1. Information We Collect
- Account information: name, email address, and profile details you provide.
- Payment information: billing details handled by our third-party payment provider. We do not store full payment card numbers.
- Conversation data: audio, transcripts, and contextual details (such as names, commitments, and follow-ups) generated when you choose to record a conversation.
- Google account data (read-only, optional): If you choose to connect your Google account, Offscript requests read-only access to your Google Calendar, specifically your calendar events and attendee details. Connecting Google is entirely optional and is not required to use the core Service, and you can disconnect at any time (see Section 6). We do not currently request access to Gmail or other Google services; if we add email features in the future, we will update this policy and request the necessary permissions before doing so.
- Slack data (read-only, optional): If you choose to connect Slack, Offscript reads messages, threads, and huddle activity from the channels and direct messages you have access to, along with your workspace's member directory. Connecting Slack is optional, and you can disconnect at any time (see Section 6).
- Usage and device data: IP address, device type, browser, log data, and basic interaction metrics collected automatically when you use the Service.
- Cookies and similar technologies: used for authentication, preferences, and analytics.
You control when recording is active. We only capture conversations when you have enabled the Service.
2. How We Use Your Information
- To provide and improve the Service.
- To build and maintain your private professional memory.
- To communicate with you about your account, updates, and security.
- To respond to support requests.
- To detect and prevent fraud, abuse, and security incidents.
- To comply with legal obligations.
How we use your connected-account data. When you connect a third-party account, we use the read-only data you authorize solely to deliver the following user-facing features:
- Google Calendar (events and attendees) is used to generate pre-meeting briefs, your Day Brief, and to route action items.
- Slack (messages, threads, huddles, and member directory) is used to surface relevant context and action items connected to your conversations.
Offscript reads this data only. We do not use it for any purpose other than the features described in this policy.
3. Who We Share Information With
We do not sell your personal information, and we do not use your conversation content or your connected-account data to train general-purpose AI models. We share information only with:
Sub-processors
We rely on the following third-party providers to operate the Service. Each is bound by a data processing agreement and is permitted to use your data only to provide their service to us.
- Deepgram: speech-to-text transcription.
- Google (Gemini API): AI processing for selected tasks.
- Anthropic (Claude API): AI processing for selected tasks.
- Supabase: database hosting and authentication.
- Payment, email, and analytics providers: for billing, transactional communications, and product analytics.
Processing of connected-account data. Where a feature requires it, content from your Google Calendar and Slack may be processed by our AI sub-processors, Google (Gemini API) and Anthropic (Claude API), strictly to deliver the features described in Section 2. These providers process this data under data processing agreements that prohibit using it to train, develop, or improve their models, and no human reads your connected-account data except in the limited circumstances described in Section 4, "Google API Services Limited Use."
Other disclosures
- Legal requirements: where required by law, regulation, or valid legal process.
- Business transfers: in connection with a merger, acquisition, or sale of assets.
- With your consent: for any purpose not covered by this policy.
4. Google API Services Limited Use
Offscript's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide and improve the user-facing features described in this policy.
- We do not use Google user data for advertising.
- We do not sell Google user data.
- We do not transfer Google user data to others except as necessary to provide or improve these user-facing features (our AI sub-processors), to comply with applicable law, or as part of a merger or acquisition (with notice).
- We do not allow humans to read Google user data unless (a) you give explicit consent, (b) it is necessary for security, abuse prevention, or to comply with applicable law, or (c) the data has been aggregated and anonymized.
- We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine learning models, and our AI sub-processors are contractually prohibited from doing so.
We apply these same commitments (no advertising use, no sale, no human reading except in the limited cases above, and no model training) to data from any other account you connect to Offscript, including Slack.
5. Data Retention
- We retain conversation data and account information for as long as your account is active.
- Google Calendar and Slack data is retained only while your account is active and the relevant connection remains enabled.
- You can delete individual items, or your entire account, at any time.
- On account deletion, or when you disconnect a connected account, we remove the associated data within 30 days, except where retention is required by law.
6. Managing and Disconnecting Connected Accounts
You can disconnect any connected account from within Offscript at any time. Disconnecting stops any further access to that account's data and triggers deletion of the associated data as described in Section 5.
You can also review and revoke Offscript's access directly from each provider:
- Google:myaccount.google.com/permissions.
- Slack: your Slack workspace's connected-apps settings.
7. Data Security
We use industry-standard measures to protect your information, including encryption in transit and at rest, access controls, and regular security reviews. No system is 100% secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you.
- Request correction or deletion of your information.
- Export a copy of your data.
- Object to or restrict certain processing, including marketing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at admin@offscript.tech. We will respond within a reasonable time and in accordance with applicable law.
9. International Data Transfers
Your information may be processed in countries other than your own, including India and the United States. Where required, we use appropriate safeguards such as standard contractual clauses.
10. Children's Privacy
The Service is intended for professionals and is not directed to anyone under 18. We do not knowingly collect information from children. If we learn we have, we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on our website and update the "Last updated" date. Material changes will be communicated through the Service or by email.
12. Contact Us
If you have questions about this Privacy Policy or our data practices: