Sabido.ai Privacy Policy
Last updated: October 22, 2025
Talentify, Inc., doing business as Sabido.ai ("Sabido", "we", "us", "our") provides an AI platform and AI agents to help customers work with email and other data sources. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how we protect it, and your choices and rights. It also includes a dedicated section that describes our use of Google API Services (Gmail).
Table of contents
- Who we are & scope
- Data we collect
- Sources of data
- How we use data (purposes)
- Legal bases (GDPR/UK GDPR)
- Sharing & disclosure
- International transfers
- Security
- Retention & deletion
- Your choices & rights
- Cookies & tracking technologies
- Automated decision-making (AI)
- Children's privacy
- Changes to this policy
- Contact us
- Google API Services (Gmail)
- Other Google APIs
- Data Processing Addendum
1) Who we are & scope
This policy applies to personal data we process about visitors, customers, end users, and other individuals who interact with Sabido websites, apps, and services, including our AI agents and integrations (such as Gmail, when you connect it).
Controller/Processor. For most processing here, Sabido is a data controller. For enterprise features where we process data strictly on a customer's documented instructions, Sabido acts as a processor under the parties' DPA.
2) Data we collect
Depending on how you interact with Sabido, we may collect:
- Account & contact data: name, email address, company, password hash, role, basic Google profile (name, email, profile picture) when you sign in with Google.
- Billing data: payment method tokens, billing address, VAT/tax IDs. We do not store full payment card numbers; our PCI-compliant provider (e.g., Stripe) processes them.
- Usage & device data: app activity, log files, IP address, device identifiers, browser type, preferences, crash reports.
- Support data: tickets and any screenshots/files you provide.
- Content you provide: prompts, files, or instructions given to our agents.
- Integration data from services you connect (e.g., Gmail — see Section 16).
3) Sources of data
- Directly from you (account creation, product use, support).
- Automatically (cookies, SDKs, logs).
- Third-party services you connect (e.g., Google, if you connect Gmail).
- Service providers (fraud prevention, error monitoring, analytics).
4) How we use data (purposes)
We use personal data to:
- Provide, maintain, and improve the services and features you request (including AI features you enable).
- Authenticate users; secure our platform; prevent abuse and fraud.
- Offer support and communicate about updates, security, and service changes.
- Personalize features you enable (e.g., per-user writing style).
- Comply with law, enforce terms, and protect rights, safety, and property.
Advertising. We do not use Gmail data for advertising. We do not sell personal data or share it for cross-context behavioral advertising.
5) Legal bases (GDPR/UK GDPR)
Where GDPR/UK GDPR applies, our legal bases include:
- Contract (Art. 6(1)(b)): to deliver requested services and integrations you enable.
- Consent (Art. 6(1)(a)): when you connect Gmail or opt into optional features.
- Legitimate interests (Art. 6(1)(f)): securing and improving services, preventing abuse, responding to inquiries—balanced against your rights.
- Legal obligation (Art. 6(1)(c)): tax, accounting, compliance.
You may withdraw consent at any time (see Your choices & rights).
6) Sharing & disclosure (including subprocessors and AI providers)
We do not sell personal data and do not share it with advertisers or data brokers. We disclose data only to:
- Service providers (subprocessors) acting on our instructions (e.g., cloud hosting, storage, logging/monitoring, email delivery, payments, analytics strictly necessary to provide the services). We maintain a current list at https://sabido.ai/legal/subprocessors.
- AI model providers (processors) that help generate the outputs you request (e.g., drafting a reply). When our features require it, we may transmit limited excerpts of content to these providers acting under contract and Limited Use restrictions (see Section 16). Our typical AI processors may include OpenAI, Anthropic, and Google AI/Vertex AI; see the subprocessors page for the current list.
- Compliance & safety: to comply with law, respond to lawful requests, enforce agreements, or address security/abuse.
- Corporate transactions: in a merger, acquisition, or asset transfer, with appropriate safeguards and notice.
Snapshot of key subprocessors (illustrative; see the live page for updates)
| Provider (Category) | Purpose | Typical data elements |
|---|---|---|
| Google Cloud Platform (cloud infrastructure) | Host app servers/databases, secure storage | Encrypted email snippets when processing, account IDs, encrypted OAuth tokens |
| OpenAI / Anthropic / Google AI (AI processing) | Generate summaries/drafts you request | Limited text excerpts you select; no use for ads or generalized model training |
| Stripe (payments) | Process subscription payments | Name, email, billing info; no card storage by Sabido |
| Google Analytics (analytics) | Improve product experience | Pseudonymized/app usage metrics; no Gmail message content |
7) International transfers
We may process data in the United States and other countries. Where required, we use approved transfer mechanisms (e.g., EU Standard Contractual Clauses, UK Addendum) and implement appropriate safeguards. Details are in our DPA.
