Privacy Policy

Effective date: 2026-04-16 · Last updated: 2026-04-16

This Privacy Policy describes how Business AI Platform (the "Service"), operated by Advantec Solutions ("we", "us", "our"), collects, uses, stores, shares, and protects information from you when you use the Service. If you do not agree with the practices described here, please do not use the Service.

1. Who we are

Business AI Platform is a multi-tenant AI workflow assistant. Each customer organization ("Tenant") receives an isolated workspace where AI agents assist with day-to-day business tasks such as email triage, customer relationship management, and scheduling.

2. Information we collect

2.1 Information you provide directly

Account information: name, email address, organization name, billing address.
Workspace data: files, notes, task lists, and other content you or your team enters into the Service.
Support communications: questions, feedback, or troubleshooting information you send us.

2.2 Information from connected services

The Service works by connecting to the external tools your organization already uses. When you authorize a connection, we access only the data needed to perform the function you requested. We do this via standard OAuth 2.0 flows — you grant permission, you can revoke it at any time.

2.3 Google user data (if you connect a Google account)

If you connect Google Workspace services (Gmail, Google Sheets, Drive), we access the following Google user data via the following OAuth scopes:

gmail.compose — to create email drafts in your Gmail account. Drafts are saved to your Gmail drafts folder for you to review and send. We never automatically send email on your behalf.
gmail.metadata — to read email message metadata (sender, subject, timestamp, labels) for triage. We do not read message bodies under this scope.
spreadsheets.readonly — to read Google Sheets you explicitly connect. We read only the sheets you select, and only when you are actively using the Service.
drive.metadata.readonly — to list your Drive files so you can pick which sheets to connect. We read metadata only — never file contents.

2.4 Information collected automatically

IP address, browser type, device type (for security and debugging).
Timestamps of actions taken within the Service (audit log).
Error reports and diagnostic data when the Service fails.

3. How we use information

We use the information we collect only to operate and improve the Service:

To provide the AI assistant functionality you requested (drafting emails, summarizing inboxes, suggesting replies).
To authenticate you and keep your account secure.
To process billing and manage your subscription.
To send service-related notifications (security alerts, downtime notices, billing issues).
To debug problems and improve reliability.
To comply with legal obligations.

4. How we handle Google user data — Limited Use disclosure

Use of data from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, regarding any data obtained through Google APIs:

We use Google user data only to provide or improve user-facing features that are prominent in the Service's user interface and that the user has explicitly requested.
We do not transfer Google user data to others unless doing so is necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (and only with notice to affected users).
We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
We do not allow humans to read Google user data, except: (a) with the user's specific consent; (b) when necessary for security purposes (e.g., investigating abuse); (c) to comply with applicable law; or (d) when data is aggregated and used for internal operations in compliance with applicable privacy and other legal requirements.

5. How we store data

Your workspace data is stored on servers operated by us in the United States. Each Tenant's data is isolated at the filesystem + container level — one Tenant's data cannot be read by another Tenant's workspace.

Google user data specifically: email drafts created by the Service are stored in your Gmail account, not on our servers. Email metadata we access is processed in memory to power the user interface and is not retained in long-term storage. OAuth refresh tokens are encrypted at rest in a per-Tenant secret store; only our automated systems access them, not humans.

6. Data sharing

We do not sell, rent, or trade your data. We share data only in these specific cases:

Service providers we use to operate the Service (infrastructure, email delivery, payment processing). These providers are contractually bound to protect your data and use it only as we direct.
Legal requirements — if compelled by valid legal process. We will notify you unless prohibited by law.
Business transfers — if we are acquired or merge, your data may be transferred subject to this Privacy Policy and with notice to you.

7. Data retention

We retain your workspace data for as long as your account is active. If you close your account, we retain your data for 30 days to allow recovery, after which it is permanently deleted from active systems (backups may persist for up to 90 days before expiring on a rolling schedule).

Google OAuth tokens are deleted immediately when you disconnect a Google account from the Service or revoke access from your Google Account permissions page.

8. Your rights and choices

Access and export: you may request a copy of the data we hold about you by emailing support@advantecsolution.com.
Correction and deletion: you may update or delete your data at any time from within the Service, or by emailing the address above.
Disconnect integrations: you may disconnect any connected service (Gmail, Outlook, HubSpot, etc.) at any time from the Service's settings. This revokes our access immediately.
Revoke Google access: you may revoke the Service's access to your Google account at any time via https://myaccount.google.com/permissions.
Close your account: email support@advantecsolution.com to request account closure and full data deletion.

9. Security

We use industry-standard security measures to protect your data: TLS 1.2+ in transit, encryption at rest for credentials and tokens, access controls, audit logging, and regular security reviews. Despite these measures, no system is perfectly secure. We will notify you promptly of any breach affecting your data as required by applicable law.

10. Children

The Service is not directed to children under the age of 16 and we do not knowingly collect information from them. If we learn we have collected such information, we will delete it.

11. International data transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your data may be transferred to, stored in, and processed in the U.S.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via email to the primary account contact and posted here with a new "Last updated" date. Continued use of the Service after a change constitutes acceptance of the updated policy.

13. Contact

Questions, requests, or privacy concerns:
Advantec Solutions
Email: support@advantecsolution.com
Houston, TX, USA