — 90 days.

When these retention periods expire, your data is automatically deleted or anonymized. Upon account deletion, all your data is removed after a 7-day grace period. You can request deletion of your data at any time by contacting privacy@tend.bot or through your account settings.

6. Third-Party Services

When you connect external services (Google, Microsoft, etc.), TendBot accesses only the data scopes you authorize. We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with service providers who assist in operating TendBot, bound by strict data processing agreements. TendBot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Cookies

We use minimal cookies: a language preference cookie and essential session cookies for authentication. We do not use tracking or advertising cookies.

8. Your Rights

Under GDPR and applicable law, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate personal data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a structured, machine-readable format.
• Restriction — limit processing of your data.
• Objection — object to processing of your data.
• Withdraw consent — withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@tend.bot.

9. Children's Privacy

TendBot is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests:

Email: privacy@tend.bot

Mail: TendBot, Stockholm, Sweden