Privacy Policy
Effective date: May 6, 2026
Your Data, Your Control
Bygheart is built on a simple principle: your data belongs to you and only you can see it. We provide the infrastructure—you bring your content. We cannot access, view, or use your documents, conversations, calendar events, or emails. Everything is stored securely in your isolated account and we have zero visibility into your actual content.
What We Store (And Don't Store)
We store: Your email (for login), encrypted password hash, subscription tier, and usage counts (like number of documents). These are operational necessities—we cannot run the service without them.
We cannot see: Your uploaded documents, conversation history, knowledge base content, calendar events, email content, or any files you process. These live in your account with strict isolation. Even our team cannot peek inside your data. We are the locksmith, not the tenant.
Google Integrations (Calendar & Gmail)
If you connect Google Calendar or Gmail, we store only the OAuth tokens required to perform actions on your behalf—such as listing events, scheduling meetings, or drafting emails. These tokens are encrypted and tied strictly to your account.
We do not: sell your Google data, use it for advertising, train AI models on it, or share it with any third parties. Google data flows directly between you and Google's APIs; we simply facilitate the connection you authorized.
How We Use Your Information
We use your account metadata solely to keep the service running: authenticating logins, enforcing subscription limits, processing payments, and preventing abuse. Your actual content—documents, chats, emails, calendar data—is never used by us for any purpose. We don't train on it, we don't analyze it, and we definitely don't sell it.
No Third-Party Sharing
We do not share your data with anyone. Not for advertising, not for analytics, not for AI training. The only exceptions are essential service providers (hosting infrastructure, payment processing) and they only handle the minimum operational data needed—they never see your documents or conversations.
We have zero data-sharing agreements with advertisers, data brokers, or analytics firms. Your privacy is not a revenue stream for us.
Security & Encryption
Your data is protected with enterprise-grade security: TLS for all connections, encrypted storage at rest, isolated database rows per user, and server-side credential handling. Custom email passwords (IMAP/SMTP) are encrypted before storage. Even in the unlikely event of a breach, your content remains encrypted and isolated.
We follow security best practices, regular updates, and minimal-privilege architecture. We built this for executives who demand privacy—we treat your data like it was our own confidential information.
Your Rights & Control
You have full control: disconnect Google integrations anytime in Settings, delete all uploaded documents instantly, wipe conversation history, or export your data. Want your account completely deleted? Contact us and we'll purge everything—no retention, no backups kept, no questions asked.
Because we can't see your data, we can't use it for anything you didn't explicitly authorize. You hold the keys. We just maintain the vault.
Contact
Questions about this policy can be sent to privacy@bygheart.com.