Caddie AI (“Caddie,” “we,” “us,” or “our”) provides a Slack-native AI assistant that helps professionals with sales, marketing, operations, and productivity tasks. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Caddie AI application (“Service”), including information obtained through third-party services such as Google APIs. By installing or using Caddie AI, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information from Slack

When you install and use Caddie AI in your Slack workspace, we receive and process the following data through Slack’s APIs:

User identifiers: Your Slack user ID, display name, and workspace ID.
Messages sent to Caddie: The content of direct messages and mentions you send to the Caddie AI bot. We do not access messages in channels where Caddie is not directly invoked.
Workspace metadata: Basic workspace information required for the application to function (workspace name, workspace ID).

1.2 Information from Google Services

When you connect your Google account to Caddie AI, we may access the following types of data depending on the permissions you grant:

Gmail: Email message content, headers, metadata, and labels — accessed only when you explicitly request Caddie to read, draft, or send emails on your behalf.
Google Calendar: Calendar events, attendees, and scheduling details — accessed only when you explicitly request Caddie to view, create, or manage calendar events.
Google Drive: File names, metadata, and content — accessed only when you explicitly request Caddie to find, read, or reference files in your Drive.
Google Sheets: Spreadsheet data — accessed only when you explicitly request Caddie to read or update spreadsheet information.

We access Google user data only in direct response to your explicit requests within a Caddie conversation. We do not continuously sync, bulk-download, index, crawl, or background-scan your Google account data.

1.3 Information from Other Connected Third-Party Tools

Caddie AI allows you to optionally connect additional external tools (such as CRM platforms and other productivity services) to enhance its capabilities. When you authorize a connection, we may receive:

OAuth tokens: Encrypted authentication credentials that allow Caddie to act on your behalf within the connected service.
Data accessed on your behalf: Information retrieved from connected services only when you request it through a Caddie interaction (e.g., pulling a contact from your CRM).

1.4 Usage and Preference Data

Skills and preferences: Custom rules, preferences, and skill configurations you set within Caddie.
Interaction history: Records of your interactions with Caddie to improve personalization and continuity.
Usage analytics: Aggregated, non-personally-identifiable usage data such as feature usage frequency and message counts, used to improve the Service.

1.5 Billing Information

If you subscribe to a paid plan, payment processing is handled entirely by our third-party billing provider. We do not store credit card numbers, bank account details, or other payment credentials on our servers.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Processing your messages, executing requested tasks, and delivering AI-powered responses within Slack.
AI Processing: Your messages to Caddie — including relevant context from connected tools needed to fulfill your request — are sent to our third-party AI model provider for natural language processing. These providers process the data to generate responses and do not use your data to train their models.
Personalization: Storing your preferences, skills, and interaction context to deliver a more relevant and helpful experience over time.
Service improvement: Analyzing aggregated, anonymized usage patterns to improve features, reliability, and performance.
Support: Responding to your questions, troubleshooting issues, and communicating important service updates.
Billing: Managing your subscription and processing payments through our billing provider.

We do not sell your personal data. We do not use your data for advertising, including retargeting, personalized, or interest-based advertising. We do not combine your data with data from other sources for purposes unrelated to providing the Service.

3. Google User Data: Limited Use Disclosure

Google API Services User Data Policy Compliance

Caddie AI’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In addition to the general practices described in this Privacy Policy, the following specific commitments apply to all data obtained through Google APIs (“Google User Data”):

3.1 Limited Use

We limit our use of Google User Data to providing and improving user-facing features of the Service that are prominent in the application’s user interface. Specifically:

Google User Data is used only to provide or improve the functionality you directly request (e.g., reading an email, scheduling a meeting, finding a file).
We do not use Google User Data for serving advertisements, including retargeting, personalized, or interest-based advertising.
We do not use Google User Data to determine credit-worthiness or for lending purposes.
We do not sell, rent, or trade Google User Data to third parties, including advertising platforms, data brokers, or information resellers.
We do not use Google User Data to train generalized, foundational, or non-personalized artificial intelligence or machine learning models. Google User Data is never used to create, train, or improve models beyond those that serve the individual user who provided the data.

3.2 Data Transfer Restrictions

We only transfer Google User Data to others in the following circumstances:

When necessary to provide or improve user-facing features that are visible and prominent in the Service’s interface.
To comply with applicable laws or regulations.
As part of a merger, acquisition, or sale of assets, with prior notice provided to users.
To our AI model provider strictly to process your explicit requests and generate responses — the provider does not retain this data beyond immediate processing and does not use it for model training.

