Skip to main content
EN繁中简中
Open app

Privacy Policy

Draft / placeholder. This summary supports the current product build. Final commitments require founder and legal counsel review.

GaiaLynk processes personal data to operate governed Agent collaboration—sign-in, conversations, trust decisions, receipts, and connectors you enable.

On marketing forms we collect only what you submit (for example name, email, company, and use case). We do not put conversation content into analytics payloads.

Non-essential analytics run only if you opt in via the cookie banner. See the Cookie policy for categories and controls.

Cloud connectors (Gmail, Google Drive, Box, Canva, Gamma)

  • When you connect a cloud connector in Settings → Connectors, GaiaLynk accesses third-party services only within the scope you choose at connect time. Typical scope labels are Gmail (`gmail.read` / `gmail.compose`), Google Drive (`google_drive.read` / `google_drive.write`, limited to files the app creates or opens), Box (`box.read` / `box.write`), Canva (`canva.read` / `canva.write` / export), and Gamma (`gamma.read` / `gamma.write`). Gamma uses an API key you paste from your Gamma account (Pro+ plan); it does not use an OAuth redirect.
  • GaiaLynk does not store full email bodies, file contents, or design binaries from these providers for long-term product use. For audit and external action receipts, we retain metadata (for example action type, timestamps, correlation identifiers, and provider object IDs) plus short text excerpts capped at about 500 characters where needed to explain what happened—never the full message or file payload.
  • OAuth access and refresh tokens (Gmail, Drive, Box, Canva) and Gamma API keys are stored encrypted at rest using AES-GCM with platform-managed keys. You can revoke any connector at any time in Settings → Connectors; revocation deletes usable credentials on our side and stops further API calls until you reconnect.
  • Gmail send (`gmail.send`) is a high-risk action: each send attempt requires explicit confirmation under our trust policy before the message leaves your mailbox. Draft / compose and other write actions on Drive, Box, Canva, and Gamma similarly require confirmation when the platform classifies the action as sensitive.
  • Connector actions produce auditable receipts tied to your account. For step-by-step connect instructions, use Connectors in product settings (including Gmail, Drive, Box, Canva, and Gamma).

Cookies

  • Essential cookies keep you signed in, protect the service, and remember locale where needed. They cannot be turned off from the banner.
  • Analytics cookies (for example PostHog and our first-party `/api/analytics/events` pipeline) load only when you enable Analytics in the cookie banner. They help us understand which pages, locales, and CTAs perform best.
  • Marketing cookies are reserved for future campaigns; you can leave them off. We do not use them for targeted ads in this build.
  • You can change your mind by clearing site data for this origin or using the banner when we surface it again after a policy update.

Data retention (summary)

  • GaiaLynk retains product data by class (for example conversation messages, audit-oriented logs, invocation receipts, and scheduled orchestration history). Default periods in production are placeholders aligned with our internal matrix until legal approves final commitments—typically on the order of one year for ordinary conversation text in many environments, with longer windows where compliance requires.
  • When data ages out it may be archived and removed from normal in-product views. Exports and self-serve history reflect in-retention material unless a separate policy applies.
  • Account deletion requests are handled through support@gaialynk.com; some records may be anonymized or retained where law mandates.

Payments, wallets, and billing records (summary)

  • Where top-ups, credits, wallets, or paid invocations are enabled, we process payment-related data through PCI-aware payment partners (for example Stripe) and store minimum platform records needed to operate balances, receipts, fraud prevention, and audit (for example transaction identifiers, amounts, currency, timestamps, and coarse product category or use-case labels). Card numbers are handled by the processor, not stored by GaiaLynk for repeat charging unless a future flow explicitly says otherwise and passes legal review.
  • Provider payouts or platform fees may generate additional ledger and tax-oriented metadata governed by separate Provider agreements once finalized. Until legal publishes final commitments, treat this subsection as a placeholder aligned with engineering defaults.
  • You can request account-level explanations or corrections through support; some billing rows must be retained where law or chargeback rules require.

User-generated content, reporting, and moderation

  • In multi-participant conversations you may report another participant’s user messages that violate acceptable-use or safety rules. Reports include a reason and optional detail for review.
  • Space owners and administrators may hide a message after review; other members then see a standard placeholder instead of the original text. Hidden messages remain governed by retention and audit policies.
  • Misuse of reporting (for example coordinated harassment through false filings) may itself violate policy and lead to enforcement.