8) Security
We implement administrative, technical, and physical safeguards appropriate to the risks, including:
- Encryption: TLS in transit; industry-standard encryption at rest. OAuth tokens are encrypted at rest; keys managed in a hardened KMS/HSM.
- Access controls: least-privilege, role-based access, MFA; logging and periodic reviews.
- Secure development: code review, dependency scanning, vulnerability management, and regular testing aligned with OWASP guidance.
- Monitoring & incident response: centralized logging, anomaly detection, incident playbooks, and user notifications where required.
- OAuth only: We use Google OAuth 2.0 for authentication and never see or store your Google password.
Google requirement (security incidents). If a security incident affects Gmail data, we also notify Google at security@google.com in addition to any required user/legal notifications.
9) Retention & deletion
We keep personal data only as long as necessary for the purposes described here or as required by law.
Standard periods
| Category | Default retention |
|---|---|
| Account/profile & subscription data | While account is active + 30 days; archived billing records 7 years (tax/audit). |
| Usage & operational logs (no message bodies) | 30 days for reliability/security; aggregated thereafter. |
| Security/audit logs | Up to 90 days. |
| Support tickets | 12 months from last activity. |
| Backups | Rolling backups retained ≤35 days. |
| Inactive accounts | If your account is inactive for 12 months, we will notify you and then delete your account data unless you take action. |
| Gmail data | See Section 16 (zero-retention/ephemeral by design, with a ≤72-hour cache only if needed for reliability). |
Upon account closure or revocation of access, we queue related data for deletion and complete within the timelines below, subject to narrow legal or security holds.
10) Your choices & rights (GDPR/CPRA and others)
Access/portability, correction, deletion, restriction, objection, and consent withdrawal. You can exercise rights by emailing privacy@sabido.ai or submitting our request form at https://sabido.ai/legal/privacy-request. We verify requests and respond within applicable timelines.
California (CPRA). We honor the rights to know, delete, correct, and limit use of sensitive personal information. We do not sell personal data and do not share it for cross-context behavioral advertising. You may use the methods above to exercise rights or designate an authorized agent.
Global Privacy Control (GPC)/Do Not Track. Where required, we treat GPC signals as opt-out preferences.
Opt-out of marketing emails. Use the unsubscribe link or email privacy@sabido.ai.
11) Cookies & tracking technologies
We use cookies and similar technologies to operate the service, remember preferences, measure performance, and improve features. Where required, we obtain consent. You can manage preferences in your browser and (where available) in our cookie banner/settings at https://sabido.ai/legal/cookies.
12) Automated decision-making (AI)
Our AI agent may make automated in-product assessments (e.g., suggest replies, summarize or categorize emails), but you remain in control and can ignore, edit, or override suggestions. We do not make decisions with legal or similarly significant effects solely by automated means without required notice and your consent.
13) Children's privacy
Our services are not directed to children under 13 (or the equivalent age of consent in your jurisdiction). We do not knowingly collect data from children.
14) Changes to this policy
We will post updates here and adjust the "Last updated" date. If changes materially affect your rights or how we process data (especially Gmail data), we will provide prominent in-product notice and obtain new consent when required before applying changes.
15) Contact us
Talentify, Inc. d/b/a Sabido.ai
Email: privacy@sabido.ai | contact@sabido.ai
Mailing address: [Insert mailing address]
16) Google API Services (Gmail) -- Detailed section
This section applies only if you connect a Google Account and grant Sabido access to Gmail via Google's OAuth screen. It explains what Gmail data we access, how we use it, sharing limits, security, and retention, and includes Google's required statements.
16.1 Scopes we request (least privilege; incremental)
Required for core email features
- https://www.googleapis.com/auth/gmail.readonly (Restricted) — read messages, including subject, sender/recipient, body, attachments, labels, and thread metadata (no write).
- https://www.googleapis.com/auth/gmail.send (Sensitive) — send email on your behalf (no read).
We request scopes incrementally and in context. We do not ask for "future-proof" or unnecessary permissions.
