Ush Privacy Policy

Effective date: May 6, 2026

Last updated: May 6, 2026

This Privacy Policy explains how Ush Technology Ltd, a company incorporated in England and Wales (company number 16376776), with registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom ("Ush", "we", "us", or "our"), collects, uses, stores, shares, and protects information when you use our meeting-scheduling Service available at ush.team and missioncontrol.ush.team (the "Service"). It also describes your rights and how to exercise them.

Ush is an AI-assisted executive-assistant platform. To deliver scheduling decisions on your behalf, the Service connects to your Google account to read messages relevant to meeting requests, read your calendar availability, and create or update calendar events with your authorisation. Where Google Workspace data is involved, our use of that data is strictly limited as described in the section "Google API Services — Limited Use" below.

1. Data Controller and Contact

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, the EU General Data Protection Regulation ("EU GDPR") for EEA users, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and comparable laws, Ush Technology Ltd is the data controller. You can contact us at:

  • Company: Ush Technology Ltd (registered in England and Wales, company number 16376776)
  • Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
  • Email: [email protected]
  • Privacy / data-subject requests: [email protected] (subject line: "Privacy Request")

We have not appointed a Data Protection Officer (DPO) where one is not required by law; all privacy matters are handled by the team available at [email protected].

2. Definitions

Capitalised terms used in this Policy have the following meanings:

  • Account — the unique account created for you to access the Service.
  • Personal Data — any information relating to an identified or identifiable natural person, as defined under the UK GDPR, EU GDPR, and CCPA/CPRA.
  • Google Workspace Data — data accessed via Google APIs under the OAuth scopes you grant, including Gmail messages and metadata, Google Calendar events, and Google profile information.
  • Service Provider / Sub-processor — a third party that processes Personal Data on our behalf under written contract.
  • Usage Data — data collected automatically about how the Service is used, such as IP address, browser, device, pages visited, and timestamps.
  • User — a natural person using the Service, in either a Principal or Executive Assistant role.

3. Information We Collect

3.1 Information you provide directly

  • Account profile: name, email address, time zone (you may correct or supplement what is imported from Google).
  • Locations and travel preferences: home address, office address, preferred transport mode, and travel-schedule entries (cities, dates, temporary home addresses).
  • Scheduling preferences and rules: scoring weights, meeting-type colour preferences, scheduling mode, explicit user rules, and free-text notes (including Executive Assistant notes).
  • Identity-relationship information: email addresses of the Principal(s) and Executive Assistant(s) you authorise, and whether the Principal/EA relationship has been confirmed.
  • Support communications: messages you send to [email protected] and any chat content you submit inside the Service.

3.2 Information from Google Workspace APIs (with your authorisation)

When you sign in with Google and grant the requested OAuth scopes, we access the following Google Workspace data on your behalf, solely to operate user-facing features of the Service:

  • Profile and email address (openid, profile, email scopes) — to identify your Account and personalise the Service.
  • Gmail messages and metadata (gmail.readonly scope) — message ID, thread ID, subject, sender, received-at timestamp, and message body — to surface, classify, summarise, and extract scheduling-relevant context for you.
  • Ability to compose drafts and send replies on your behalf (gmail.send / gmail.compose scopes) — solely to draft and, with your direction, send scheduling-related replies.
  • Calendar events and availability (calendar.readonly, calendar.events scopes) — event summary, description, start/end times, attendees, location, recurrence, and transparency — to read availability and create or update meetings on your behalf.

Encrypted credentials. Google OAuth access and refresh tokens are encrypted at rest using Fernet (AES-128 in CBC with HMAC-SHA256) and are accessed only by service components that need them to call Google APIs on your behalf.

Use of OpenAI to process Google Workspace Data. Where the Service uses the OpenAI API to analyse meeting-related Gmail content or to draft replies, the relevant message text is transmitted to OpenAI solely to produce the user-facing output. OpenAI does not use this data to train or improve its models, and retains it only for a short abuse-monitoring window before deletion (see Section 6).

3.3 Information generated by the Service

To deliver scheduling decisions, the Service derives further information from the data above:

  • Email-classification results: whether an email is a meeting request, classification source, ignore patterns, and supersede-state metadata.
  • Extracted meeting-request fields: title, duration, sender, sender time zone, location and location options, meeting type, meal type, parties, forwarded-from data, notes, and structured constraints — produced by large-language-model (LLM) analysis of the source email content you authorised us to read.
  • Geocoded geographic data: latitude/longitude for offices, homes, meeting locations, and travel destinations — produced via the Google Maps Geocoding API.
  • Scheduling artefacts: proposed slots, slot scores, slot rejections (with the reasoning text the model used), and decline snapshots used to improve your own future scheduling.
  • Implicit user rules and calendar patterns: preferences inferred from your past scheduling behaviour, used only for your account.
  • Diagnostic and debug fields: model prompts and inputs (e.g., llm_input, slot_generation_llm_prompt) retained to investigate scheduling-quality issues for your account.

