Zásady ochrany osobních údajů

Transparentní a srozumitelné...

Platné od 14. září 2025

Poslední aktualizace

Navigace

Obsah k ochraně osobních údajů

1. DATA PROCESSING WHEN VISITING OUR WEBSITE

2. CONTACTING US

3. COOKIES

4. GOOGLE FONTS

5. SERVER LOG FILES

6. PROCESSING OF DATA WITHIN THE SCOPE OF OUR SAAS SOLUTIONS

7. PAYMENT DATA

8. NEWSLETTER

9. YOUR RIGHTS AS A DATA SUBJECT

10. DATA RETENTION

11. CONTACT DETAILS

12. DATA PROTECTION OFFICER

13. GOOGLE API SERVICES USER DATA POLICY

14. MICROSOFT GRAPH API DATA USE

13. Google API Services User Data Policy

DivineMind.AI integrates with Google Workspace (Gmail, Google Calendar, Google Drive) via OAuth 2.0. This section describes which user data we access, why we access it, how we store it, and how it is deleted.

13.1 Google OAuth scopes requested

gmail.readonly — Used by the Mail Agent to categorize inbox content, extract invoice references, and surface follow-up candidates. Read-only.
gmail.send — Used by the Mail Agent and Finance Agent to send transactional mail (invoice delivery, follow-ups, press pitches) on behalf of the authenticated user, with the user's explicit request.
gmail.modify — Limited to label management (apply/remove agent-defined labels). No message deletion.
calendar.events — Used by the Calendar Agent to create, read, and update events in the user's primary calendar. Required for booking meetings and sending invites.
calendar.readonly — Used for free/busy scheduling without writing.
drive.file — Restricted to files created or opened by DivineMind.AI only (e.g. attaching generated invoices). No bulk access to the user's Drive.
userinfo.email and userinfo.profile — To identify the authenticated account.

13.2 How Google user data is used

Google user data is used exclusively to provide the features the user explicitly requests through DivineMind.AI. Specifically:

Email content is processed to categorize incoming mail, draft responses, and extract invoice data the user has asked the Mail Agent or Finance Agent to handle.
Calendar data is read to suggest meeting times and written to book appointments the user or the AIRIS Portal agent requests.
Drive files created by DivineMind.AI (invoices, offers, exports) are stored in the user's own Drive when the user opts in.

13.3 How Google user data is stored

OAuth access and refresh tokens are encrypted at rest and stored on EU servers (Frankfurt, Germany). Message content is processed transiently: we fetch the specific message the agent is acting on, process it, and do not persist the full message body beyond the active task. Derived metadata (category labels, extracted invoice fields) is stored in the customer's isolated tenant database, also in the EU. We never copy the entire mailbox or calendar to our own storage.

13.4 How Google user data is shared

We do not sell, rent, trade, or share Google user data with any third party for advertising, marketing, or analytics purposes. We do not use Google user data to train or fine-tune any generalized AI or machine learning model. Processing is performed inside the user's tenant context only.

13.5 How Google user data can be deleted

Users control access at all times:

Revoke DivineMind.AI access directly from the Google account permissions page at myaccount.google.com/permissions.
Disconnect within DivineMind.AI under Settings → Connected Accounts. This purges stored tokens and derived metadata within 24 hours.
Request full deletion of all account data by emailing privacy@divinemind.ai. We respond within 30 days.

13.6 Limited Use compliance statement

DivineMind.AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

13.7 Data Protection contact

Questions about how Google user data is handled: privacy@divinemind.ai. Controller: DivineMind.AI FlexCo GmbH, Vienna, Austria.

14. Microsoft Graph API Data Use

DivineMind.AI integrates with Microsoft 365 (Outlook, Calendar) via the Microsoft Graph API using OAuth 2.0. The policy below mirrors our Google OAuth policy: minimum-scope principle, EU storage, no model training, revocable access.

14.1 Microsoft Graph scopes requested

Mail.Read — Mail Agent reads inbox for categorization and extraction.
Mail.Send — Mail Agent sends on user's behalf with explicit intent.
Calendars.ReadWrite — Calendar Agent books and manages meetings.
User.Read — Identify the authenticated account.
offline_access — Enable background refresh while consent is active.

14.2 Storage, sharing, deletion

Tokens are encrypted and stored on EU servers. Message content is processed transiently, not persisted. Data is never shared with third parties, never used for advertising, and never used to train general-purpose AI models. Users may revoke access at any time from myaccount.microsoft.com or within DivineMind.AI under Settings → Connected Accounts. Tenant admins can restrict or revoke the app at entra.microsoft.com (Enterprise Applications).