← Back to Datafense

Privacy Policy

Last updated: May 21, 2026

Datafense is privacy-preserving middleware between AI agents and your personal data. We built this because we believe you should control what AI can see. This policy explains what we collect and how we handle it.

What we collect

Your email address — collected when you sign up through Clerk, our authentication provider. We use it to identify your account.

Google OAuth tokens (Gmail and Calendar) — when you connect a Google account, Google gives us a scoped access token (not your password). We encrypt this token and store it in Databunker, a dedicated encrypted vault. Our main database never holds your credentials — only a reference ID pointing to the vault.

Pending drafts (Gmail and Calendar write actions) — when your AI tool tries to send an email or create a calendar event, we hold the draft in a pending-events queue until you explicitly approve it from your dashboard. Unapproved drafts are auto-deleted after 24 hours. We never send an email or create an event without your explicit approval.

Audit logs — we log every request an AI agent makes: what it asked for, whether it was allowed, and what data was returned. These logs exist so you can see exactly what your agents are doing.

What we don't do

How we protect your data

Third-party services

We use these services to run Datafense:

Google user data — Limited Use

Datafense's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request and why:

How we comply with Limited Use:

You can revoke Datafense's access to your Google data at any time from your Datafense accounts page (one click revokes the OAuth token) or directly at myaccount.google.com/permissions.

Deleting your data

You can disconnect any account from your dashboard at any time — this immediately deletes the OAuth token from our vault and revokes access.

To delete your entire account and all associated data (credentials, agents, permissions, audit logs), email us at vaultagent.dev@gmail.com. We'll delete everything.

Your rights

Depending on where you live, you may have additional rights under laws like the GDPR (EU) or CCPA (California). These include:

To exercise any of these rights, email vaultagent.dev@gmail.com. We'll respond within 30 days.

Data retention

We keep your data only as long as your account is active. When you delete your account, we delete everything — credentials, agents, permissions, and audit logs. We don't keep backups of deleted data beyond a 30-day rolling window for disaster recovery.

Legal basis for processing (GDPR)

If you're in the EU, our legal bases for processing your data are:

Children

Datafense is not for children under 13 (or under 16 in the EU). If you believe a child has created an account, contact us and we'll delete it.

Changes

If we change this policy, we'll update the date at the top and notify you by email for any significant changes.

Contact

Questions? Email vaultagent.dev@gmail.com