Privacy Policy

Effective Date: 2026-05-10 Last Updated: 2026-05-15

This Privacy Policy describes how Apples AI ("we", "us", "our") collects, uses, and discloses information when you use apples.live (the "Service"). Apples AI builds custom AI systems for small and mid-market businesses and operates the apples.live workspace platform.

If you do not agree with this policy, do not use the Service.

1. Information We Collect

We collect the following categories of information:

Information you provide directly:

• Account information when you sign up (name, email address)
• Content you create in your workspace (notes, custom tabs, folders, files)
• Messages you send to the agent chat
• Information you authorize us to access via OAuth (Google account email, profile, and only the specific scopes you approve)

Information collected automatically:

• Usage data (pages viewed, features used, timestamps)
• Device and browser information (user agent, screen size, IP address, approximate geographic location derived from IP)
• Performance metrics (page load time, error events)
• Session identifiers (cookies) for authentication

Information from third parties (only with your consent):

• Google services: when you connect Gmail, Calendar, Drive, Contacts, or other Google APIs through OAuth, we read only the data you authorize. We never store credentials beyond standard OAuth tokens.
• Other connected services you authorize (Stripe, Twilio, etc.) — we only access the data you explicitly grant.

2. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate you and secure your account
• Operate the AI agent on your behalf within your workspace
• Process payments via Stripe (we do not store credit card numbers ourselves)
• Communicate with you about your account, security, and product updates
• Respond to your support requests
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Comply with legal obligations

3. Google User Data — Specific Disclosure

If you sign in with Google or connect Google services to your workspace, we only access the scopes you explicitly approve. Specifically:

• Email and profile: used to identify your account
• Calendar: used only when you ask the agent to read, create, or modify events. We do not share calendar data with third parties or use it for advertising.
• Gmail: used only when you ask the agent to read or send email on your behalf. We do not store email content beyond what is necessary to complete the requested action.
• Drive / Docs / Sheets: used only to access files you explicitly reference. We use the minimum scope necessary (drive.file, not full drive access).
• Contacts / Directory: used only when you ask the agent to look up or reference contacts.

We do not use Google user data to train machine learning models, sell to third parties, or for any purpose other than providing the requested feature within your workspace.

You can revoke our access at any time at https://myaccount.google.com/permissions.

4. Chrome Extension — Specific Disclosure

The Apples Chrome extension (installable from your workspace's Chrome tab) acts as a remote-control surface for your paired apples workspace. It is fully optional and only activates after you pair it with a one-time code generated inside your own workspace.

What the extension stores locally (in chrome.storage.local on your machine, never on our servers in this form):

• A pairing token that authenticates the extension to your workspace
• A non-sensitive label for the paired account (your email)

What the extension sends to our servers, and when:

• Periodically polls our pairing bridge for commands you have issued from your workspace chat (no page data sent during polling)
• When you explicitly issue a command that requires page context (e.g., "summarize this page"), sends the result back — a screenshot of the active tab, extracted text, click coordinates, or accessibility-tree data — only for the page targeted by that command
• When you explicitly ask to sync your browser session for a specific automation, sends the cookies for the domain you named, used only for the duration of that automation

What the extension never does:

• Read or transmit page content in the background
• Take screenshots without an explicit command
• Read cookies without an explicit user instruction
• Send any page data to third parties

You can unpair at any time from the extension's side panel (clears the token from local storage and revokes the server-side pairing) or remove the extension entirely from chrome://extensions.

5. How We Share Information

We do not sell your personal information. We share information only in the following limited cases:

• Service providers: vendors who help us operate the Service (hosting on DigitalOcean, payments via Stripe, email delivery via SendGrid, SMS via Twilio, AI inference via Anthropic). These providers process data on our behalf under contractual data-protection obligations.
• Legal compliance: if required by valid legal process (subpoena, court order, etc.) or to protect rights, property, or safety.
• With your consent: anytime you explicitly direct us to share with a third party (e.g., sharing a tab with a consultant).
• Business transfers: in the event of merger, acquisition, or asset sale, your information may transfer to the acquiring entity, subject to the protections in this policy.

6. Data Retention

• Account data is retained for as long as your account is active.
• Content you create in your workspace is retained until you delete it or close your account.
• OAuth tokens are retained until you revoke access or close your account.
• Logs and metrics are retained for up to 90 days for operational purposes, longer if required for security investigations.
• After account closure, we delete or de-identify personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your information
• Object to or restrict certain processing
• Receive a copy of your information in portable form
• Withdraw consent for any processing based on consent
• Lodge a complaint with a data protection authority

To exercise any of these rights, email nikita@apples.live. We will respond within 30 days.

8. Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption in transit (TLS) for all client connections
• Encryption at rest for sensitive credentials
• Access controls limiting which staff can view customer data
• Regular security review of our infrastructure

No system is perfectly secure. We will notify affected users of any data breach in accordance with applicable law.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

10. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last Updated" date above will reflect the most recent revision.

12. Contact

Questions about this Privacy Policy or our data practices:

Email: nikita@apples.live Mail: Apples AI, c/o Nikita Rogers, Wilmington, DE 19801, USA