Privacy Policy

1. Introduction

OneCloud Systems, LLC ("Company," "we," "us," or "our") operates ContextApp.ai ("ContextApp" or the "Service"), a professional context assistant that helps users build and maintain intelligent relationships between companies, people, projects, files, meeting transcriptions, and emails.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service. This policy is designed to comply with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable California and U.S. privacy laws.

By using ContextApp, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and password when you register for an account.
• Profile Information: Organization name, user preferences, and settings you configure.
• Uploaded Content: Files, documents, and other content you upload to the Service for processing and entity extraction.
• Chat Messages: Messages you send through the AI chat interface, including prompts and associated context.
• Entity Data: Companies, people, tags, and relationship data you create or edit within the Service.
• Payment Information: Billing details processed through our third-party payment processor. We do not store full credit card numbers on our servers.

2.2 Information Collected Through Integrations

When you connect third-party services, we collect data from those services as authorized by you:

• Google Calendar: Calendar events, meeting details, attendee information, and associated metadata.
• Gmail: Email messages, headers (sender, recipient, subject, date), and email body content from your connected Gmail account.
• Google Drive: File names, content, and metadata from files you authorize us to access.
• Google Meet: Meeting recordings and transcripts accessed via Google Drive.
• Microsoft Outlook: Email messages, headers (sender, recipient, subject, date), and email body content from your connected Microsoft account.
• Granola (Meeting Transcriptions): Meeting transcription data synced via the Granola integration.
• Forwarded Emails: Emails forwarded to your unique vault address for processing, including attachments.

2.3 Information Collected Automatically

• Usage Data: Features accessed, actions taken, and interaction patterns within the Service.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP addresses, access times, and pages viewed.
• Cookies and Similar Technologies: Session cookies for authentication and functionality. See Section 8 for details.

2.4 AI-Processed Information

Our Service uses artificial intelligence to process your data for the following purposes:

• Entity Extraction: Identifying companies, people, and topics from files, emails, and meeting transcriptions.
• Context Summarization: Generating summaries and contextual information about entities and relationships.
• Semantic Search: Creating vector embeddings of your content for intelligent search functionality.
• Chat Responses: Generating AI-powered responses based on your professional context.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Operate, maintain, and deliver the features and functionality of ContextApp.
• Entity Management: Build and maintain your professional context graph of companies, people, and relationships.
• AI Processing: Process uploaded files, emails, and meeting data to extract entities and generate contextual insights.
• Communication: Send service-related notifications, updates, and support responses.
• Improvement: Analyze usage patterns to improve and enhance the Service.
• Security: Detect, prevent, and address technical issues and security threats.
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• AI Service Providers: We transmit your content to third-party AI providers (such as Anthropic and OpenAI) to power our AI features. These providers process data according to their own privacy policies and data processing agreements.
• Authentication Provider: Auth0 (by Okta) handles authentication on our behalf and receives your login credentials.
• Cloud Infrastructure: Amazon Web Services (AWS) hosts our Service and stores your data.
• Payment Processor: Our payment processor handles billing transactions.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.
• With Your Consent: When you explicitly authorize us to share your information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Uploaded files, extracted entities, chat histories, and integration data are retained until you delete them or close your account.

Data obtained through Google services (Gmail, Google Calendar, Google Drive, Google Meet). This includes email messages, calendar events, file content, meeting transcripts, and any vector embeddings or summaries we derive from that data. It is retained only while the corresponding integration remains connected. When you disconnect an integration, the associated data is purged from our systems within 30 days. When you close your account, all such data is purged within the same 30-day window that applies to the rest of your account.

User-initiated deletion. You can request immediate deletion of all data obtained through Google services at any time from Settings → Integrations. A background job completes the deletion typically within one hour; deletion status is visible in the same user interface. This is in addition to, and does not replace, your rights described in Section 7.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure authentication via Auth0 with support for multi-factor authentication.
• Multi-tenant data isolation — your data is scoped to your organization and user account.
• Regular security assessments and monitoring.
• Access controls limiting employee access to personal data. Employees, agents, and contractors may only access user data when necessary for support (with user consent), security purposes, or legal compliance.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA and CPRA:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, no opt-out is necessary.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary for the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at privacy@onecloudsys.com. We will respond to verifiable consumer requests within 45 days.

8. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Local Storage: Used to store authentication tokens and user preferences on your device.

We do not use advertising or third-party tracking cookies. We do not engage in cross-context behavioral advertising.

9. Third-Party Integrations

When you connect third-party services (Google Calendar, Gmail, Google Drive, Google Meet, Microsoft Outlook, Granola), you are authorizing us to access data from those services on your behalf. Each integration:

• Requires your explicit OAuth consent before activation.
• Can be disconnected at any time from your account settings.
• Is governed by the respective third-party's privacy policy in addition to this one.

We encourage you to review the privacy policies of any third-party services you connect.

10. Google API Services Usage Disclosure

ContextApp's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs (including Gmail, Google Calendar, Google Drive, and Google Meet) is subject to the following restrictions:

• Limited Use: Google user data is only used to provide and improve user-facing features that are prominent in ContextApp. We do not use Google user data for any purpose other than providing the Service to you.
• No Advertising: Google user data is not used for serving advertisements, including retargeting, personalized, or interest-based advertising.
• No Sale of Data: We do not sell, transfer, or share Google user data with third parties for purposes unrelated to providing the Service, except as necessary for external processing by our service providers (AI providers, cloud infrastructure) under confidentiality obligations, for security purposes, or as required by law.
• No Surveillance: Google user data is not used for surveillance purposes or transferred to any party conducting surveillance.
• Restricted Human Access: Our employees, agents, and contractors do not read your Google user data unless (a) you have given affirmative consent for specific data access (such as customer support requests), (b) it is necessary for security purposes (such as investigating a security incident), or (c) it is required to comply with applicable law.
• Token Storage and Revocation: OAuth tokens granted by you to ContextApp are encrypted at rest using AWS Key Management Service (KMS) envelope encryption. When you disconnect a Google integration, or when you delete your account, we revoke the associated OAuth token with Google via Google's OAuth revocation endpoint (currently oauth2.googleapis.com/revoke) before purging the token from our systems. Revocation causes the grant to disappear from your Google Account's connected-applications list.
• User-Initiated Deletion: You can delete all data obtained through Google services — messages, files, calendar events, meeting transcripts, and any derived summaries or vector embeddings — at any time from Settings → Integrations, without deleting your ContextApp account. A background job completes the deletion typically within one hour, and deletion status is visible in the same user interface. Retention timelines are described in Section 5.

11. Children's Privacy

ContextApp is designed for professional use and is not directed at children under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@onecloudsys.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also provide notice through email or within the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: