← Home← Dashboard

Privacy Policy

Version 1.0 · Effective April 13, 2026 · Last updated April 13, 2026

1. Introduction

DiviDen (“we,” “us,” or “our”) operates the DiviDen Command Center platform at dividen.ai (the “Platform”). This Privacy Policy describes how we collect, use, store, share, and protect your personal information and data when you use our Platform and Services.

By using DiviDen, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

This policy also covers our use of data obtained through Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

2. Information We Collect

2.1 Account Information. When you create an account, we collect:

  • Name and email address
  • Password (stored as a one-way cryptographic hash — we never store plaintext passwords)
  • Profile information you choose to provide (headline, bio, skills, languages, timezone, etc.)

2.2 Data You Create on the Platform. Through normal use, you create and store:

  • Kanban cards, projects, tasks, and checklist items
  • CRM contacts and relationship data
  • Documents, notes, and reports
  • Chat conversations with your AI agent
  • Queue items, goals, and calendar events
  • Agent marketplace listings and configurations

2.3 Data From Connected Services (Google & Other Integrations). When you connect external services, we access and store data from those services to power DiviDen's signal triage and agent capabilities. Specifically:

Google Services (via OAuth 2.0):

  • Gmail — Email messages (sender, recipient, subject, body, timestamps, thread IDs, labels) for inbox triage, email drafting, and communication tracking
  • Google Calendar — Events (title, time, location, attendees, description) for scheduling, meeting prep, and follow-up task extraction
  • Google Drive — File metadata (name, type, modified date, sharing status) and file contents for document triage and project context
  • Google Meet — Meeting transcripts and recordings metadata for extracting action items and decisions
  • Profile Info — Your Google account name and email address to identify your connected account

2.4 Automatically Collected Data. We collect standard technical information:

  • IP addresses (for security and rate limiting)
  • Browser type, device type, and operating system
  • Pages visited and features used (for improving the Platform)
  • Timestamps of actions

3. How We Use Your Data

We use collected data solely to provide and improve the DiviDen Platform:

  • Providing the Service — Powering your AI agent (Divi), triaging signals, managing tasks, routing relays, and executing marketplace agents
  • Signal Triage — Analyzing connected data sources (email, calendar, drive, recordings) to extract actionable tasks and route them to project cards
  • AI Processing — Sending relevant context to AI language model providers to generate agent responses, summaries, and task recommendations
  • Communication — Sending emails on your behalf (when you configure and approve outbound email capabilities), delivering relay messages between connected users
  • Platform Improvement — Aggregated, anonymized usage analytics to improve features and performance
  • Security — Detecting and preventing unauthorized access, fraud, and abuse

4. Google User Data — Limited Use Disclosure

DiviDen's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 What Google Data We Access. When you connect your Google account, we request access to:

  • gmail.readonly — Read your email messages for inbox triage
  • gmail.send — Send emails on your behalf (only when you configure and explicitly approve each outbound email)
  • gmail.compose — Draft email replies in the context of existing threads
  • calendar.readonly — Read your calendar events for scheduling context
  • calendar.events — Create and manage calendar events (meeting scheduling)
  • drive.readonly — Read file metadata and contents for document triage
  • userinfo.email and userinfo.profile — Identify your Google account

4.2 How We Use Google Data.

  • To display your emails, events, and files within the DiviDen dashboard for triage and task extraction
  • To send AI-composed context to your configured AI provider so Divi can summarize, prioritize, and suggest actions
  • To send emails and create calendar events on your behalf, only when you explicitly approve each action
  • To extract meeting transcripts from Google Meet recordings saved in your Drive

4.3 What We Do NOT Do With Google Data.

  • We do not sell, rent, or trade your Google user data to any third party
  • We do not use your Google data for advertising, retargeting, or interest-based ad serving
  • We do not use your Google data to determine creditworthiness or for lending purposes
  • We do not use your Google data to build user profiles for selling to third parties
  • We do not use your Google data to train general-purpose AI or machine learning models
  • We do not transfer your Google data to any third party except as necessary to provide the Services (i.e., your configured AI language model provider) and as explicitly disclosed in this policy

4.4 AI Processing of Google Data. When Divi triages your email, calendar, or documents, relevant excerpts are sent to your configured AI language model provider (e.g., OpenAI, Anthropic) for processing. This is done solely to provide DiviDen's core features — task extraction, summarization, and response drafting. The AI provider processes this data according to their own API terms, which typically prohibit training on API data. We send only the minimum context necessary for each interaction.

