ProtectAI Privacy Policy

Last updated: March 5, 2026

Overview

ProtectAI is a self-hosted personal data layer. This instance is operated by its owner and stores data locally in SQLite.

Data We Process

With your authorization, ProtectAI can read data from Google Drive, Gmail, and Google Calendar using read-only scopes.

ProtectAI can also store manually ingested conversations and extracted memory facts that you choose to save.

Authentication and Tokens

Google OAuth is used for sign-in. OAuth access and refresh tokens are stored in the local SQLite database.

In v0, tokens are stored unencrypted at rest. This is a known limitation and should be improved with encryption-at-rest in a future version.

Agent Access

Agent access is controlled by API keys with explicit per-service permissions. Keys can be revoked at any time.

Logging

ProtectAI logs tool calls (tool name, status, latency, timestamp, agent key id) for auditing. Request payloads are sanitized and truncated. Raw API keys and OAuth tokens are not logged.

Data Sharing

ProtectAI does not sell your data. Data is shared only with configured providers and tools required to fulfill requested actions.

Your Control

You can revoke API keys, remove memory facts, and disconnect/reconnect Google access by logging out and reauthorizing.

Contact

For this deployment, contact: david@davidwolinsky.com