Privacy Policy

Zero-Knowledge Architecture

We operate on a zero-knowledge principle. Even under legal compulsion, we cannot provide unencrypted data. Your data never leaves the private enclave, and we cannot read it.

AI Model Training

• Your model trains exclusively on YOUR data within YOUR enclave
• Models are never shared between users
• Training data never leaves the enclave
• No data pooling or cross-user learning

Cryptographic Attestation

We use cryptographic attestation to prove that your data stays in its private enclave. Independent audits verify that our infrastructure matches our security claims.

Your Control

• Delete your entire account and all data with one click
• Deletion is permanent and immediate
• All data is removed from the enclave instantly
• OAuth tokens are revoked automatically

What Gets Deleted

• All synced data (emails, documents, calendar events)
• Your trained AI model
• Connection metadata
• Account credentials and tokens

How We Access Google User Data

We request OAuth consent to access specific Google Workspace APIs based on which services you choose to connect:

• Gmail API: We access your email content, metadata, and drafts solely to train your personal AI model and enable AI-assisted email composition. We read emails to understand your communication style and create context for AI responses. We only compose or send emails when you explicitly trigger these actions.
• Google Drive API: We access your documents and files to build your personal knowledge base for AI training. We read document content to understand your areas of expertise. We only create or modify files when you explicitly request document generation or editing features.
• Google Calendar API: We access your calendar events and schedules in read-only mode to provide temporal context to your AI. This helps the AI understand your priorities and upcoming commitments. We never modify your calendar.

How We Use Google User Data

• AI Model Training: Data from Google services trains YOUR personal AI model exclusively within YOUR private encrypted enclave
• Personalized Responses: Your AI uses this data to provide context-aware responses that reflect your knowledge and communication style
• Document Generation: When you request it, the AI can create documents in Google Drive or compose emails in Gmail using your personal context
• Limited Use Compliance: We use Google user data ONLY for providing and improving these user-facing features. We never use it for serving ads or any other purposes

How We Store Google User Data

• Encrypted Storage: All data from Google services is encrypted at rest in our database using industry-standard encryption
• Private Enclave: Processing occurs in a Trusted Execution Environment (TEE) that we cannot access or decrypt
• Retention: Data is stored until you disconnect the service or delete your account
• OAuth Tokens: Access tokens are securely stored and automatically refreshed. Refresh tokens are encrypted and stored separately

How We Share Google User Data

We DO NOT share Google user data with third parties except in these limited cases:

• AI Processing: Encrypted data is sent to Anthropic's Claude API for AI model inference, subject to Anthropic's data processing agreement
• Legal Requirements: Only if required by law (subpoena, court order), and only the minimum data necessary
• Your Explicit Request: When you explicitly share AI-generated content externally

We do NOT sell, rent, or share your Google user data for advertising, marketing, or any commercial purposes.

Your Control Over Google Data

• Disconnect any Google service at any time from your Garden dashboard
• Revoke Garden's access via your Google Account settings
• Delete all synced data from a specific service
• Export your data in machine-readable format
• Delete your entire account and all associated data permanently

Google OAuth Authentication

We use Google OAuth for secure authentication. Google's Privacy Policy applies to their authentication service. You can revoke access via Google Account settings at any time.

Anthropic Claude AI

We use Anthropic's Claude API for AI model inference. Data sent to Claude is encrypted and processed according to Anthropic's enterprise data processing agreement. Anthropic does not use your data to train their models.

No Analytics or Advertising Networks

• No analytics providers receive your personal data
• No advertising networks
• No data brokers
• No tracking pixels or cookies from third parties

Access & Portability

• Export all your data at any time
• API access to retrieve your data programmatically

Control

• Disconnect individual services (Gmail, Drive, Calendar) independently
• Adjust scope permissions at any time
• Real-time visibility into what's being processed

GDPR Rights (EU Users)

• Right to access, rectification, erasure, restriction
• Data portability in machine-readable format
• Right to object to processing
• Lawful basis: Consent (OAuth scopes), Contract (service delivery)

CCPA Rights (California Users)

• Right to know what data is collected
• Right to deletion
• Right to opt-out (we don't sell data)
• No discrimination for exercising rights