Privacy Policy

Account information. When you sign up, we collect your email address and, optionally, your name and profile picture via OAuth providers (Google).

Usage data. We log which features you use, automations you create, and how many AI credits you consume in order to enforce plan limits and improve the product.

Integration credentials. When you connect third-party services (Gmail, Slack, Notion, etc.), we store OAuth tokens via Composio to act on your behalf. We never store your passwords.

Automation content. Instructions and messages you write for your automations are processed by our AI models to execute your workflows. We do not use this content to train our models.

Payment information. Billing is handled entirely by Stripe. We store only your Stripe customer ID — we never see or store your card details.

We share data only with the following categories of service providers, strictly to operate the product:

• Supabase — database and authentication
• Anthropic / OpenAI — AI model inference
• Composio — third-party integration management
• Stripe — payment processing

We may disclose information if required by law or to protect the rights, property, or safety of blockd or its users.

blockd's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access. When you connect Google services, blockd may access the following types of data depending on which integrations you enable: email messages and metadata (Gmail), calendar events (Google Calendar), files and folders (Google Drive), document content (Google Docs, Sheets, Slides), task lists (Google Tasks), meeting information (Google Meet), photos and albums (Google Photos), classroom data (Google Classroom), advertising data (Google Ads), and analytics data (Google Analytics).

How we use Google data. Google user data is used solely to execute the automations and workflows you create within blockd. For example, if you create an automation that sends a daily email summary, blockd reads your calendar events and composes an email via Gmail on your behalf. We access only the data necessary to perform the specific actions you have configured.

Storage and retention. Google OAuth tokens are stored securely via our integration provider (Composio). We do not permanently store the content of your emails, calendar events, or files. Data retrieved from Google APIs is processed in real time to execute your automations and is not retained beyond the execution context, except for brief automation logs (retained for 90 days) that may contain summaries of actions taken.

Sharing. Google user data is never sold, shared with advertisers, shared with data brokers, or used for credit assessment or surveillance purposes. Google data may be shared only with: (a) AI model providers (Anthropic, OpenAI) strictly to process your automation instructions, and (b) Composio, which manages the OAuth connection and tool execution. These providers process data only as needed to fulfill your requests.

No training. We do not use Google user data to train AI or machine learning models.

Revocation. You can revoke blockd's access to your Google data at any time by disconnecting the integration from your blockd Settings page, or by removing access from your Google Account permissions. Upon revocation, we will delete your stored Google OAuth tokens within 24 hours.

Depending on your location, you may have the right to access, correct, or delete your personal data. To exercise these rights, email us at ngokienquoc2005@gmail.com.

EU/EEA residents have additional rights under GDPR, including the right to data portability and to lodge a complaint with a supervisory authority.