Privacy Policy

diezX ("we", "us", or "our") operates the website diezx.ai and the platform app.diezx.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We may collect personal information that you voluntarily provide to us when you: • Fill out a contact or lead capture form (name, email, company name, phone number, website URL) • Book a discovery call • Subscribe to our communications • Interact with our AI-powered platform We also automatically collect certain information when you visit our website, including your IP address, browser type, operating system, referring URLs, and browsing behavior through cookies and similar technologies.

We use the information we collect to: • Provide, operate, and maintain our services • Process and respond to your inquiries and requests • Send you marketing communications (with your consent) • Analyze usage patterns to improve our website and services • Comply with legal obligations • Detect and prevent fraud or abuse

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity. This includes Google Analytics to understand how visitors interact with our website. You can control cookies through your browser settings.

When you connect your Google Workspace account (Gmail, Drive, Calendar, Google Meet, or Google Admin) to diezX, we request access to specific OAuth scopes and use the data exclusively to power your organization’s process discovery and automation features. Below is exactly what we access, how we use it, and what we never do with it. OAuth scopes we request: • Gmail metadata (gmail.metadata): We read message headers (sender, recipient, subject, date, labels) to detect recurring communication patterns. We do NOT read message bodies or attachments. • Calendar (calendar.readonly): We read event metadata (title, attendees, duration, recurrence) to identify recurring meetings and meeting-load patterns. We do NOT read event descriptions or attachments. • Drive (drive.readonly): We read file metadata (title, owner, sharing, modification history) to map collaboration patterns and detect document workflows. We do NOT read file contents. • Drive Activity (drive.activity.readonly): We read file activity events to identify who edits which files. We do NOT read file contents. • Google Meet (meetings.space.readonly): For meetings where the organizer has explicitly opted in to transcript analysis, we read meeting metadata and transcripts to detect mentions of business processes that could be automated. • Workspace Directory (admin.directory.user.readonly): We read your organization’s user directory to keep diezX’s org chart synchronized. Used only when your Workspace administrator explicitly enables directory sync. • Workspace Admin Reports (admin.reports.audit.readonly): We read aggregate Workspace usage logs (sign-in counts, tool adoption) for adoption insights. Used only when your Workspace administrator explicitly enables this connection. • Basic profile (userinfo.email, userinfo.profile): Standard sign-in metadata used to identify your diezX user account. OAuth access and refresh tokens are encrypted at rest with AES-256-GCM in our database, hosted on Google Cloud Platform in the us-east1 region. You can revoke diezX’s access to your Google account at any time by: 1. Disconnecting Google Workspace inside diezX (Settings → Integrations), which deletes our stored tokens and stops further data collection; or 2. Visiting https://myaccount.google.com/permissions and removing diezX, which revokes the token at Google’s end. You may also request deletion of all data derived from your Google Workspace account by emailing privacy@diezx.ai.

Most Google Workspace data we collect (Gmail metadata, Drive metadata, Calendar events, Drive Activity, and Workspace Directory data) is processed entirely within diezX’s servers on Google Cloud Platform. We extract structured collaboration patterns and store them in our database. This data is NOT sent to any external AI provider. Google Meet transcripts are an exception. When meeting organizers opt in to Meet-based process discovery, we apply a keyword pre-filter and send only the matching transcript segments to Google’s Gemini API for analysis. Per Google’s Gemini API paid-tier terms, prompts and responses from this usage are not used to train Gemini models and are retained by Google for up to 24 hours for abuse monitoring only. For conversational AI features inside diezX (chat assistants, process analysis), we also use Anthropic Claude. We do not send Google Workspace data to Anthropic Claude; only user-entered text and diezX-internal context such as company-provided process descriptions.

We use third-party service providers to operate our marketing website and our platform. Each is used for a specific purpose and bound by contractual data protection obligations. Marketing website (diezx.ai): • Analytics: Google Analytics • Hosting: Google Cloud Run (us-east1 region) • Lead capture database: Supabase Platform (app.diezx.ai): • Compute and infrastructure: Google Cloud Platform (us-east1 region) • Database: MongoDB (running on Google Cloud Platform) • Transactional email: Resend • Transactional messaging (WhatsApp / SMS): Twilio • Product analytics: Mixpanel and PostHog • Asset storage and CDN: Cloudinary • Source code hosting and CI/CD: GitHub • AI providers: Google Gemini API and Anthropic Claude (see “AI Processing of Your Data” above for what is sent to each) For the full, current subprocessor list with the data each vendor processes, their location, and links to their data processing agreements, see https://app.diezx.ai/subprocessors. We do not sell personal information to third parties.

We retain different categories of data for different durations: • Account information and authentication data: For the lifetime of your diezX subscription, plus 30 days after account deletion. • OAuth access and refresh tokens: For as long as your integration is connected. Deleted immediately when you disconnect inside diezX or revoke at https://myaccount.google.com/permissions. • Extracted Google Workspace metadata (collaboration edges, file metadata, calendar patterns, directory data): Retained for the lifetime of your subscription, plus 30 days after account deletion. • Google Meet transcripts: Raw transcripts are deleted within 90 days of analysis. Extracted process signals derived from transcripts are retained per the policy above. • Marketing website data (forms, analytics): Retained for up to 24 months from collection. When the applicable retention period ends, we securely delete or anonymize the data. You can request earlier deletion by emailing privacy@diezx.ai.

Depending on your location, you may have the right to: • Access the personal information we hold about you • Request correction of inaccurate information • Request deletion of your information • Object to or restrict processing of your information • Data portability • Withdraw consent To exercise any of these rights, please contact us at hello@diezx.ai.

Your information may be transferred to and processed in countries other than your country of residence. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

diezX’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. In particular, we: • Use information received from Google APIs only to provide and improve the user-facing features of diezX. • Do not transfer Google user data to others except as necessary to provide and improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior notice to users. • Do not use Google user data for serving advertisements. • Do not allow humans to read Google user data, except (a) with the user’s affirmative consent for specific data, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for diezX’s internal operations and only when the data have been aggregated and anonymized.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

For questions about this Privacy Policy, contact us at: hello@diezx.ai For data deletion requests, OAuth-related concerns, or other privacy-specific matters, contact us at: privacy@diezx.ai