16.2 What data we access (categories, points, purpose)
| Data category | Specific data points accessed | Purpose of access |
|---|---|---|
| Email content | Body text of messages in threads you select; inline content; attachments you select (e.g., PDF/DOCX/TXT) | Generate summaries or write replies you request; show context for features you enable |
| Email metadata | From/To/Cc/Bcc, subject, timestamps, message-ID, thread ID, labels/folders | Provide context, organize mail (optional), enable search/triage |
| User account info | Primary Gmail address; basic Google profile (name, picture) | Authenticate via OAuth; personalize the interface; show sender identity |
| Email actions | Sending emails | Execute your explicit commands |
We translate these technical needs into plain-language disclosures in-product so your consent is informed and specific.
16.3 How we use Gmail data
We use Gmail data solely to provide user-visible features you request, such as:
- Reading messages you select to summarize or write replies you can review and send.
- Sending replies or new messages you instruct.
Prohibited uses & commitments
- No advertising or ad personalization with Gmail data.
- No sale of Gmail data; no sharing with data brokers.
- No credit-worthiness or lending uses.
- No generalized model training: We do not use Gmail data to train or improve generalized AI/ML models. Any per-user personalization is confined to your experience.
- Limited human access only: (i) with your explicit direction for specific items (e.g., a support ticket), (ii) for security/abuse investigations, or (iii) where required by law.
Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
16.4 Sharing & disclosure for Gmail data
- No selling; no ads sharing.
- Service providers (subprocessors). We may disclose limited Gmail data to vetted providers (e.g., cloud hosting, secure storage, logging/monitoring) acting on our instructions to deliver the features you use. See /legal/subprocessors for the current list.
- AI model providers (processors). To generate the outputs you request, Sabido may transmit limited Gmail-derived text to AI processors such as OpenAI, Anthropic, and Google AI/Vertex AI, acting only on our instructions and bound by contract to Limited Use (no human reading except narrow cases; no use for ads; no training of generalized models with your Gmail data).
- Other transfers are restricted to what Limited Use permits (providing/improving the user-facing feature with your consent, security/abuse, legal compliance, or a corporate transaction with your explicit prior consent).
16.5 Security (Gmail)
- TLS in transit and encryption at rest; OAuth tokens encrypted at rest; keys in KMS/HSM.
- Access controls: least-privilege, MFA, logging, periodic reviews.
- Secure SDLC and vulnerability management aligned with OWASP.
- Incident response with user/legal notices where required; if Gmail data is affected, we also notify Google at security@google.com.
- Restricted scopes assessment. If our features store or transmit data from Restricted Gmail scopes, Sabido undergoes Google's annual third-party security assessment (CASA/App Defense Alliance) and maintains a Letter of Validation.
16.6 Retention & deletion (Gmail)
We design for data minimization and short retention:
- Default: We retain email bodies/attachments we've sent and their replies as long as the user account connection is active.
- Derived artifacts you enable (summaries, classifications, per-user writing style signals): retained 30 days strictly to provide the feature, then deleted or anonymized; never used to train generalized models.
- Operational logs & audit records (metadata only; no message bodies): retained 30 days for reliability/security, then deleted or aggregated.
- OAuth tokens & connection data: Stored encrypted; when you revoke access or disconnect, we queue deletion immediately and complete within 7 days, subject to narrow legal/security holds.
16.7 Your choices & controls for Gmail
- Granular consent & incremental auth (narrowest scopes, in context).
- Just-in-time notices appear before a feature requests Gmail access.
- Revoke access anytime: Visit your Google Account permissions at https://myaccount.google.com/permissions → remove Sabido's access. You can also disconnect in-product. When you revoke, we delete Sabido-held Gmail-derived data per the schedule above.
- Data export & deletion: Request via privacy@sabido.ai or https://sabido.ai/legal/privacy-request. We respond within applicable timelines.
17) Other Google APIs (if enabled)
If you connect other Google services (e.g., Calendar, Drive, Contacts), we will disclose on this page the scopes we request, the data we access, how we use it, sharing limits under Limited Use, security measures, and retention/deletion timelines—using the same principles as Gmail. We will also seek verification and, where applicable, complete any required security assessments.
18) Data Processing Addendum (DPA)
For enterprise customers, our DPA (including SCCs where needed) governs our processing of personal data as a processor on your documented instructions. Contact privacy@sabido.ai for a copy or visit https://sabido.ai/legal/dpa.