3.4 Authentication, session and operational data

  • Sessions: server-side session identifiers and expiry timestamps.
  • Admin support data: time-limited admin impersonation tokens are created only when an authorised Ush operator needs to investigate a support issue on your account; their use is logged.
  • Background processing: job queue entries and worker operation records used to run the Service reliably.
  • Sync state: Gmail history IDs, Calendar sync tokens, and last-sync timestamps used to keep the Service efficient and incremental.

3.5 Usage data and cookies

  • Usage Data: IP address, browser type and version, device identifiers, pages visited, time spent, and similar diagnostics.
  • Cookies and similar technologies: a session cookie (Secure, HttpOnly, SameSite=Lax) used to maintain your authenticated session, and short-lived cookies used for cross-site request forgery (CSRF) protection. We do not use third-party advertising or cross-site tracking cookies.

You can configure your browser to refuse cookies; if you do, parts of the Service that require an authenticated session will not function.

4. How We Use Your Information

We use the information described above strictly for the following purposes:

  • To provide, secure, and operate the Service, including reading meeting-related emails, extracting scheduling intent, proposing time slots, holding tentative slots, and creating or updating calendar events on your behalf.
  • To personalise scheduling for you, including by learning your stated and observed preferences and applying them only to your own account.
  • To authenticate you and protect your Account.
  • To provide customer support and respond to your requests.
  • To monitor, debug, and improve the reliability and quality of the Service for the user that authorised the access.
  • To comply with legal obligations and respond to lawful requests from public authorities.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.

4.1 Legal bases (UK GDPR / EU GDPR)

  • Performance of a contract (Art. 6(1)(b)) — to deliver the Service you have requested.
  • Your consent (Art. 6(1)(a)) — for OAuth scopes you grant to Google APIs and any optional features that ask for explicit consent. You may withdraw consent at any time.
  • Legal obligations (Art. 6(1)(c)) — to comply with applicable law.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, and operate and improve the Service for the authorising user, where these interests are not overridden by your rights.

5. Google API Services — Limited Use & No AI/ML Training

Limited Use commitment. Ush's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google user data only to provide and improve user-facing features that are prominent in the Service's user interface (meeting-request analysis, slot proposal, drafting and sending scheduling replies, and calendar event creation/update on your behalf).
  • We do not transfer Google user data to third parties except (a) as necessary to provide or improve user-facing features that are prominent in the Service's user interface and only under contractual confidentiality and use-restriction terms, (b) to comply with applicable law or valid legal process, or (c) as part of a merger, acquisition, or sale of assets, with notice to users.
  • We do not use Google user data for serving advertisements, including retargeting or personalised advertising.
  • We do not sell Google user data.

No AI/ML training on Google Workspace data. We expressly affirm that we do not use Google Workspace APIs — nor any data accessed, retrieved, processed, or stored through them, including Gmail message content, attachments, headers, metadata, or Google Calendar events — to develop, improve, evaluate, fine-tune, or train generalised or non-personalised artificial intelligence (AI) and/or machine learning (ML) models, including large language models. Where the Service uses third-party AI models to generate summaries, classifications, extracted fields, or draft replies, those models are operated under contractual terms that prohibit the model provider from using Ush user data to train or improve their generalised models, and any processing is performed solely to deliver the user-facing feature requested by the user that authorised the access.

Human access to Google user data. Humans (including Ush personnel) do not read your Google user data except: (a) with your affirmative agreement for specific messages; (b) where strictly necessary for security purposes (such as investigating abuse); (c) to comply with applicable law; or (d) where the data has been aggregated and de-identified so that it cannot be associated with any individual user.

Revoking Google access. You can revoke Ush's access to your Google Account at any time at https://myaccount.google.com/permissions. Once access is revoked, we will delete the associated Google user data within thirty (30) days, except where retention is required to comply with applicable law.

6. Sub-processors and Third-Party Services

We engage carefully selected service providers to operate the Service. Each sub-processor is bound by a written agreement requiring confidentiality, security, purpose-limitation and, where applicable, data-protection terms. The principal sub-processors are:

  • Google Cloud (Alphabet Inc.) — application hosting, managed databases, networking, logging, and operation of the Gmail, Calendar, and Maps Geocoding APIs that the Service calls on your behalf. Region: as configured in our Google Cloud project; data may be processed in the United States and other regions where Google operates.
  • OpenAI, L.L.C. (OpenAI API) — used to classify emails, extract scheduling intent, and draft replies. Inputs and outputs sent to the OpenAI API are processed under OpenAI's API data-usage policy, under which OpenAI does not use API inputs or outputs to train or improve its models. OpenAI retains API data for a limited period (currently up to thirty (30) days) for abuse and misuse monitoring, and then deletes it, except where a longer retention is required by law.

Customer-support requests are handled directly through email ([email protected]) using Google Workspace; we do not use a separate third-party help-desk tool. An up-to-date list of sub-processors is available on request to [email protected].