4.5 Google Data Storage & Retention.

  • Google data (emails, events, files) is stored in your DiviDen database to enable offline access and historical triage
  • OAuth tokens (access tokens and refresh tokens) are stored encrypted and are used only to authenticate API requests to Google on your behalf
  • You can disconnect your Google account at any time via Settings → Integrations, which revokes our access and deletes stored OAuth tokens
  • Upon account deletion, all stored Google data is permanently removed from our systems

5. Data Sharing & Third Parties

We share your data only in the following circumstances:

  • AI Language Model Providers — Relevant context from your data is sent to your configured AI provider (e.g., OpenAI, Anthropic) to generate agent responses. We send only the minimum context necessary. These providers process data per their API terms.
  • Connected Users (Relays) — When you send or receive relay messages with other DiviDen users, the content of those relays is shared between the connected parties. You control who you connect with and what relay permissions you grant.
  • Federated Instances — If you enable federation with external DiviDen instances, relay data traverses network boundaries to those instances. You control federation settings.
  • Bubble Store — If you list agents on the Bubble Store, your agent listing (title, description, pricing) is publicly visible. Execution data is shared between you and the subscribing user.
  • Infrastructure Providers — We use hosting, database, and storage providers to operate the Platform. These providers process data on our behalf under data processing agreements.
  • Legal Requirements — We may disclose data if required by law, subpoena, court order, or government request.

We do not sell your personal data to any third party.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS/HTTPS
  • Passwords are stored as one-way cryptographic hashes (bcrypt)
  • OAuth tokens are stored encrypted at rest
  • Database access is restricted to authenticated and authorized application code
  • API endpoints require authentication via session tokens
  • Administrative access is protected by separate credentials

No system is perfectly secure. We cannot guarantee absolute security, but we take reasonable measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

7. Data Retention & Deletion

7.1 Retention. We retain your data for as long as your account is active or as needed to provide the Services. Data from connected services (Google, etc.) is retained to enable historical triage and context building.

7.2 Account Deletion. You may request deletion of your account and all associated data at any time by contacting us or using the account deletion feature (when available). Upon deletion:

  • All personal data, contacts, cards, documents, and chat history are permanently deleted
  • All connected service data (emails, events, files) is permanently deleted
  • All OAuth tokens are revoked and deleted
  • Marketplace agent listings are removed
  • Some anonymized, aggregated data may be retained for analytics purposes

7.3 Disconnecting Services. You can disconnect individual services (e.g., Google) at any time via Settings → Integrations. Disconnecting revokes our OAuth access and deletes stored tokens. Previously synced data (emails, events) may be retained in your account unless you explicitly request deletion.

8. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data (see Section 7)
  • Portability — Request your data in a portable format
  • Revoke Consent — Disconnect any connected service or withdraw consent for data processing at any time
  • Restrict Processing — Request that we limit how we use your data

To exercise any of these rights, contact us at privacy@dividen.ai. You can also manage your Google account permissions directly at myaccount.google.com/permissions.

9. Children's Privacy

DiviDen is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will take steps to delete that information promptly.

10. Cookies & Local Storage

We use cookies and local storage for:

  • Authentication — Session cookies to keep you logged in
  • Preferences — Storing UI preferences (theme, layout settings)

We do not use cookies for advertising or third-party tracking.

11. International Data Transfers

DiviDen operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and infrastructure providers are located. By using the Platform, you consent to such transfers.

12. Self-Hosted Instances

If you use a self-hosted DiviDen instance, you are the data controller for all data on that instance. This Privacy Policy applies only to the managed platform at dividen.ai. Self-hosted operators are responsible for their own privacy policies and data handling practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email. The “Last updated” date at the top reflects the most recent revision. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, requests, or concerns:

For Google-specific data concerns, you can also manage or revoke DiviDen's access to your Google account at Google Account Permissions.

DiviDen Command Center · Privacy Policy v1.0

Terms of ServiceHome