Privacy Policy

1. What We Collect

company.inc ("the App") requests limited access to your Google account solely to power in-app features you initiate:

• Gmail (read-only + send): Used by your AI Executive Assistant to read your inbox and send emails on your behalf when you explicitly instruct it to.

We do not collect, store, or transmit your emails to any third party. OAuth tokens are held in server memory for the duration of your session and are discarded when the server restarts.

2. How We Use Your Data

Your Gmail data is used exclusively to execute actions you request inside the App (e.g., "check my inbox," "send a reply"). We never use your data for advertising, training models, or analytics.

3. Data Storage

The App runs locally or on your own deployment. No email content is persisted to disk or any external database. OAuth tokens are stored in-memory only and expire automatically.

4. Instagram

When you connect your Instagram Business account via Facebook Login, the App requests the following permissions:

• instagram_basic: Read your Instagram profile information (username, account ID).
• instagram_content_publish: Publish photo posts to your Instagram account when you explicitly instruct your AI Social Media Manager to do so.
• pages_show_list & pages_read_engagement: Identify the Facebook Page linked to your Instagram Business account.

Instagram data is used exclusively to execute posting actions you request. We do not read your DMs, followers list, or any content beyond what is needed to publish posts. OAuth tokens are held in server memory and discarded on server restart. You can revoke access at any time from your Facebook Business Integrations settings.

5. X/Twitter

When you connect your X account, the App can post tweets and check engagement metrics on your behalf. OAuth tokens are stored in server memory only. You can revoke access from your X Connected Apps settings.

6. Third-Party Services

The App may use the following third-party APIs to power agent capabilities:

• OpenAI API — for agent reasoning (no email content is sent unless you instruct the agent)
• Vapi — for AI-powered phone calls you initiate
• Google Gmail API — for inbox access you authorize
• Instagram Graph API (via Facebook) — for publishing posts you authorize
• X/Twitter API — for posting tweets you authorize

7. Your Rights

You can revoke access for any connected service at any time:

• Gmail: Google Account permissions
• Instagram: Facebook Business Integrations
• X/Twitter: X Connected Apps

Revoking access immediately stops the App from accessing or acting on your account.

8. Data Deletion

You may request deletion of any data associated with your account by emailing hi@company.inc. Upon receiving your request, we will delete all stored tokens and account references within 30 days.

9. Chrome Extension — Browser Bridge

The Company.inc Browser Bridge Chrome extension enables AI agents in the web application to post to X/Twitter on your behalf. The extension only interacts with x.com and twitter.com pages.

• Data collected: Tab screenshots (JPEG) and tab URLs are captured only when actively triggered by the application and communicated via Chrome's externally_connectable messaging API to company.inc only.
• Data storage: No data is stored by the extension. Screenshots are streamed in real-time and not persisted.
• Third parties: No data is shared with any third party. All communication occurs between the extension and company.inc via Chrome's secure messaging API.
• Permissions: The extension requires tabs and scripting permissions, with host permissions scoped to x.com and twitter.com only, to create/navigate tabs, automate posting, and capture screenshots.

10. Contact

Questions about this policy? Email us at hi@company.inc.