Privacy Policy

1. Overview

This Privacy Policy describes how Ultrahuman ("Company", "we", "us", or "our") collects, uses, and protects information in connection with our AI email and calendar workspace services ("Services"). This policy applies to all users of our Services.

Ultrahuman brings productivity and sanity back to daily planning by providing unified search, scheduling, and AI agent automation. To perform these workflows efficiently, we synchronize and secure certain metadata with local cache storage.

2. Information Collection & Account Information

We collect account details necessary to authenticate you, connect integrations, and operate your unified cockpit:

• Identification Data: Full name, email address, and organization name.
• Authentication Credentials: Passwords, session cookies, and secure OAuth tokens from integrated services.
• Preferences: Personal settings, workspace views, theme choices, and keyboard customization properties.

3. User Data

We cache and index user data from integrated workflows locally to deliver instant grep-style search speeds, time-blocking, and intelligent agent routing:

• Emails & Metadata: Message subjects, participant lists, date/time timestamps, labels, and thread histories.
• Schedules & Calendars: Events, descriptions, locations, calendar configurations, and attendee emails.
• AI Companion Drafts: Temporary companion email bodies, scheduling requests, and user-generated text inputs.

4. Connected Services Data

With your explicit consent, our Services link directly to external third-party provider accounts (e.g., Google OAuth integration for Gmail and Google Calendar).

Google API Disclosure: Ultrahuman's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

5. Technical Information & Realtime Hooks

To guarantee zero polling lag and responsive page state updates, we track certain technical parameters:

• Webhooks & Events: Realtime Server-Sent Events (SSE) metadata to push new inbox messages instantly.
• Local Cache Storage: Browser-side Local Storage variables to persist user theme and dashboard properties.
• Client Metadata: IP addresses, browser types, client operating systems, and diagnostic application performance logs.

6. Use of Information

We use collected information solely for operating and optimizing your AI Workspace experience:

• Synchronizing integrated mail and calendar databases.
• Processing search strings, grep commands, and scheduling requests.
• Running agent workflows (e.g., calling tools to draft replies, check calendar openings, or send reminders).
• Ensuring security, debugging server errors, and preventing platform abuse.

7. Data Processing & Subprocessors

Data processing occurs on secure servers and local cloud database caches. When you use the conversational agent features, specific query contexts are transmitted to authorized artificial intelligence LLM model subprocessors (e.g. OpenAI API) to interpret prompts and map them into workspace commands. We do not permit subprocessors to train models on your private data.

8. Data Security

We employ advanced organizational and technical safeguards:

• Encryption of all data in transit using Transport Layer Security (TLS 1.3).
• Encryption of high-risk stored fields (e.g. access tokens and user credentials) at rest.
• Restricted database query access limits for employees, adhering to the principle of least privilege.

9. Information Disclosure

We never sell, rent, or trade your email content or calendar schedules. We only disclose information to third parties under the following strict conditions:

• To comply with binding legal demands, court subpoenas, or regulatory requests.
• To defend the legal safety and rights of the Company or its users.
• With your explicit user authorization (e.g., triggering a third-party app integration).

10. Data Retention

Cached database elements are retained for as long as your workspace account is active. Upon user deletion requests, we immediately purge all locally stored emails, synced calendar metadata, access logs, and associated OAuth credentials from our active database partitions.

11. User Rights

Depending on your residency, you possess rights regarding your data:

• The right to request a portable copy of synced metadata.
• The right to restrict specific scopes or revoke linked Google access keys.
• The right to request full account erasure at any time.

12. International Transfers

Our database infrastructure is based in secure datacenters in the United States and EU. By using our Services, you consent to the storage and secure cross-border routing of user metadata in accordance with standard data transfer safety models.

13. Policy Updates

We may modify this policy periodically to reflect API scope updates or security requirements. In the event of material updates, we will notify you through application banners or system notifications.

14. Legal Compliance

We actively review practices to maintain alignment with GDPR, CCPA, and standard enterprise security best practices to safeguard user workspaces.

15. Contact Information

If you have any questions about this Privacy Policy, your cached metadata, or to submit a deletion request, please reach out to us at: