Privacy Policy for GraniteAi, LLC

GraniteAi, LLC ("GraniteAi," "we," "us," or "our") operates the ClariSort and BCCBro applications, with more products under development. This Privacy Policy describes how we collect, use, and handle information when you use our applications. We are committed to protecting your privacy and complying with all applicable U.S. laws regarding data protection. We do not currently conduct business in the EMEA region.

1. Our Identity and Contact Information

2. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on our website at https://clarisort.ai, and we will notify users of significant changes via website banners. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

3. Scope of This Privacy Policy

This Privacy Policy applies to all users of the ClariSort and BCCBro applications. It outlines our practices concerning the access, handling, and processing of data, particularly when you authenticate using your Google Account.

4. Data We Access and How We Use It

GraniteAi, LLC operates on the principle of collecting and processing only the data strictly necessary for the functionality of our applications. We do not store or retain user data in either application beyond the immediate processing needs as described below.

A. ClariSort Application

Purpose: ClariSort is designed to help users reorganize their Google Drive files and folders into a more intuitive structure using artificial intelligence. It also aims to derive insights from file content.

Google API Scopes: ClariSort requests access to the following Google API scope:

Data Access and Processing:

When you grant ClariSort access via the Google OAuth consent screen, the application can access the files and folders within your Google Drive.

To provide its service, ClariSort generates an AI-powered summary of your files using Google Gemini. This summary is stored temporarily in an Upstash Redis database.

We only ever see and process these AI-generated summaries of your files. We do not access, view, store, or retain the original content of your files.

These summaries are used solely for reorganizing your files, assessing file purposes, creating improved organizational structures, moving files, renaming files, removing duplicates, identifying action items, and providing content insights based on user prompts.

Data Storage and Retention (ClariSort):

• We do not duplicate or store your actual Google Drive files or their original content.
• The AI-generated summaries of your files are stored in an Upstash Redis database for a maximum of 7 days, after which they are automatically discarded and permanently deleted. This temporary storage is essential for the application to perform its analysis and reorganization tasks.
• No other user data is seen by, stored by, or retained by ClariSort.

B. BCCBro Application

Purpose: BCCBro is a Google Workspace Add-on designed to check if a user was BCC'd on a Gmail message and to provide recipient safety guidance when composing emails.

Google API Scopes: BCCBro requests minimal access, specifically the following Google API scopes:

• gmail.addons.current.message.readonly: Allows read-only access to the currently open Gmail message. This is necessary for the add-on to analyze message headers (To, CC, From, BCC) and detect BCC status.
• script.external_request: Allows the Google Apps Script to make external HTTP requests. This is used exclusively for license validation calls to our Cloud Function to verify your subscription.

Data Access and Processing:

• Contextual Trigger (onGmailMessageOpen): When you open a Gmail message, BCCBro analyzes the message headers (including "To," "CC," "From," and "BCC") to determine if you were BCC'd. This analysis may involve raw message access for detailed header analysis, Base64 decoding of raw message content, header pattern matching, and envelope header analysis. If a BCC is detected, a warning card is displayed within Gmail.
• Compose Trigger (onComposeCheck): When you compose emails, BCCBro can provide recipient safety guidance to help you understand To/CC/BCC usage.
• Authentication Flow: The add-on uses an access token provided by Gmail (e.gmail.accessToken) to access message data for its analysis.
• License Validation: BCCBro makes external API calls to our backend licensing system (a Cloud Function) to validate your license. No personal email content is sent during this validation.

Data Storage and Retention (BCCBro):

• BCCBro does not store, retain, or log any user email content or message data. All analysis is performed in real-time within your Gmail environment.
• Any temporary data generated during the BCC check or license validation is immediately processed and discarded without being stored.
• We do not store or retain user data in this application.

5. How We Protect Your Data

GraniteAi, LLC is committed to protecting the information we process. We implement industry-standard best practices for data security. This includes:

• Encryption: Data (such as the temporary ClariSort summaries) is protected in transit and at rest using encryption.
• Access Controls: Strict access controls are in place to limit who can access sensitive systems and information.
• Secure Infrastructure: We leverage secure, reputable cloud service providers (e.g., Upstash Redis) that adhere to high security standards.
• Regular Reviews: We regularly review our security practices to ensure they meet current industry standards.

6. User Rights and Control

You have control over your data and the permissions you grant to our applications:

• Revoking Access: You can review, update, or revoke the permissions granted to ClariSort and BCCBro at any time through your Google Account security settings (specifically, the "Third-party apps with account access" section). Revoking access will immediately stop our applications from being able to access new data from your Google Account.
• Account Deletion: Since we do not store your data, deleting your "account" primarily involves revoking our access via your Google Account settings, as described above.

7. Children's Privacy

Our products are not specifically age-restricted; however, they are intended for a general audience capable of managing their own Google accounts. We do not knowingly collect personal information from individuals under the age of 13. If we become aware that we have inadvertently received personal information from a child under 13, we will delete such information from our records.

8. "Do Not Track" Signals

"Do Not Track" (DNT) is a privacy preference that users can set in their web browsers. While we believe in providing users with choices, our applications do not currently respond to DNT signals because there is no universal standard for how to interpret them.

9. Data Breach Notification

In the unlikely event of a data breach involving personal information, we have a breach response plan in place. We will notify affected users and relevant authorities in the maximum amount of time allowed by law, providing information about the breach and the steps we are taking to mitigate its effects.

10. Compliance and Enforcement

GraniteAi, LLC's Chief Technology Officer (CTO) is responsible for implementing this policy, ensuring compliance, and conducting periodic reviews. The Chief Executive Officer (CEO) is responsible for enforcing this policy and addressing any non-compliance. Any unauthorized data access or misuse may result in disciplinary actions consistent with company guidelines and applicable laws.