Sabido.ai Privacy Policy
Last updated: October 22, 2025
Talentify, Inc., doing business as Sabido.ai ("Sabido", "we", "us", "our") provides an AI platform and AI agents to help customers work with email and other data sources. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how we protect it, and your choices and rights. It also includes a dedicated section that describes our use of Google API Services (Gmail).
Table of contents
- Who we are & scope
- Data we collect
- Sources of data
- How we use data (purposes)
- Legal bases (GDPR/UK GDPR)
- Sharing & disclosure
- International transfers
- Security
- Retention & deletion
- Your choices & rights
- Cookies & tracking technologies
- Automated decision-making (AI)
- Children's privacy
- Changes to this policy
- Contact us
- Google API Services (Gmail)
- Other Google APIs
- Data Processing Addendum
1) Who we are & scope
This policy applies to personal data we process about visitors, customers, end users, and other individuals who interact with Sabido websites, apps, and services, including our AI agents and integrations (such as Gmail, when you connect it).
Controller/Processor. For most processing here, Sabido is a data controller. For enterprise features where we process data strictly on a customer's documented instructions, Sabido acts as a processor under the parties' DPA.
2) Data we collect
Depending on how you interact with Sabido, we may collect:
- Account & contact data: name, email address, company, password hash, role, basic Google profile (name, email, profile picture) when you sign in with Google.
- Billing data: payment method tokens, billing address, VAT/tax IDs. We do not store full payment card numbers; our PCI-compliant provider (e.g., Stripe) processes them.
- Usage & device data: app activity, log files, IP address, device identifiers, browser type, preferences, crash reports.
- Support data: tickets and any screenshots/files you provide.
- Content you provide: prompts, files, or instructions given to our agents.
- Integration data from services you connect (e.g., Gmail — see Section 16).
3) Sources of data
- Directly from you (account creation, product use, support).
- Automatically (cookies, SDKs, logs).
- Third-party services you connect (e.g., Google, if you connect Gmail).
- Service providers (fraud prevention, error monitoring, analytics).
4) How we use data (purposes)
We use personal data to:
- Provide, maintain, and improve the services and features you request (including AI features you enable).
- Authenticate users; secure our platform; prevent abuse and fraud.
- Offer support and communicate about updates, security, and service changes.
- Personalize features you enable (e.g., per-user writing style).
- Comply with law, enforce terms, and protect rights, safety, and property.
Advertising. We do not use Gmail data for advertising. We do not sell personal data or share it for cross-context behavioral advertising.
5) Legal bases (GDPR/UK GDPR)
Where GDPR/UK GDPR applies, our legal bases include:
- Contract (Art. 6(1)(b)): to deliver requested services and integrations you enable.
- Consent (Art. 6(1)(a)): when you connect Gmail or opt into optional features.
- Legitimate interests (Art. 6(1)(f)): securing and improving services, preventing abuse, responding to inquiries—balanced against your rights.
- Legal obligation (Art. 6(1)(c)): tax, accounting, compliance.
You may withdraw consent at any time (see Your choices & rights).
6) Sharing & disclosure (including subprocessors and AI providers)
We do not sell personal data and do not share it with advertisers or data brokers. We disclose data only to:
- Service providers (subprocessors) acting on our instructions (e.g., cloud hosting, storage, logging/monitoring, email delivery, payments, analytics strictly necessary to provide the services). We maintain a current list at https://sabido.ai/legal/subprocessors.
- AI model providers (processors) that help generate the outputs you request (e.g., drafting a reply). When our features require it, we may transmit limited excerpts of content to these providers acting under contract and Limited Use restrictions (see Section 16). Our typical AI processors may include OpenAI, Anthropic, and Google AI/Vertex AI; see the subprocessors page for the current list.
- Compliance & safety: to comply with law, respond to lawful requests, enforce agreements, or address security/abuse.
- Corporate transactions: in a merger, acquisition, or asset transfer, with appropriate safeguards and notice.
Snapshot of key subprocessors (illustrative; see the live page for updates)
| Provider (Category) | Purpose | Typical data elements |
|---|---|---|
| Google Cloud Platform (cloud infrastructure) | Host app servers/databases, secure storage | Encrypted email snippets when processing, account IDs, encrypted OAuth tokens |
| OpenAI / Anthropic / Google AI (AI processing) | Generate summaries/drafts you request | Limited text excerpts you select; no use for ads or generalized model training |
| Stripe (payments) | Process subscription payments | Name, email, billing info; no card storage by Sabido |
| Google Analytics (analytics) | Improve product experience | Pseudonymized/app usage metrics; no Gmail message content |
7) International transfers
We may process data in the United States and other countries. Where required, we use approved transfer mechanisms (e.g., EU Standard Contractual Clauses, UK Addendum) and implement appropriate safeguards. Details are in our DPA.
