Privacy policy

1. What Data We Collect

EA Copilot collects the minimum data required to function as your AI-powered executive assistant:

• Google account info — name, email address, and profile picture via Google OAuth sign-in.
• Email metadata and content — sender, subject, snippet, and full body of emails you choose to triage, reply to, or forward through the app. We access your Gmail via the Gmail API with the scopes you explicitly grant.
• Calendar data — event titles, times, attendees, and descriptions from your Google Calendar for scheduling, meeting prep, and daily briefings.
• AI-generated classifications — email categories, business types, draft replies, meeting prep notes, and executive briefs generated during your use of the app.
• Executive profiles and preferences — names, roles, and preference rules you manually configure for the executives you support.
• Contacts and interaction history — contact names, emails, and communication frequency derived from your Gmail and Calendar data during sync.
• Documents and spreadsheets — files you upload (contracts, agendas, briefs, financial spreadsheets, etc.). PDFs and Word documents are parsed to plain text and split into ~500-token chunks. Spreadsheets are parsed sheet-by-sheet into structured headers + rows.
• Embeddings (vector representations) — for each document chunk and saved Company Fact, we generate a 1024-dim embedding via Voyage AI's voyage-3-large model. Embeddings are stored locally in your Supabase database and used solely to retrieve relevant context when you ask Margin a question.
• Company Facts — short, plain-text knowledge entries you manually save (passwords, vendor numbers, birthdays, etc.). Stored in the company_facts table.
• Chat thread history — messages exchanged with Margin(your questions and the assistant's answers, including source citations) are stored in the ea_chat_messages table so the conversation survives reloads. You can clear the thread at any time from the chat header.
• Query logs — a record of each Margin question with its detected intent and retrieval confidence, used for product analytics and to enforce future usage caps. Logs are scoped to your user account and never aggregated across users.

2. How Your Data Is Stored

All user data is stored in a Supabase PostgreSQL database hosted on AWS ap-south-1 (Mumbai). Data is encrypted at rest using AES-256 and in transit using TLS 1.2+.

Google and Microsoft OAuth tokens (both access and refresh tokens) are encrypted at the application layer using AES-256-GCM with a per-deployment encryption key before being written to the user_tokens table. The encryption key lives only in the server environment; even a full database export does not expose usable tokens. Tokens are used solely to make authorized API calls on your behalf, and we never store your Google password.

The application itself is deployed on Vercel with edge functions running in the nearest region. No user data is cached at the edge layer.

3. Google API Services User Data Policy — Limited Use Disclosure

EA Copilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• We use Google user data only to provide and improve user-facing features of EA Copilot that are visible and prominent in our app — email triage, draft generation, calendar scheduling, meeting prep, daily briefings, and the natural-language command bar.
• We do not transfer Google user data to third parties except (a) as needed to provide or improve the features described above (e.g., sending email content to Anthropic Claude when you explicitly trigger an AI action — see section 4), (b) to comply with applicable law, or (c) as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read your Google user data unless (a) we have your specific consent to view specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) the data is aggregated and used for internal operations in accordance with applicable privacy and other laws.

4. How AI Processing Works

EA Copilot uses the Anthropic Claude API to power email classification, draft generation, meeting prep, daily briefings, and natural-language commands.

• When Anthropic receives your data:only when you trigger an AI action (e.g., “Classify All,” “Generate Draft,” “Generate Executive Brief,” or any command-bar query that requires natural language interpretation).
• What is sent to Anthropic: the specific email metadata, body excerpts, calendar event details, contact notes, and uploaded document excerpts relevant to the action you triggered. We do not send your full mailbox or full calendar in a single batch.
• Anthropic does not use your data to train their models. Per Anthropic's Commercial Terms of Service, inputs and outputs sent via the API are not used for model training or improvement.
• AI-generated outputs (classifications, drafts, briefs) are stored in your Supabase database so they persist across sessions and you can edit / discard them.
• We use Claude Haiku for most classification tasks, Claude Sonnet for complex generation tasks, and Claude Opus 4.7 for every Margin chat call — intent classification, document/spreadsheet answers, and the daily suggestion compute.
• Embeddings used by Margin for retrieval are generated by Voyage AI (voyage-3-large). Voyage receives only the text being embedded (a document chunk, a fact, or your query) and does not retain it for training per their privacy policy.

4a. Margin — How the chatbot works with your data

Margin is a docked chat that answers questions about your company knowledge base — uploaded documents, spreadsheets, and saved Company Facts. Here is exactly what happens when you send a message:

1. Your message and the last ~10 turns of conversation are sent to Claude Opus 4.7 to classify intent (operational, document knowledge, spreadsheet, or ambiguous).
2. If the intent is a knowledge query, your message is rewritten by Opus into a richer search phrase, then embedded by Voyage into a 1024-dim vector. That vector is compared (in your own Supabase project, server-side) against your document chunks and Company Facts to retrieve the top 8 most relevant pieces.
3. Those pieces and your original question are sent to Opus, which returns an answer with inline source citations.
4. Both your message and the assistant's reply are written to ea_chat_messages so the thread persists. Source citations and confidence levels are saved alongside.

Confidential items. Documents and Company Facts you mark Confidential are excluded from proactive suggestions entirely and are only surfaced in chat when your query is clearly about that topic (similarity score ≥ 0.6 AND materially higher than any non-confidential match).

Clearing your chat. The trash icon in the Margin header deletes the entire thread from the database. Deleting your account erases the thread, every chunk, every embedding, every fact, every uploaded document, and your auth record (see Section 8).

5. Data Retention

• Account data is retained for as long as your account is active.
• Email classifications and drafts are retained until you delete them, undo the triage, or delete your account.
• Google OAuth tokens are refreshed automatically and overwritten on each sign-in. If you revoke access from your Google account, stored tokens become invalid.
• Uploaded documents are retained until you delete them or your account.
• On account deletion, all your data is permanently removed from our database within 24 hours. There are no backups retained after deletion.

6. Your Rights

You have the right to:

• Access— view all data we hold about you through the app's dashboard pages (email triage, contacts, preferences, reminders, etc.).
• Correction — edit your executive profiles, preferences, and reclassify emails at any time.
• Deletion— permanently delete your account and all associated data using the “Delete My Account” button in Preferences. This removes all data from Supabase and revokes the Google OAuth connection.
• Export— export your weekly digest and briefing data via the app's built-in export features.
• Revoke access — disconnect Google API access at any time from your Google Account permissions page.

7. Third-Party Services

8. Contact

For privacy questions or data requests, contact us at privacy@ea-copilot.com.