Privacy Policy
Effective July 1, 2026. AgentDraft is operated by VectraSEO LLC and collects the data needed to coordinate scheduling agents, operate accounts, and secure the service.
This Privacy Policy covers the account, workspace, calendar, mailbox, billing, and audit data AgentDraft collects, stores, and processes to coordinate scheduling agents. We do not sell personal information, do not share personal information for cross-context behavioral advertising, do not use Google user data for advertising or model training, and let users request access, correction, export, disconnection, or deletion by contacting hello@agentdraft.io from the account email.
Updated
Contact
Questions or requests about this policy can be sent to hello@agentdraft.io. Do not send sensitive account credentials by email.
Account data
We collect contact information, workspace membership, authentication events, passkey credential records, billing status, plan entitlements, and support messages so users can sign in, manage their workspace, and receive service notices. Browser passkey biometrics stay on the user's device; AgentDraft stores credential metadata, not fingerprints or face scans.
Calendar and scheduling data
When a user connects Google Calendar, AgentDraft requests calendar access only to read availability, create or update bookings the user asks us to coordinate, maintain calendar watch channels, and resolve scheduling conflicts between authorized agents. We also process booking titles, time ranges, invitee details users or agents provide, holds, buffers, priorities, and conflict outcomes.
Mailbox and webhooks
If mailbox or webhook features are enabled, we process inbound and outbound message metadata, message contents needed to route or reply, suppression records, webhook destinations, delivery attempts, and signing-secret metadata to operate those features.
Limited Use disclosure
AgentDraft's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide and improve user-facing scheduling functionality, security, and support — never for advertising, model training, or unrelated product analytics.
How we protect your data
All traffic between users, agents, and AgentDraft is encrypted in transit with TLS. Stored data is encrypted at rest, and sensitive credentials get an extra layer: Google OAuth tokens are encrypted at the application layer before they are written to the database, and agent API keys are stored only as argon2id hashes. Production secrets live in a managed secrets store, access to production systems follows least privilege, and every state-changing operation is recorded in an append-only audit log.
Storage and retention
We keep OAuth tokens, calendar identifiers, booking metadata, hold state, mailbox records, billing records, and audit events for as long as needed to provide the service, secure accounts, meet legal obligations, resolve disputes, or satisfy the workspace retention period. Audit retention is plan-based: Developer 7 days, Individual 30 days, Team 1 year, and Enterprise 7 years unless a signed agreement says otherwise. Disconnecting Google Calendar revokes our access and deletes the stored tokens.
Sharing
We do not sell personal information and do not share personal information for cross-context behavioral advertising. We share data only with subprocessors that operate AgentDraft, with connected calendar or mailbox providers at the user's direction, with Stripe for billing, with email providers for transactional mail, or when required by law.
Cookies and sessions
AgentDraft uses an HTTP-only session cookie for dashboard sign-in. We do not use Google user data for advertising cookies or retargeting.
Privacy rights
Depending on where you live, you may have rights to know, access, correct, delete, export, opt out of certain sharing, limit certain sensitive-data uses, or appeal a privacy response. AgentDraft is an online service, so email hello@agentdraft.io from the account email to submit a request. We may need to verify the request before acting on it.
Children
AgentDraft is for business and developer use and is not directed to children under 13.
Frequently asked
Do you use Google Calendar data to train models?
No. Google user data is used only to provide and improve user-facing scheduling functionality, security, and support — never for advertising, model training, or unrelated product analytics.
How is sensitive data like OAuth tokens protected?
Sensitive data is encrypted in transit with TLS and encrypted at rest. Google OAuth tokens are additionally encrypted at the application layer before storage, access follows least privilege, and every state-changing operation is recorded in an append-only audit log.
How do I access, export, correct, or delete my data?
Email hello@agentdraft.io from the account email and we will verify and respond to access, export, correction, deletion, or calendar-disconnection requests. Users can also disconnect Google Calendar from dashboard settings at any time, which revokes our access and stops further Google Calendar processing.