Privacy Policy

Google User Data: When you connect your Google account, we may access the following data depending on the features you enable: Gmail (email messages, attachments, and metadata) to detect and process invoices, bank notifications, and business correspondence on your behalf; Google Drive (files and folders) to store, organize, and retrieve your accounting documents; Google Sheets and Docs (spreadsheet and document content) to read and generate financial reports and structured accounting data; and your basic profile information (email address) for authentication and account identification.

Information You Provide: Company details (name, legal structure, tax ID, fiscal year), ERP connection settings (e.g., Odoo, QuickBooks, Sage, and other systems as they become available), chat messages and instructions sent to our AI agents, and email preferences and contact governance rules.

We use your data solely to provide and improve the Service, including: automating bookkeeping tasks (invoice extraction, classification, journal entry creation), synchronizing accounting data with your connected ERP system, answering your questions and executing instructions via our AI agents, and organizing and indexing your documents for search and retrieval.

We do NOT use your data for: advertising or marketing to you or third parties, selling or renting to any third party, training general-purpose AI or machine learning models, or any purpose unrelated to providing the Service.

We do not sell your data. We only share it in the following limited circumstances:

AI service providers: To power our AI features, document content and chat messages are processed by third-party AI providers via their APIs. These providers process data in real time to fulfill your requests and do not use your data to train their models under their API terms of service.

Your ERP system: If you connect an ERP (e.g., Odoo, QuickBooks, Sage, or other supported systems), accounting data (invoices, journal entries, bank reconciliations) is exchanged directly between our servers and your ERP instance.

Communication platforms: If you use Telegram or Google Chat to interact with the Service, your messages are routed through these platforms.

Legal requirements: We may disclose data if required by law, regulation, or legal process.

All data is stored on secure cloud infrastructure (Google Cloud, AWS).

All data is encrypted at rest and in transit (TLS 1.2+).

Google OAuth tokens are stored with per-user isolation and are never exposed to client-side code.

API keys and credentials are managed through dedicated secret management services and are never stored in source code.

Access to your data is restricted through role-based access controls and strict tenant isolation.

Accounting data is retained while your account is active, or as required by applicable regulations. Chat history is retained for up to 90 days after last activity. Temporary processing data (caches, queues) is automatically deleted within 24 hours. OAuth tokens are retained until you revoke access or delete your account.

You can request deletion of your data at any time: by email at privacy@pinnokioagent.com with the subject 'Data Deletion Request', or via Google by revoking Pinnokio Agent's access from your Google Account permissions page (myaccount.google.com/permissions).

Upon request, we will delete all your data, including any Google user data stored on our systems, within 30 days. Some data may be retained longer only if required by applicable law (e.g., accounting record retention obligations).

Pinnokio Agent's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy (developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

We only request scopes necessary to provide our accounting automation features.

We do not use Google user data for serving ads.

We do not allow humans to read your Google user data unless you provide explicit consent, it is necessary for security purposes, or it is required by law.

You have the right to access, correct, delete, or export your data at any time. You may also revoke Google permissions or delete your account. To exercise these rights, contact privacy@pinnokioagent.com.

For questions about this Privacy Policy, email us at privacy@pinnokioagent.com or visit our website at www.pinnokioagent.com.

We may update this policy from time to time. Material changes will be communicated via our website or by email. Continued use of the Service constitutes acceptance of the updated policy.