8) Security
We implement administrative, technical, and physical safeguards appropriate to the risks, including:
- Encryption: TLS in transit; industry-standard encryption at rest. OAuth tokens are encrypted at rest; keys managed in a hardened KMS/HSM.
- Access controls: least-privilege, role-based access, MFA; logging and periodic reviews.
- Secure development: code review, dependency scanning, vulnerability management, and regular testing aligned with OWASP guidance.
- Monitoring & incident response: centralized logging, anomaly detection, incident playbooks, and user notifications where required.
- OAuth only: We use Google OAuth 2.0 for authentication and never see or store your Google password.
Google requirement (security incidents). If a security incident affects Gmail data, we also notify Google at security@google.com in addition to any required user/legal notifications.
9) Retention & deletion
We keep personal data only as long as necessary for the purposes described here or as required by law.
Standard periods
| Category | Default retention |
|---|---|
| Account/profile & subscription data | While account is active + 30 days; archived billing records 7 years (tax/audit). |
| Usage & operational logs (no message bodies) | 30 days for reliability/security; aggregated thereafter. |
| Security/audit logs | Up to 90 days. |
| Support tickets | 12 months from last activity. |
| Backups | Rolling backups retained ≤35 days. |
| Inactive accounts | If your account is inactive for 12 months, we will notify you and then delete your account data unless you take action. |
| Gmail data | See Section 16 (zero-retention/ephemeral by design, with a ≤72-hour cache only if needed for reliability). |
Upon account closure or revocation of access, we queue related data for deletion and complete within the timelines below, subject to narrow legal or security holds.
10) Your choices & rights (GDPR/CPRA and others)
Access/portability, correction, deletion, restriction, objection, and consent withdrawal. You can exercise rights by emailing privacy@sabido.ai or submitting our request form at https://sabido.ai/legal/privacy-request. We verify requests and respond within applicable timelines.
California (CPRA). We honor the rights to know, delete, correct, and limit use of sensitive personal information. We do not sell personal data and do not share it for cross-context behavioral advertising. You may use the methods above to exercise rights or designate an authorized agent.
Global Privacy Control (GPC)/Do Not Track. Where required, we treat GPC signals as opt-out preferences.
Opt-out of marketing emails. Use the unsubscribe link or email privacy@sabido.ai.
11) Cookies & tracking technologies
We use cookies and similar technologies to operate the service, remember preferences, measure performance, and improve features. Where required, we obtain consent. You can manage preferences in your browser and (where available) in our cookie banner/settings at https://sabido.ai/legal/cookies.
12) Automated decision-making (AI)
Our AI agent may make automated in-product assessments (e.g., suggest replies, summarize or categorize emails), but you remain in control and can ignore, edit, or override suggestions. We do not make decisions with legal or similarly significant effects solely by automated means without required notice and your consent.
13) Children's privacy
Our services are not directed to children under 13 (or the equivalent age of consent in your jurisdiction). We do not knowingly collect data from children.
14) Changes to this policy
We will post updates here and adjust the "Last updated" date. If changes materially affect your rights or how we process data (especially Gmail data), we will provide prominent in-product notice and obtain new consent when required before applying changes.
15) Contact us
Talentify, Inc. d/b/a Sabido.ai
Email: privacy@sabido.ai | contact@sabido.ai
Mailing address: [Insert mailing address]
16) Google API Services (Gmail) -- Detailed section
This section applies only if you connect a Google Account and grant Sabido access to Gmail via Google's OAuth screen. It explains what Gmail data we access, how we use it, sharing limits, security, and retention, and includes Google's required statements.
16.1 Scopes we request (least privilege; incremental)
Required for core email features
- https://www.googleapis.com/auth/gmail.readonly (Restricted) — read messages, including subject, sender/recipient, body, attachments, labels, and thread metadata (no write).
- https://www.googleapis.com/auth/gmail.send (Sensitive) — send email on your behalf (no read).
We request scopes incrementally and in context. We do not ask for "future-proof" or unnecessary permissions.
