Privacy Policy

Last updated: April 6, 2026

1. Information We Collect

We collect information you provide directly: name, email address, and payment details (processed securely via Stripe). We also collect usage data including agent runs, task history, and platform interactions.

When you connect third-party services via our Connectors page, we may access data from those services with your explicit consent. This includes:

• Gmail: Email messages, labels, and profile information (via gmail.send, gmail.readonly, gmail.modify scopes)
• Google Drive: Files and folder metadata (via drive.readonly, drive.file scopes)
• Google Sheets: Spreadsheet data (via spreadsheets, spreadsheets.readonly scopes)
• Google Docs: Document content (via documents, documents.readonly scopes)

2. How We Use Your Information

Your information is used to provide and improve the Service, process payments, send operational emails (daily reports, notifications), and prevent fraud.

Google user data accessed through connected services is used solely to power the AI agent features you have enabled:

• Gmail data is used by AI agents to send emails, read inbox messages, and automate email workflows on your behalf.
• Google Drive data is used to browse, read, and create files relevant to your business workflows.
• Google Sheets data is used for data analysis, generating reports, and tracking business metrics.
• Google Docs data is used for creating and reading documents such as reports, proposals, and business content.

We do not use Google user data for advertising, and we do not sell or share Google user data with third parties except as necessary to provide the Service as described in this policy.

3. Google API Services User Data Policy

AIWallah's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we limit our use of Google user data to providing or improving user-facing features that are prominent in our application's user interface. We do not:

• Transfer Google user data to third parties unless necessary to provide or improve user-facing features, comply with applicable laws, or as part of a merger/acquisition with prior user consent.
• Use Google user data for serving advertisements.
• Allow humans to read Google user data unless we have the user's affirmative consent, it is necessary for security purposes, to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymised.

4. Data Storage and Security

Data is stored on encrypted PostgreSQL databases hosted on AWS infrastructure. OAuth tokens for connected services (Gmail, Drive, Sheets, Docs) are encrypted with AES-256-GCM before storage. We use HTTPS/TLS for all data transmission. Access to production systems is restricted to authorised personnel only.

5. Cookies

We use essential cookies for authentication (session management) and optional analytics cookies to understand how users interact with our platform. You can decline non-essential cookies via our cookie banner.

6. Third-Party Services

We use the following third-party services:

• Stripe for payment processing (Stripe Privacy Policy)
• Google APIs for Gmail, Drive, Sheets, and Docs integration (Google Privacy Policy)
• OpenRouter for AI model access to power agent workflows

Google user data is only shared with AI model providers (OpenRouter) as necessary to execute the specific agent tasks you have configured. No raw email content, file content, or personal data is stored by these AI providers beyond the duration of the request.

7. Browser Agent (Chrome Extension)

The optional AIWallah Browser Agent Chrome extension lets your AI team act inside your own browser on sites where you are already signed in (e.g. Stripe, Gmail, Shopify admin, banking portals). It is only active after you explicitly pair it to your organisation with a one-time 6-character code.

What the extension accesses:

• Page screenshots of tabs the agent opens to complete a task you requested. Screenshots are transmitted to AIWallah over HTTPS and stored in your organisation's task history.
• Page URLs and titles of tabs the agent navigates to, used as task context.
• A device token (randomly generated, bound to this installation) stored in chrome.storage.local, sandboxed to the extension's ID and encrypted at rest by Chrome.

What the extension does NOT do: it does not read your browsing history, does not run in the background on sites you haven't directed the agent to, does not capture keystrokes, does not exfiltrate cookies, passwords, or session tokens from your browser. Screenshots are only taken on pages the agent itself opened in response to a task you assigned.

You can unpair the extension at any time from the popup, or revoke it server-side from Dashboard → Settings → Browser Agent. Revoking immediately invalidates the device token.

The extension uses broad host permissions (<all_urls>) because agents may need to act on arbitrary domains you direct them to (your own Stripe dashboard, your own Shopify admin, etc.). Access is always user-initiated per task — the extension never browses proactively.

8. Data Retention

Account data is retained while your account is active. Upon account deletion, your data is removed within 30 days. Agent run logs are retained for 90 days for operational purposes.

Google user data (emails, files, documents) is not permanently stored by AIWallah. It is accessed in real-time when AI agents execute tasks and is not cached or retained beyond the immediate processing need. OAuth tokens are stored securely (AES-256-GCM encrypted) and are deleted immediately when you disconnect a service from the Connectors page.

8. Revoking Access

You can disconnect any connected Google service at any time from the Connectors page in your AIWallah dashboard. This immediately deletes the stored OAuth tokens and stops all AI agent access to that service.

You can also revoke AIWallah's access from your Google Account permissions page.

9. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Revoke access to any connected third-party service
• Export your data

To exercise any of these rights, contact us at hello@aiwallah.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, contact us at hello@aiwallah.com.