Account and Team information
Email address, display name, session state, Team membership, roles, preferences, and settings needed to authenticate users and route work to the correct Team.
OpenTeam
Privacy Policy
This policy explains how OpenTeam.AI handles information for Portal, Team workspaces, Gateway-backed agents, and connected accounts, including Google and Microsoft connectors.
Last updated: May 28, 2026
Information We Collect
Workspace content
Prompts, chats, workflow documents, uploaded files, attachments, feedback, generated outputs, run metadata, and other content users submit or create in Portal.
Connected account data
Connection metadata, account identifiers, OAuth tokens, refresh tokens, and provider data needed to perform user-requested workflows for connected services.
Operational data
Service logs, timestamps, request metadata, error details, Gateway activity, security events, and diagnostics used to operate, secure, debug, and improve Portal.
Google User Data
OpenTeam requests Google access only when a user starts a Google OAuth connection and grants the requested scopes. The exact data available depends on the connector, the scopes granted, and the workflow the user asks OpenTeam to perform.
- Gmail data, such as message and thread metadata, message bodies, attachments, labels, drafts, and send actions, when a user connects Gmail and requests mailbox work.
- Google Drive and Google Docs data, such as file and folder metadata, document content, permissions, and shared-drive information, when a user connects Drive and requests file or document work.
- Google Calendar data, such as calendars, events, availability, attendees, conferencing details, and event changes, when a user connects Calendar and requests scheduling work.
- Google Business Profile data, such as locations, profile fields, posts, reviews, and related listing data, when a user connects Business Profile and requests profile work.
- Google Ads data, such as customer accounts, campaigns, budgets, ad groups, ads, assets, keywords, conversions, recommendations, and performance reports, when a user connects Google Ads and requests advertising management work.
OpenTeam's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including Limited Use requirements. OpenTeam may use Google Ads account data only to help the user manage their own Google Ads accounts at their request, such as creating campaigns, drafting ad content, changing budgets, and reviewing performance. OpenTeam does not use Google API data to serve OpenTeam ads, retarget users, build advertising profiles, sell advertising data, or train generalized AI or ML models.
| Google scope | Use |
|---|---|
| openid | Associates the connected Google Account with the authorized user session. |
| https://www.googleapis.com/auth/userinfo.email | Reads the primary Google Account email address for sign-in, account display, and connector ownership. |
| https://www.googleapis.com/auth/userinfo.profile | Reads basic Google Account profile information for account display and connector ownership. |
| https://www.googleapis.com/auth/gmail.modify | Reads and manages Gmail messages, drafts, labels, and Trash-only mailbox changes requested by the user. |
| https://www.googleapis.com/auth/drive.file | Creates, reads, edits, moves, shares, and trashes Drive files opened, created, selected, or shared for OpenTeam workflows. |
| https://www.googleapis.com/auth/calendar.events | Reads, creates, edits, and removes Google Calendar events requested by the user. |
| https://www.googleapis.com/auth/calendar.app.created | Creates and manages secondary calendars and events created for OpenTeam workflows. |
| https://www.googleapis.com/auth/calendar.calendarlist | Reads, adds, and removes calendars in the user subscription list when needed for scheduling workflows. |
| https://www.googleapis.com/auth/business.manage | Reads and updates Google Business Profile accounts, locations, posts, reviews, and listing data requested by the user. |
| https://www.googleapis.com/auth/adwords | Reads and manages Google Ads customer accounts, campaigns, budgets, ad groups, ads, assets, keywords, conversions, recommendations, and reports requested by the user. |
- OpenTeam does not use Gmail full mailbox access to permanently delete messages. Gmail deletion workflows move messages or threads to Trash.
- Drive deletion workflows move files to Trash where supported.
- Google Ads budget, campaign, ad, conversion, or recommendation changes are performed only through user-authorized workflows.
Microsoft User Data
OpenTeam requests Microsoft access only when a user starts a Microsoft OAuth connection and grants the requested scopes. The exact data available depends on the connector, the scopes granted, and the workflow the user asks OpenTeam to perform.
- OneDrive data, such as file and folder metadata, document content, permissions, sharing links, and file contents, when a user connects OneDrive and requests file or folder work.
- Outlook, SharePoint, and Teams data only when a user connects those Microsoft 365 services and requests the matching mailbox, calendar, site, document, chat, or channel workflow.
| Microsoft scope | Use |
|---|---|
| openid profile email offline_access User.Read | Associates the connected Microsoft account with the authorized user session and allows token refresh for user-requested workflows. |
| Files.ReadWrite | Reads, creates, updates, and deletes the signed-in user's OneDrive files when requested by the user. |
How We Use Information
- Authenticate users, manage sessions, and enforce Team access controls.
- Provide Portal, Gateway, connector, file, chat, workflow, scheduling, and agent execution features.
- Retrieve, summarize, draft, create, update, send, or otherwise process connected-account data only as requested or authorized by users.
- Use connected-account data as context for AI-assisted actions requested by the user, such as summarizing messages, drafting replies, organizing Drive or OneDrive files, scheduling events, updating business profiles, or preparing Google Ads campaign changes.
- Store connection records and refresh provider access tokens so authorized workflows can continue without asking users to reconnect every session.
- Protect Portal, detect abuse, investigate incidents, troubleshoot errors, and maintain service reliability.
- Comply with legal obligations, enforce agreements, and respond to valid legal or security requests.
Sharing And Transfers
OpenTeam does not sell personal information or connected-account data. We share information only in the limited situations needed to provide, secure, and support Portal.
- Within a Team, according to Team membership, connection visibility, and user-selected sharing settings.
- With Gateway runtimes and MCP services that execute user-requested workflows for the selected Team and connection.
- With infrastructure, hosting, database, logging, email, payment, security, and support providers that process data on OpenTeam's behalf.
- With third-party services when a user explicitly asks Portal to send, save, publish, share, or otherwise transmit data through that service.
- When required to comply with law, protect rights and safety, investigate abuse, or complete a business transfer subject to appropriate protections.
Security
- OAuth secrets, refresh tokens, and provider access tokens are encrypted at rest.
- Portal uses authenticated runtime credential endpoints scoped to the selected Gateway, Team, and connection ids.
- Browser responses and normal UI surfaces expose non-secret connection metadata instead of raw provider secrets.
- Access to production systems and security logs is restricted to authorized operators with an operational need.
- Security events, connector setup, runtime credential access, API errors, and Gateway activity are logged for review and investigation.
Retention And Deletion
OpenTeam keeps workspace, connection, and operational information for as long as needed to provide Portal, maintain security, meet legal obligations, resolve disputes, and enforce agreements.
Disconnecting a connector removes that connection from normal runtime credential access. Routine backups are generally retained for up to 35 days, and audit, security, abuse-prevention, and support logs are generally retained for up to 400 days unless a longer period is required for legal, security, or dispute-resolution reasons.
User Choices
- Disconnect a connected account in Portal Apps.
- Revoke Google OAuth access from the user's Google Account security settings.
- Revoke Microsoft OAuth access from the user's Microsoft account or organization app-consent settings.
- Change eligible personal connector visibility between Private and Team access.
- Request deletion or export of Portal data by contacting OpenTeam.
- Ask questions about this policy or report a privacy concern.
Contact
For privacy questions, data requests, or concerns about connected-account data, contact [email protected] .