Privacy Policy
Last updated: January 2026
Desktop PA ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal assistant application.
Desktop PA uses artificial intelligence which can make mistakes. Always verify important information independently, especially for critical scheduling, financial, or professional matters. We are not liable for decisions made based on AI-generated content.
Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Authentication credentials via our identity provider (WorkOS)
Calendar Data
When you connect your calendar, we access data through authorized APIs:
- Google Calendar: Event titles, times, descriptions, attendees, and locations
- Microsoft Outlook: Event titles, times, descriptions, attendees, and locations
This data is used to help you manage your schedule, set reminders, and answer questions about your availability.
Email Data
When you connect your email, we access:
- Gmail: Email metadata (subject, sender, timestamps), email content for reading and composing
- Outlook: Email metadata and content for the same purposes
Email data is processed to help you search, read, draft, and manage messages through voice commands.
Voice Data
When you use voice features, your audio is processed for speech-to-text conversion:
- Voice recordings are processed in real-time
- Audio is not permanently stored after transcription
- Transcribed text may be temporarily processed by our AI providers
Usage Data
We automatically collect:
- Number of AI requests made
- Token usage (input and output)
- Voice processing duration
- Feature usage patterns
- Error logs for troubleshooting
Note: This usage data is Desktop PA application telemetry and is separate from any Google user data described in the Google API Services Disclosure section below.
How We Use Your Information
We use your information to:
- Provide AI-powered personal assistant services
- Process voice commands and generate responses
- Access and manage your calendar on your behalf
- Read, search, and compose emails as requested
- Track usage for billing purposes
- Fix bugs and maintain service reliability
- Send important account notifications
- Comply with legal obligations
Google API Services Disclosure
Desktop PA's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google Scopes We Request
When you connect your Google account, we request access to the following:
- Gmail (read, compose, send): To read your emails aloud, help you search for messages, compose replies via voice dictation, and send emails on your behalf when you direct
- Google Calendar (read/write): To tell you about upcoming events, create new appointments by voice, and modify or cancel events when you ask
- Profile information: To identify your account and display your name
How We Use Google Data
Google data is accessed only to provide the voice assistant features you request:
- Read your calendar events aloud when you ask "What's on my schedule?"
- Read email content when you ask "Read my latest email"
- Search emails when you ask "Find emails from John"
- Create calendar events when you say "Schedule a meeting tomorrow at 2pm"
- Send emails when you dictate and confirm a message
How AI Processing Works
When you make a voice request involving your Google data (like "read my emails"), your request and the relevant data are processed by our AI service providers to generate a spoken response. These AI providers:
- Act as data processors under our contractual control
- Process data only to fulfill your specific request in that moment
- Do not retain your Google data after processing your request
- Do not use your data for their own training or any other purpose
This processing is necessary to provide the voice assistant functionality you requested—it is not a transfer of your data for third-party purposes.
What We Do NOT Do With Google Data
Desktop PA does NOT:
- Store copies of your emails or calendar events in our databases
- Sell, rent, or share your Google data with third parties
- Use your Google data for advertising or marketing purposes
- Use your Google data to train AI or machine learning models
- Allow humans to read your Google data (except with your explicit consent, for security investigations, or to comply with applicable law)
Data Storage for Google Data
We do not permanently store your Google emails or calendar events. Google data is:
- Accessed in real-time via Google APIs only when you make a request
- Processed in memory to generate an immediate response
- Not written to our databases or cached for later use
We store only the OAuth tokens needed to maintain your Google connection. You can revoke these tokens at any time.
Revoking Access
You can revoke Desktop PA's access to your Google account at any time:
- Visit Google Account Permissions and remove Desktop PA
- Or disconnect your Google account from Desktop PA settings
Third-Party Service Providers
Desktop PA uses trusted third-party service providers to deliver our functionality. These providers process data on our behalf and under our contractual control. Categories of providers include:
- AI and language processing providers: To understand your voice commands and generate responses
- Speech processing providers: To convert your voice to text and generate spoken responses
- Cloud infrastructure providers: To securely store account data and provide real-time functionality
- Authentication providers: To securely manage your account login
- Payment processors: To handle subscription billing
All service providers are bound by contract to protect your data and use it only to provide services to Desktop PA. They do not retain your data or use it for their own purposes.
Data Storage and Security
We implement industry-standard security measures:
- All data is encrypted in transit using TLS/HTTPS
- OAuth tokens are stored securely and never exposed
- We do not store voice recordings after processing
- Access to production systems is restricted and logged
Data Retention
We retain your data as follows:
- Account data: Retained while your account is active
- Usage data: Retained for billing and analytics purposes
- Voice data: Not retained after real-time processing
- Calendar/Email access: We access data in real-time via APIs; we do not store copies of your calendar or emails
Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Request your data in a portable format
- Withdrawal: Revoke access to connected services at any time
To exercise these rights, contact us at privacy@desktop-pa.com.
Children's Privacy
Desktop PA is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.
International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with applicable laws.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Desktop PA after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@desktop-pa.com