Who is responsible for your data

Scheduled B.V. is the controller for the personal data described in this Privacy Policy, except where a separate controller relationship clearly applies for a third-party integration you choose to connect.

If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact Scheduled B.V. using the contact details made available through the service or by post at the address listed above.

Data we process

The data we process depends on how you use Moments AI, which features you enable, and which third-party services you connect.

• Account and profile data, such as your name, email address, login details, preferences, timezone, and legal acceptance records.
• Content you submit to the service, such as prompts, messages, files, generated outputs, saved chats, and documents you choose to upload or create.
• Contact and relationship data you add or sync, including names, phone numbers, email addresses, notes, companies, roles, and related context.
• Meeting-related data, including notes, summaries, transcripts, recordings, durations, linked contacts, and meeting preparation context where those features are used.
• Integration data and metadata, such as connected account identifiers, provider information, encrypted tokens, and the data retrieved from integrations at your request.
• Usage, billing, audit, and security data, such as logs, feature activity, credit consumption, device or browser metadata, and troubleshooting information.

Why we use your data

We use personal data only where we have a valid reason to do so and only for purposes connected to the operation and improvement of Moments AI.

• To create and manage your account, authenticate you, and provide the service features you request.
• To process prompts and connected data so the assistant can generate responses, drafts, summaries, meeting notes, and other requested outputs.
• To connect and maintain integrations with services such as email, calendars, contacts, documents, messaging, and other tools you choose to authorize.
• To manage subscriptions, credits, usage-based charges, invoices, and payment-related administration.
• To protect the service, investigate abuse, detect fraud, enforce our terms, and maintain platform security and reliability.
• To provide customer support, troubleshoot issues, and communicate with you about the service.
• To comply with legal obligations, resolve disputes, and establish, exercise, or defend legal claims.

Legal bases

Where the GDPR applies, we generally process personal data because it is necessary to perform our contract with you, because it is necessary for our legitimate interests in operating a secure and useful service, because we must comply with a legal obligation, or because you gave consent where consent is required.

Where we rely on legitimate interests, we aim to balance those interests against your rights and expectations.

AI processing and third-party integrations

Moments AI uses AI models and service providers to generate responses and perform tasks you ask for. That means prompts, files, and selected connected data may be sent to model providers or supporting subprocessors when needed to complete your request.

If you connect third-party services, we will access and process data from those services only as needed to provide the features you enable or request. Your use of those integrations may also be subject to the terms and privacy policies of the relevant third parties.

Google API Services user data

If you connect a Google account, Moments AI may access Google user data only for the Google features you enable and only within the permissions you grant. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Depending on the Google service you connect, this may include your Google account email address, Google Calendar event data, Gmail message and draft data, Google Contacts data, and Google Drive file metadata or file content that you choose to open or process through the service.

We use Google user data only to provide and improve user-facing features that are visible in Moments AI, such as connecting accounts, syncing calendar events, preparing meetings, showing or organizing selected email threads, importing contacts, browsing Drive files, and generating the drafts, summaries, notes, or other outputs that you request.

We do not sell Google user data. We do not use Google user data for advertising, including personalized advertising, and we do not transfer Google user data to third parties except where needed to provide the feature you requested, for security purposes, to comply with law, or as otherwise permitted by the Google API Services User Data Policy.

Google OAuth access and refresh tokens are stored in encrypted form. We may also store Google-derived data in our systems when required to provide the feature you asked us to perform, such as synced calendar events, imported contacts, selected file metadata, saved drafts, or generated outputs linked to your account.

We do not permit humans to read Google user data except where necessary to provide support you requested, investigate abuse or a security incident, comply with applicable law, or where you otherwise gave explicit permission.

In summary: the categories of Google user data we access are the specific data needed for the enabled integration, which may include Google account identity data, Calendar data, Gmail data, Contacts data, and Drive metadata or file content that you intentionally connect, open, sync, or process in Moments AI.

We access, use, and process Google user data only to operate the features you request, maintain the connected integration, generate the outputs you ask for, secure the service, troubleshoot issues, and satisfy legal obligations. We do not use Google user data for unrelated secondary purposes that are not disclosed in this Privacy Policy.

If Google user data is shared with third parties, it is shared only with service providers or subprocessors acting on our behalf to host, secure, support, or operate the requested feature, or where disclosure is required by law. The purpose of any such sharing is limited to delivering the service, maintaining security, preventing abuse, or complying with legal obligations.

We protect Google user data using reasonable technical and organizational safeguards, including encrypted token storage, access controls, authenticated requests, logging and monitoring, and measures designed to prevent unauthorized access, misuse, alteration, or disclosure.

We retain Google user data only for as long as reasonably necessary to provide the service, maintain active integrations and related features, comply with legal obligations, resolve disputes, and protect the platform. Users can request deletion of their account data or disconnect integrations through the product, and they may also contact us to request deletion or revoke access through their Google Account settings where applicable.

EU hosting and international transfers

Scheduled B.V. is an EU company and we aim to offer Moments AI as an EU-hosted service. Where configured, the service can operate with EU-hosted infrastructure and Europe-only AI processing paths.

Some optional configurations, third-party integrations, or routing choices may involve processing outside the European Union. For example, a user may choose a broader routing option for performance or enable a third-party integration that processes data in another region.

When personal data is transferred outside the European Economic Area, we aim to use appropriate safeguards where required under applicable law.

How we share data

We do not sell your personal data. We may share data only with categories of recipients that are needed to run the service or comply with law.

• Hosting, storage, infrastructure, communications, analytics, AI, authentication, and support providers that help us operate Moments AI.
• Third-party services you choose to connect, or recipients you instruct us to interact with through the product.
• Professional advisers, auditors, insurers, or acquirers where reasonably necessary for corporate or legal purposes.
• Courts, regulators, law enforcement, or other public authorities when required by law or when necessary to protect rights, safety, or the integrity of the service.

How long we keep data

We keep personal data for as long as reasonably necessary to provide the service, maintain your account, meet legal obligations, resolve disputes, and protect the platform.

Retention periods may vary depending on the type of data, whether you keep your account active, the integrations and features you use, applicable legal obligations, and legitimate operational needs. When data is no longer needed, we aim to delete it or anonymize it.

Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system can be guaranteed to be completely secure, and you are responsible for keeping your own credentials secure.

Your rights

Depending on your location and applicable law, you may have the right to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where processing is based on consent.

You may also be able to disconnect integrations, delete content, or close your account through the product. If you connected a Google account, you can stop future access by disconnecting the integration in Moments AI and you can separately revoke Moments AI access in your Google Account security settings. You can additionally lodge a complaint with the competent data protection authority in your country of residence, workplace, or the place of the alleged infringement.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the service or by other reasonable means. Your continued use of Moments AI after the updated policy takes effect means the updated policy will apply, subject to any rights you may have under applicable law.