Cynthia Concierge

Effective Date: February 15, 2026 · Last Updated: February 15, 2026

Cynthia Concierge ("Cynthia," "we," "us," or "our") is an AI-powered assistant service operated by Cynthia Concierge LLC. This Privacy Policy describes how we collect, use, store, and protect your information when you use our services, including connections to third-party platforms such as Google Workspace.

1. Information We Collect

1.1 Account Information

When you sign up for Cynthia, we collect your phone number and any profile information you provide during conversations (such as your name, business name, and email address).

1.2 Conversation Data

We process the messages you send to Cynthia in order to provide our AI assistant services. This includes text messages, voice messages, images, and files you share.

1.3 Third-Party Service Data

When you connect third-party services through our platform, we access data from those services solely to perform tasks you request. This includes:

Google Calendar: Calendar events, event details, and scheduling information to manage your calendar on your behalf.
Gmail: Email messages, subjects, senders, and recipients to read, search, and send emails as you direct.
Google Drive & Sheets: Files, documents, and spreadsheet data to create, read, and organize documents you request.
Google Forms: Form structure and responses to create forms or retrieve submission data at your direction.

2. How We Use Your Information

We use the information we collect exclusively to:

Provide, operate, and improve our AI assistant services
Execute tasks you request (sending emails, managing calendars, creating documents, etc.)
Maintain conversation context to deliver a personalized experience
Send you service-related notifications
Ensure service security and prevent abuse

We do not use your data to train AI models. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

3. Google API Services — Limited Use Disclosure

Cynthia Concierge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only access Google user data that is necessary to provide the features you explicitly request.
We do not use Google user data for serving advertisements.
We do not allow humans to read your Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (such as investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
We do not transfer Google user data to third parties except as necessary to provide and improve our services, as required by law, or as part of a merger/acquisition with adequate data protection commitments.

4. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including:

TLS/HTTPS encryption for all data in transit
Encrypted storage for credentials and authentication tokens
Access controls limiting data access to authorized systems only
Regular security reviews and updates

OAuth tokens for connected services (such as Google) are managed through Nango, a SOC 2 Type II certified OAuth token management platform. We never store your Google account password.

5. Data Sharing

We do not sell your data. We share data only in the following limited circumstances:

Service providers: We use third-party infrastructure providers (cloud hosting, token management) that process data on our behalf under strict contractual obligations.
At your direction: When you instruct Cynthia to send an email, create a document, or interact with a third-party service, we transmit data to that service to fulfill your request.
Legal requirements: We may disclose data if required by law, regulation, legal process, or governmental request.

6. Data Retention and Deletion

We retain your conversation data and account information for the duration of your active subscription. You may request deletion of your data at any time by contacting us at privacy@cynthiaconcierge.com.

When you disconnect a third-party service (such as Google), we immediately revoke our access tokens and cease accessing data from that service. Cached data from disconnected services is purged within 30 days.

7. Your Rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Delete your personal data and account
Disconnect any linked third-party service at any time
Export your data in a portable format
Revoke Google access at any time through your Google Account permissions

8. Children's Privacy

Cynthia is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Cynthia Concierge LLC
Email: privacy@cynthiaconcierge.com
Website: https://cynthiaconcierge.com