Privacy Policy

Desktop PA ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal assistant application.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Authentication credentials via our identity provider (WorkOS)

Calendar Data

When you connect your calendar, we access data through authorized APIs:

• Google Calendar: Event titles, times, descriptions, attendees, and locations
• Microsoft Outlook: Event titles, times, descriptions, attendees, and locations

This data is used to help you manage your schedule, set reminders, and answer questions about your availability.

Email Data

When you connect your email, we access:

• Gmail: Email metadata (subject, sender, timestamps), email content for reading and composing
• Outlook: Email metadata and content for the same purposes

Email data is processed to help you search, read, draft, and manage messages through voice commands.

Voice Data

When you use voice features, your audio is processed for speech-to-text conversion:

• Voice recordings are processed in real-time
• Audio is not permanently stored after transcription
• Transcribed text may be temporarily processed by our AI providers

Usage Data

We automatically collect:

• Number of AI requests made
• Token usage (input and output)
• Voice processing duration
• Feature usage patterns
• Error logs for troubleshooting

Note: This usage data is Desktop PA application telemetry and is separate from any Google user data described in the Google API Services Disclosure section below.

How We Use Your Information

We use your information to:

• Provide AI-powered personal assistant services
• Process voice commands and generate responses
• Access and manage your calendar on your behalf
• Read, search, and compose emails as requested
• Track usage for billing purposes
• Fix bugs and maintain service reliability
• Send important account notifications
• Comply with legal obligations

Google API Services Disclosure

Google Scopes We Request

When you connect your Google account, we request access to the following:

• Gmail (read, compose, send): To read your emails aloud, help you search for messages, compose replies via voice dictation, and send emails on your behalf when you direct
• Google Calendar (read/write): To tell you about upcoming events, create new appointments by voice, and modify or cancel events when you ask
• Profile information: To identify your account and display your name

How We Use Google Data

Google data is accessed only to provide the voice assistant features you request:

• Read your calendar events aloud when you ask "What's on my schedule?"
• Read email content when you ask "Read my latest email"
• Search emails when you ask "Find emails from John"
• Create calendar events when you say "Schedule a meeting tomorrow at 2pm"
• Send emails when you dictate and confirm a message

How AI Processing Works

When you make a voice request involving your Google data (like "read my emails"), your request and the relevant data are processed by our AI service providers to generate a spoken response. These AI providers:

• Act as data processors under our contractual control
• Process data only to fulfill your specific request in that moment
• Do not retain your Google data after processing your request
• Do not use your data for their own training or any other purpose

This processing is necessary to provide the voice assistant functionality you requested—it is not a transfer of your data for third-party purposes.

What We Do NOT Do With Google Data

Desktop PA does NOT:

• Store copies of your emails or calendar events in our databases
• Sell, rent, or share your Google data with third parties
• Use your Google data for advertising or marketing purposes
• Use your Google data to train AI or machine learning models
• Allow humans to read your Google data (except with your explicit consent, for security investigations, or to comply with applicable law)

Data Storage for Google Data

We do not permanently store your Google emails or calendar events. Google data is:

• Accessed in real-time via Google APIs only when you make a request
• Processed in memory to generate an immediate response
• Not written to our databases or cached for later use

We store only the OAuth tokens needed to maintain your Google connection. You can revoke these tokens at any time.

Revoking Access

You can revoke Desktop PA's access to your Google account at any time:

• Visit Google Account Permissions and remove Desktop PA
• Or disconnect your Google account from Desktop PA settings

Third-Party Service Providers

Desktop PA uses trusted third-party service providers to deliver our functionality. These providers process data on our behalf and under our contractual control. Categories of providers include:

• AI and language processing providers: To understand your voice commands and generate responses
• Speech processing providers: To convert your voice to text and generate spoken responses
• Cloud infrastructure providers: To securely store account data and provide real-time functionality
• Authentication providers: To securely manage your account login
• Payment processors: To handle subscription billing

All service providers are bound by contract to protect your data and use it only to provide services to Desktop PA. They do not retain your data or use it for their own purposes.

Data Storage and Security

We implement industry-standard security measures:

• All data is encrypted in transit using TLS/HTTPS
• OAuth tokens are stored securely and never exposed
• We do not store voice recordings after processing
• Access to production systems is restricted and logged

Data Retention

We retain your data as follows:

• Account data: Retained while your account is active
• Usage data: Retained for billing and analytics purposes
• Voice data: Not retained after real-time processing
• Calendar/Email access: We access data in real-time via APIs; we do not store copies of your calendar or emails

Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Withdrawal: Revoke access to connected services at any time

To exercise these rights, contact us at privacy@desktop-pa.com.

Children's Privacy

Desktop PA is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with applicable laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of Desktop PA after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@desktop-pa.com