7. How We Share Information

We share Personal Data only in the following limited circumstances:

  • With sub-processors, as described in Section 6, under written data-protection contracts.
  • With other users you have explicitly authorised, for example to allow an Executive Assistant you have approved to schedule on your behalf.
  • With public authorities, when required to comply with applicable law, valid legal process, or lawful government requests.
  • In a corporate transaction (merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or part of our assets), with notice to affected users and only where the recipient is bound to honour this Policy or a substantially similar one.

We do not sell or rent your Personal Data. We have not, in the preceding twelve (12) months, sold or shared Personal Data for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA, and we do not intend to do so in the future. We do not use Google Workspace data for advertising of any kind.

8. Data Retention

We retain Personal Data only for as long as is necessary for the purposes described in this Policy:

  • Account, scheduling, and Google Workspace data: for the lifetime of your Account, and deleted within thirty (30) days after Account deletion or OAuth revocation, except where retention is required to comply with applicable law.
  • Backups: encrypted backups are retained for a recovery window of thirty (30) days. After that window, deleted records are also removed from backups in the ordinary course of rotation.
  • Operational logs and Usage Data: retained for up to twelve (12) months for security, debugging, and abuse-prevention purposes.
  • Support records: retained for up to twenty-four (24) months after the support interaction.
  • Legal-hold data: retained for the duration of the relevant legal obligation or dispute.

You may request earlier deletion of your Account and associated data at any time by emailing [email protected].

9. Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data, including:

  • Encryption in transit using TLS 1.2 or TLS 1.3 for all client–server communication and for calls to upstream APIs.
  • Encryption at rest for primary databases and backups.
  • Application-level encryption (Fernet) for Google OAuth access and refresh tokens.
  • Role-based access controls; principle of least privilege; access logging and monitoring.
  • Time-limited, audit-logged admin impersonation tokens used only for support investigations.
  • Secure software-development practices, dependency monitoring, and vulnerability management.
  • Annual independent assessment of the application against the Google Cloud Application Security Assessment (CASA) Tier 2 framework.

No method of transmission or storage is 100% secure. While we strive to protect your Personal Data, we cannot guarantee absolute security. If we become aware of a personal-data breach affecting your data, we will notify you and, where required, the relevant supervisory authority within the timelines set by applicable law.

10. International Data Transfers

Ush is established in the United Kingdom and processes data on Google Cloud infrastructure that may be located in the United States and other regions where Google operates. Where we transfer Personal Data from the United Kingdom to a country that has not received UK adequacy regulations, we rely on the UK International Data Transfer Agreement (IDTA) or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, supplemented by appropriate technical and organisational measures. Where we transfer Personal Data from the European Economic Area to a country without an EU adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), supplemented by appropriate technical and organisational measures. You may request a copy of the relevant safeguards by emailing [email protected].

11. Your Rights

Depending on your location, you may have the following rights with respect to your Personal Data:

  • Right of access — to obtain confirmation of whether we process Personal Data about you and a copy of that data.
  • Right to rectification — to correct inaccurate or incomplete Personal Data.
  • Right to erasure ("right to be forgotten") — to have your Personal Data deleted in defined circumstances.
  • Right to restrict or object to processing.
  • Right to data portability — to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
  • Right to lodge a complaint with a supervisory authority — for example the UK Information Commissioner's Office (ICO) at https://ico.org.uk, your local EEA supervisory authority, or the California Privacy Protection Agency.

California residents additionally have the rights to know, delete, correct, and limit the use of sensitive personal information, and to opt out of any "sale" or "sharing" of personal information. As stated above, we do not sell or share Personal Data for cross-context behavioural advertising.

To exercise any of these rights, email [email protected]. We will verify your identity before responding and will respond within the timeframes required by applicable law (typically 30 days under GDPR and 45 days under CCPA/CPRA, extendable as permitted).

12. Children's Privacy

The Service is not directed to, and is not intended for, children. The Service is offered only to adults aged sixteen (16) or older, and we do not knowingly collect or process Personal Data from anyone under sixteen. If you believe a child under sixteen has provided us with Personal Data, please contact [email protected] and we will take prompt steps to delete it.

13. California-Specific Disclosures (CCPA/CPRA)

In the preceding twelve (12) months we have collected the following categories of Personal Information (as defined under the CCPA/CPRA):

  • Identifiers (name, email address, account ID).
  • Customer-records information (postal addresses for home and office).
  • Internet/network activity (IP address, device, browser, session and Service-usage data).
  • Geolocation (geocoded addresses and meeting locations; we do not collect precise GPS location from your device).
  • Electronic communications content (Gmail message content and Calendar events you have authorised us to read), which constitute Sensitive Personal Information under the CPRA.
  • Inferences drawn from the above (scheduling preferences, implicit rules).

Sources, purposes, and disclosures for each category are described in Sections 3, 4, 6, and 7. We use Sensitive Personal Information only for the purposes permitted under California Civil Code § 1798.121 (performing the services you reasonably expect, security, debugging, and similar).

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where required by law, notify you (for example by email or in-product notice) at least thirty (30) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, comments, or complaints about this Policy or about how we handle your Personal Data, please contact us at [email protected].