16.2 What data we access (categories, points, purpose)
| Data category | Specific data points accessed | Purpose of access |
|---|---|---|
| Email content | Body text of messages in threads you select; inline content; attachments you select (e.g., PDF/DOCX/TXT) | Generate summaries or write replies you request; show context for features you enable |
| Email metadata | From/To/Cc/Bcc, subject, timestamps, message-ID, thread ID, labels/folders | Provide context, organize mail (optional), enable search/triage |
| User account info | Primary Gmail address; basic Google profile (name, picture) | Authenticate via OAuth; personalize the interface; show sender identity |
| Email actions | Sending emails | Execute your explicit commands |
We translate these technical needs into plain-language disclosures in-product so your consent is informed and specific.
16.3 How we use Gmail data
We use Gmail data solely to provide user-visible features you request, such as:
- Reading messages you select to summarize or write replies you can review and send.
- Sending replies or new messages you instruct.
Prohibited uses & commitments
- No advertising or ad personalization with Gmail data.
- No sale of Gmail data; no sharing with data brokers.
- No credit-worthiness or lending uses.
- No generalized model training: We do not use Gmail data to train or improve generalized AI/ML models. Any per-user personalization is confined to your experience.
- Limited human access only: (i) with your explicit direction for specific items (e.g., a support ticket), (ii) for security/abuse investigations, or (iii) where required by law.
Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
16.4 Sharing & disclosure for Gmail data
- No selling; no ads sharing.
- Service providers (subprocessors). We may disclose limited Gmail data to vetted providers (e.g., cloud hosting, secure storage, logging/monitoring) acting on our instructions to deliver the features you use. See /legal/subprocessors for the current list.
- AI model providers (processors). To generate the outputs you request, Sabido may transmit limited Gmail-derived text to AI processors such as OpenAI, Anthropic, and Google AI/Vertex AI, acting only on our instructions and bound by contract to Limited Use (no human reading except narrow cases; no use for ads; no training of generalized models with your Gmail data).
- Other transfers are restricted to what Limited Use permits (providing/improving the user-facing feature with your consent, security/abuse, legal compliance, or a corporate transaction with your explicit prior consent).
16.5 Security (Gmail)
- TLS in transit and encryption at rest; OAuth tokens encrypted at rest; keys in KMS/HSM.
- Access controls: least-privilege, MFA, logging, periodic reviews.
- Secure SDLC and vulnerability management aligned with OWASP.
- Incident response with user/legal notices where required; if Gmail data is affected, we also notify Google at security@google.com.
- Restricted scopes assessment. If our features store or transmit data from Restricted Gmail scopes, Sabido undergoes Google's annual third-party security assessment (CASA/App Defense Alliance) and maintains a Letter of Validation.
16.6 Retention & deletion (Gmail)
We design for data minimization and short retention:
- Default: We retain email bodies/attachments we've sent and their replies as long as the user account connection is active.
- Derived artifacts you enable (summaries, classifications, per-user writing style signals): retained 30 days strictly to provide the feature, then deleted or anonymized; never used to train generalized models.
- Operational logs & audit records (metadata only; no message bodies): retained 30 days for reliability/security, then deleted or aggregated.
- OAuth tokens & connection data: Stored encrypted; when you revoke access or disconnect, we queue deletion immediately and complete within 7 days, subject to narrow legal/security holds.
16.7 Your choices & controls for Gmail
- Granular consent & incremental auth (narrowest scopes, in context).
- Just-in-time notices appear before a feature requests Gmail access.
- Revoke access anytime: Visit your Google Account permissions at https://myaccount.google.com/permissions → remove Sabido's access. You can also disconnect in-product. When you revoke, we delete Sabido-held Gmail-derived data per the schedule above.
- Data export & deletion: Request via privacy@sabido.ai or https://sabido.ai/legal/privacy-request. We respond within applicable timelines.
17) Other Google APIs (if enabled)
If you connect other Google services (e.g., Calendar, Drive, Contacts), we will disclose on this page the scopes we request, the data we access, how we use it, sharing limits under Limited Use, security measures, and retention/deletion timelines—using the same principles as Gmail. We will also seek verification and, where applicable, complete any required security assessments.
18) Data Processing Addendum (DPA)
For enterprise customers, our DPA (including SCCs where needed) governs our processing of personal data as a processor on your documented instructions. Contact privacy@sabido.ai for a copy or visit https://sabido.ai/legal/dpa.