Workshop LabsLog In

Privacy Policy

Last updated: December 15, 2025

Our Commitment to Privacy

Your data is yours. We built Evergreen so that we literally cannot access your data, even if we wanted to. Our code runs in Trusted Execution Environments (TEEs) that we cannot view.

When you create your account, you set a passphrase. Your encryption key is derived client-side from this passphrase. Your key is transmitted to the TEE for processing and held in memory for background operations by our attested code, but is never stored at rest.

All your data is encrypted at rest with this personal key.

What Data We Collect

Identity Information (Required)

  • What: Name, email address, Google account identifier
  • Purpose: Account creation and authentication
  • Retention: Until you delete your account
  • Storage: Unencrypted in our database (metadata only)

Google Service Data (Your Choice)

You choose which Google services to connect. All personal data from these services are encrypted at rest and only accessible by you.

Gmail

  • Scopes: gmail.readonly, gmail.compose, gmail.send
  • Access: Email content, metadata, drafts
  • Purpose: Train your AI model, enable AI-assisted email composition
  • Actions: Read-only for training; compose/send only when you explicitly trigger

Google Drive

  • Scopes: drive.readonly, drive.file
  • Access: Documents you own, have access to, or have commented on; files created via Evergreen
  • Purpose: Train AI model, enable document creation/editing
  • Actions: Read existing files for context; create/edit only files you initiate

Google Calendar

  • Scopes: calendar.readonly
  • Access: Calendar events, schedules, meeting details
  • Purpose: Provide scheduling context to your AI
  • Actions: Read-only; we never modify your calendar

How We Process Your Data

Trusted Execution Environment (TEE)

All data processing occurs in hardware-level isolated enclaves.

The enclave hardware attests that the code running in it is correct.

Your data is encrypted in transit and at rest

We cannot decrypt or access data within the enclave

Read more about Trusted Execution Environments at our provider Tinfoil

Zero-Knowledge Architecture

We operate on a zero-knowledge principle. Even under legal compulsion, we cannot provide unencrypted data, as we don't have your key.

AI Model Training

  • Your model trains exclusively on YOUR data protected by YOUR key
  • Models are never shared between users
  • No data pooling or cross-user learning

Cryptographic Attestation

The enclave hardware cryptographically proves what code is running. Your device verifies this before connecting. Independent audits verify that our infrastructure matches our security claims.

What We Never Do

  • ❌ Sell or share your data with third parties
  • ❌ Use your data to train models for other users
  • ❌ Modify or delete your data without your explicit action
  • ❌ Use your data for advertising or marketing
  • ❌ Send emails without your explicit trigger
  • ❌ Create or modify calendar events

Data Retention & Deletion

Your Control

  • Delete your entire account and all data with one click
  • Deletion is permanent and immediate (Some anonymized system logs may persist but contain no personally identifiable information)
  • All data is removed from the enclave
  • OAuth tokens are revoked automatically

What Gets Deleted

  • Identity info (name, email, Google account ID)
  • All synced data (emails, documents, calendar events)
  • Your trained AI model
  • Connection metadata
  • Account credentials and tokens

Google API Services User Data Policy

Evergreen's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How We Access Google User Data

We request OAuth consent to access specific Google Workspace APIs based on which services you choose to connect:

  • Gmail API: We access your email content, metadata, and drafts to build your personal knowledge base for training your AI. We allow you to send AI generated emails from our platform. We only compose or send emails when you explicitly trigger these actions.
  • Google Drive API: We access your documents and files (owned, shared, commented on) to build your personal knowledge base for AI training. We read document content to understand your areas of expertise. We only create or modify files when you explicitly request document generation or editing features.
  • Google Calendar API: We access your calendar events and schedules in read-only mode to provide temporal context to your AI. This helps the AI understand your priorities and upcoming commitments. We never modify your calendar.

How We Use Google User Data

AI Model Training: Data from Google services trains YOUR personal AI model exclusively within a TEE. Weights are encrypted at rest with YOUR personal key, and only spun up in attested code on TEEs.

Personalized Responses: Your AI uses this data to provide context-aware responses that reflect your knowledge and communication style

Document Generation: When you request it, the AI can create documents in Google Drive or compose emails in Gmail using your personal context

Limited Use Compliance: We use Google user data ONLY for providing and improving these user-facing features. We never use it for serving ads or any other purposes

How We Store Google User Data

  • Encrypted Storage: All data from Google services is encrypted at rest with your personal key.
  • Private Enclave: Processing occurs in a Trusted Execution Environment (TEE) that we cannot access or decrypt
  • Retention: Data is stored until you disconnect the service or delete your account
  • OAuth Tokens: Access/Refresh tokens are encrypted at rest with your personal key and automatically refreshed.

How We Share Google User Data

We DO NOT share Google user data with third parties except in these limited cases:

  • Legal Requirements: We cannot view, share, or decrypt your encrypted personal data, even under legal compulsion.
  • Your Explicit Request: When you explicitly share AI-generated content externally

Other Third-Party Services

Google OAuth Authentication

We use Google OAuth for secure authentication. Google's Privacy Policy applies to their authentication service. You can revoke access via Google Account settings at any time.

Your Rights

Access & Portability

  • Coming soon: Export all your data at any time

GDPR Rights (EU Users)

  • Right to access, rectification, erasure, restriction
  • Data portability in machine-readable format
  • Right to object to processing
  • Lawful basis: Consent (OAuth scopes), Contract (service delivery)

CCPA Rights (California Users)

  • Right to know what data is collected
  • Right to deletion
  • Right to opt-out (we don't sell data)
  • No discrimination for exercising rights

Policy Updates

We may update these terms at any time. During beta, changes may occur without notice.

Contact Us

For privacy questions, data requests, or security concerns, please contact us at [email protected]