3.3 Human Access to Google User Data

We do not allow humans to read your Google User Data except in the following limited circumstances:

You have provided your affirmative consent (e.g., for customer support troubleshooting at your request).
It is necessary for security purposes, such as investigating a bug or abuse.
It is necessary to comply with applicable law.
The data (including derivations) has been aggregated and anonymized and is used only for internal operations.

3.4 Data Protection for Google User Data

We protect Google User Data with industry-standard security measures, including:

Encryption of all data in transit using TLS and at rest using AES-256 or equivalent.
Encrypted storage of all OAuth tokens and authentication credentials.
Strict access controls that limit employee and contractor access to Google User Data to those with a legitimate need.
Regular review and auditing of our security practices.

4. How We Share Your Information

We share your information only in the following circumstances:

AI processing provider: Message content and relevant context from connected tools are sent to our AI model provider to generate responses. This provider operates under strict data processing agreements, does not retain your data beyond what is needed to process each request, and does not use your data for model training.
Third-party tool providers: When you connect external tools, data flows between Caddie and those services as necessary to fulfill your requests, governed by each provider’s own privacy policy.
Infrastructure providers: We use cloud hosting and database services to operate the Service. Your data is stored with industry-standard security protections, including encryption at rest and in transit.
Billing provider: Subscription and payment data is processed by our billing provider. We do not store sensitive payment information.
Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

Account and preference data: Retained for the duration of your use of the Service.
Interaction history: Retained to provide continuity and personalization. You may request deletion at any time.
Connected tool credentials: OAuth tokens are retained while the connection is active. When you disconnect a tool, the associated credentials are deleted promptly.
Google User Data: Data retrieved from Google services is processed in real time to fulfill your request and is not permanently stored in our systems beyond what is necessary for the immediate interaction. Cached data is purged in accordance with applicable cache headers and our retention schedule.
AI processing: Message content sent to our AI model provider is not retained by the provider beyond the immediate processing of each request.

When you uninstall Caddie AI from your Slack workspace, disconnect your Google account, or submit a written deletion request, we will delete all associated data — including any stored Google User Data — within 14 business days.

When the data retention period expires for a given type of data, we will delete or securely destroy it.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS) and at rest (AES-256 or equivalent).
Encrypted storage of OAuth tokens and authentication credentials.
Role-based access controls limiting internal access to user data.
Regular security reviews of our infrastructure and application code.
Secure handling of all data obtained through Google APIs and other connected services.

While we take reasonable and appropriate steps to protect your data against unauthorized or unlawful access, use, destruction, loss, alteration, or disclosure, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your data:

Access: You may request a copy of the personal data we hold about you, including any Google User Data.
Correction: You may request that we correct any inaccurate information.
Deletion: You may request deletion of your data at any time. We will process deletion requests within 14 business days. This includes all Google User Data associated with your account.
Data portability: You may request a machine-readable export of your data.
Disconnect tools: You may disconnect any connected third-party tool at any time through the Caddie AI App Home in Slack, which immediately revokes access.
Revoke Google access: You may revoke Caddie AI’s access to your Google account at any time through your Google Account permissions page or by disconnecting within Caddie. Upon revocation, we will delete stored Google User Data associated with your account.
Uninstall: You may uninstall Caddie AI from your Slack workspace at any time, which triggers deletion of all your associated data.

To exercise any of these rights, please contact us using the information below.

8. Data Received but Not Used

In the course of operating within Slack and processing API payloads from connected services (including Google APIs), Caddie AI may receive certain data (such as user IDs in event payloads, metadata in command invocations, or incidental data in API responses) that we do not use for any purpose beyond the immediate processing of the interaction. This data is not stored, analyzed, or shared.

9. Children’s Privacy

Caddie AI is designed for use by professionals in a workplace context. We do not knowingly collect information from children under the age of 16. If we learn that we have collected personal data from a child under 16, we will delete that information promptly.

10. International Data Transfers

Your data may be processed and stored in countries other than your own, including the United States. By using the Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or by other appropriate means and update the “Effective Date” above. If we change the way we use Google User Data, we will notify you and prompt you to consent to the updated practices before applying them to data previously collected under the prior policy. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or need to make any request related to your personal data (including Google User Data), please contact us:

Caddie AI
Email: support@caddieagent.ai
Website: https://caddieagent.ai