Privacy Policy
This policy applies to the DOT Digital Chief of Staff personal AI agent application (referred to throughout this policy as “DOT”) and to the website at mcp.hyani.net. It describes what information is collected, how it is used, and how data received from connected third-party services (including Google Workspace) is handled.
1. Information collected automatically by the website
When you visit this site, the web server records standard request metadata in its access log:
- Your IP address
- The date and time of the request
- The URL path requested and the HTTP method
- The HTTP response status code returned
- Your browser's User-Agent string
- The referring page, if your browser provided one
These logs are retained for diagnostic, operational, and security purposes for up to ninety (90) days, after which they are deleted or aggregated.
2. Cookies, trackers, and analytics
This site does not set any cookies. It does not use analytics tools, advertising networks, third-party trackers, fingerprinting, or any other client-side telemetry. No information about your visit is sent to external services.
3. Third parties (general)
Server logs are not shared with third parties except where required by law, valid legal process, or as necessary to protect the rights, property, or safety of the operator or others.
4. Data accessed through connected services (Google APIs and others)
When you connect an external service to the DOT application (for example, Google Workspace, Strava, or a health and fitness platform), the application requests access to specific data through that service's official API and OAuth consent flow. You see exactly which permissions are requested before access is granted, and you can revoke access at any time from the originating platform.
4.1 Limited Use of Google user data. DOT Digital Chief of Staff's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Data obtained from Google APIs is used only to provide or improve user-facing features that are prominent in the DOT application's interface — for example, drafting an email you asked the assistant to compose, scheduling an event you asked it to add, or surfacing a document you asked it to find.
- Data obtained from Google APIs is not transferred to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice to users.
- Data obtained from Google APIs is not used for advertising, including retargeting, personalised advertising, or interest-based advertising of any kind.
- Data obtained from Google APIs is not read by humans, unless we have your explicit consent to view specific messages, doing so is necessary for security purposes (such as investigating abuse), required to comply with applicable law, or for internal operations and only where the data has been aggregated and anonymised.
- Data obtained from Google APIs is not sold under any circumstances.
4.2 Equivalent treatment of other connected services. The same use-and-transfer commitments described above apply to data received from any other connected service (including Strava, health and fitness platforms, and any future integrations).
4.3 Scopes requested. The application requests only the OAuth scopes necessary to perform the tasks you ask of it. The specific scopes are shown on each platform's consent screen at the time of authorisation. Depending on the integration and the feature in use, these may include — without limitation — read or compose access to Gmail messages, read and write access to Google Calendar events, read access to Google Drive files, read access to Strava activities, and read access to workout and health-metric data from supported platforms.
4.4 Processing and retention of third-party data. Data retrieved from connected services is processed transiently to fulfil the immediate request you made of the assistant. The application does not retain the substantive content of third-party service data on its servers beyond what is required to deliver the response to you. Server-side request logs described in Section 1 do not contain the body of any third-party service data.
4.5 Revoking access. You may disconnect any integration at any time:
- Google Workspace — visit your Google Account at myaccount.google.com/permissions and remove access for the DOT application.
- Strava — visit your Strava settings at strava.com/settings/apps and revoke the application.
- Other platforms — refer to the platform's account settings for connected applications.
Revoking access at the originating platform immediately stops the application from being able to call that platform's APIs on your behalf. Any data already processed in response to prior requests is not affected.
5. Security
Reasonable technical measures are used to protect logs and any transient processing of third-party data from unauthorised access, including encrypted transport (HTTPS), OAuth tokens stored using platform-recommended mechanisms, and access controls on the underlying server. No system can guarantee absolute security.
6. Your rights
Depending on your jurisdiction, you may have rights to access, correct, or delete information held about you. To exercise these rights with respect to log entries associated with your IP address, contact the address below. To exercise rights with respect to data held by a connected third-party service (such as Google or Strava), please contact that service directly — they remain the controller of data held in their systems.
7. Children
This site and the DOT application are not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and no personal information is knowingly collected from them.
8. Changes to this policy
This policy may be updated from time to time. The "Last updated" date above will be revised when changes are made. Continued use of the site or the DOT application after changes take effect constitutes acceptance of the updated policy.
9. Contact
Questions or requests regarding this policy may be sent to: roryhw [at] gmail [dot] com.
See also: Terms & Conditions.