Privacy at AgentEnvoy

Last updated: April 2, 2026

Our Principles

These principles govern every decision we make about your data. They are not aspirational — they are operational. Our systems are built to enforce them.

I. We treat your information as if it were our own.

This is our foundational commitment. We hold and process your data with the same care and discretion we would expect for ourselves. If we wouldn't be comfortable with how a piece of information is handled, we don't handle it that way.

II. We learn only what the negotiation requires.

The minimum knowledge principle. AgentEnvoy accesses only the data necessary to facilitate the specific negotiation at hand — nothing more. We don't build profiles, mine patterns across negotiations, or retain information beyond its purpose.

III. We never advantage one party using the other's private data.

AgentEnvoy is a neutral administrator. Information shared by one party is used solely to find mutual ground — never to give the other party a negotiating edge. Each party sees only the gist of what was shared, not the other's explicit details.

What We Access

Your Google account

When you sign in, we receive your name, email address, and profile picture from Google. We store a refresh token to maintain your connection.

Your calendar (hosts)

By default, we read only free/busy time blocks from your Google Calendar — not event titles, attendees, descriptions, or any other details. We see “busy 9–10am,” not “Doctor appointment with Dr. Smith.”

You may choose to grant Envoy access to full event details (titles, locations, durations) so it can better reason about your flexibility and context — for example, understanding that a nearby lunch could make an in-person meeting convenient. When you do:

  • Envoy uses those details to make better scheduling decisions
  • Envoy will never share your event details with the other party
  • Envoy actively avoids leaking private information in its proposals or language

We also create calendar events when a meeting is confirmed — only with details both parties have agreed to.

Your calendar (guests)

When a guest connects their calendar, we request read-only access. We read your free/busy availability to find mutual times. We cannot create, modify, or delete any events on your calendar.

AI and Your Data

AgentEnvoy uses an AI scheduling agent (“Envoy”) powered by Anthropic's Claude. Here is exactly what the AI sees:

  • Default: Free/busy time blocks only — no event content
  • With your permission: Event titles, locations, and durations — used for reasoning, never disclosed to other parties
  • Always: Messages exchanged in the negotiation session
  • Never: Data from other negotiation sessions, your broader calendar history, or any cross-session profile

The AI processes your data to generate scheduling proposals. It does not learn from your data across sessions, and your information is not used to train AI models.

Data Retention

We keep data only as long as it serves a purpose.

  • Negotiation sessions (messages, proposals, outcomes) are retained for 30 days after completion, accessible to both parties. Each party sees the session from their perspective — the gist of what was shared, not the other party's private inputs. After 30 days, session data is permanently deleted.
  • Guest calendar data (availability from connected calendars) is retained for 30 days, then permanently deleted. Guest calendar credentials are never stored long-term.
  • Host account data (profile, preferences, calendar connection) persists for the life of your account. You can delete your account at any time.

What We Never Do

  • Sell, share, or transfer your data to third parties for advertising or marketing
  • Share one party's event details, calendar content, or private context with the other party
  • Build cross-session profiles or behavioral models of users
  • Use your data to train AI models
  • Access more calendar data than the specific negotiation requires
  • Retain data beyond the stated retention periods

Services We Use

We rely on a small number of infrastructure providers to operate:

  • Google APIs — Authentication and calendar access
  • Anthropic (Claude) — AI agent. Receives free/busy times (or event details with your permission) and negotiation messages. Does not retain your data.
  • Resend — Confirmation emails
  • Vercel — Application hosting
  • Supabase — Database hosting (PostgreSQL, encrypted at rest)

We do not use analytics trackers, advertising pixels, or data brokers.

Your Rights

  • Revoke access at any time via Google Account Permissions
  • Request a copy of all data we hold about you
  • Request deletion of your account and all associated data
  • Opt out of enhanced calendar access at any time (revert to free/busy only)

Google API Services User Data Policy

AgentEnvoy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

Questions about this policy or your data: privacy@agentenvoy.ai