Privacy Policy

Effective Date: August 4, 2025

Last Updated: August 4, 2025

Introduction

Welcome to Dragon, your personal AI assistant for scheduling calls. At DragonLabs Inc. ("we", "our", or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and share your personal data—and your rights regarding that data.

1. What Information We Collect

a. Account Information

  • Name, email address, and authentication credentials.
  • Connected calendar and email account info (e.g., Gmail, Outlook).

b. Scheduling & Usage Data

  • Metadata from emails (e.g., headers, sender/recipient, time).
  • Calendar availability and scheduling history.
  • Interactions with Dragon (e.g., commands, cc/forwarded emails).

c. Technical Data

  • IP address, device type, browser info, and system logs.
  • Cookie data and web analytics.

We do not collect or store the content of your emails or calendar events unless it's strictly required for scheduling and processed temporarily.

2. How We Use Your Data

  • Identify your availability and schedule meetings on your behalf.
  • Automate follow-ups, rescheduling, and coordination.
  • Improve product functionality and reliability.
  • Provide customer support and communicate updates.
  • Analyze anonymized usage trends to optimize performance.

We only act when explicitly triggered (e.g., cc'ing Dragon), or in the case of enabled background features that accelerate scheduling automation.

3. Use of AI and Automation

Dragon uses AI models—including third-party providers like OpenAI and Anthropic—to interpret scheduling intent and generate responses. These models may receive anonymized scheduling context to assist with task execution. We limit this sharing to what's strictly necessary.

4. Third Parties We Work With

  • AI model providers (e.g., OpenAI, Anthropic) for scheduling assistance.
  • Email/calendar services (e.g., Google, Microsoft) to access your availability.
  • Analytics and infrastructure partners (e.g., Google Analytics, GCP) to ensure platform stability and measure usage.

We do not sell your data. Any data shared with third parties is strictly for providing or improving the service.

5. Data Protection and Security

We take the protection of your sensitive data seriously and comply with Google API Services User Data Policy, including Limited Use requirements:

  • Sensitive Data Handling: We only access sensitive data such as your Google Calendar events and email headers when necessary to schedule or reschedule meetings.
  • Encryption: All data in transit is encrypted using TLS 1.2+; any temporary stored data is encrypted at rest using AES‑256.
  • OAuth 2.0 Authentication: We use industry‑standard OAuth 2.0 for connecting to Google and Microsoft accounts. We never store your passwords.
  • Internal Access Controls: Access to sensitive data is limited to authorized personnel only, on a need‑to‑know basis, and all access is logged.
  • AI Data Handling: Email and calendar content processed by our AI models is minimized to the necessary scheduling context only.
  • Google Compliance: Our use of Google data complies with the Google API Services User Data Policy, including Limited Use requirements.

6. Data Storage & Security

  • All data is stored securely on Google Cloud Platform (GCP) servers in the United States.
  • Internal access to your data is limited strictly on a need-to-know basis.
  • We conduct regular security audits and vulnerability assessments.

7. Cookies & Tracking

We use cookies and similar technologies for:

  • Website functionality and security.
  • Analytics and product usage tracking.

You can manage your cookie preferences through your browser settings.

8. Your Rights

  • Access the personal data we store about you.
  • Request deletion of your data.
  • Correct inaccuracies.
  • Withdraw consent at any time.
  • Export your data in a portable format (where applicable).

To exercise these rights, please contact us at: privacy@dragonlabs.ai

9. GDPR & CCPA Compliance

We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). If you're a resident of the EU, EEA, UK, or California, you may have additional rights and protections under these laws.

10. Data Retention

We retain personal and sensitive data only as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Enforce agreements
  • Resolve disputes

Sensitive data from Google Calendar or email (such as event details or email headers) is processed temporarily for scheduling purposes and is automatically deleted once the scheduling task is complete.

Account and related metadata can be deleted anytime upon request. To request deletion of your account and data, email hello@getdragon.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes via email or through the app. Your continued use of Dragon after updates means you accept the revised policy.

12. Contact Us

Have questions or concerns about privacy?

Email us at hello@getdragon.app

Website: https://getdragon.app

© 2025 DragonLabs Inc. All rights reserved.