E
Employ

Privacy Policy

Last updated: March 2026

Employ ("we", "us", "our") operates the platform at getemploy.io. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

1. Data We Collect

We collect only the data necessary to provide our service:

  • Account information: Name, email address, and profile details you provide during registration.
  • Payment information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
  • OAuth tokens: When you connect integrations (Gmail, Google Calendar, etc.), we store encrypted OAuth tokens to operate on your behalf.
  • Usage data: AI employee activity logs, conversation history, and task execution records.
  • Technical data: Browser type, IP address, and device information collected automatically for security and analytics.

2. How We Use Your Data

Your data is used solely to operate AI employees on your behalf. Specifically:

  • To create, configure, and run your AI employees.
  • To execute tasks through connected integrations (sending emails, managing calendar events, etc.).
  • To process payments and manage your subscription.
  • To improve our service and troubleshoot issues.
  • To send transactional emails (receipts, security alerts, service updates).

We never sell, rent, or share your personal data with third parties for advertising purposes.

3. OAuth Permissions

When you connect third-party services, we request only the permissions necessary for your AI employee to function:

  • Gmail: Read and send emails — only as authorized by you for specific AI employee tasks.
  • Google Calendar: Read and write calendar events — only to manage scheduling on your behalf.

OAuth tokens are encrypted at rest using AES-256-GCM. You can revoke any integration at any time from your dashboard, and the associated tokens will be permanently deleted.

4. Data Storage & Security

  • Data is stored on Supabase with encryption at rest and in transit.
  • Infrastructure is hosted on Hetzner EU servers, ensuring data residency within the European Union.
  • All OAuth tokens are encrypted with AES-256-GCM before storage.
  • All communication is encrypted via TLS 1.2+.
  • Each AI employee runs on isolated infrastructure to prevent cross-contamination.

5. Staff Access & Zero-Access Policy

Employ maintains a strict zero-access policy regarding customer data:

  • Employ staff does not access customer conversations, emails, or integrated tool data except when required for technical support with explicit customer consent.
  • All staff access to customer infrastructure is logged and auditable.
  • Customer data (conversations, emails read, calendar events, AI memory) is stored on isolated servers. No Employ employee has routine access to this data.
  • OAuth tokens are encrypted at rest using AES-256. Decryption keys are managed separately from the application.

6. Data Processing

Your conversations with your AI employee are processed by third-party AI providers (Anthropic, OpenAI, or Google, depending on your chosen engine). These providers have committed to not using API data for model training.

We recommend not sharing highly sensitive information (passwords, financial account numbers, social security numbers) in conversations with your AI employee.

For more details, see each provider's data processing terms:

7. Third-Party Services

We use the following third-party services to operate our platform:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data.
  • Supabase: Database and authentication infrastructure.
  • AI providers (Anthropic, OpenAI, Google): AI model inference for employee functionality. Data sent to these providers is subject to their respective data processing agreements.
  • Vercel: Web application hosting.

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct any inaccurate personal data.
  • Deletion: Request deletion of your personal data (see our Data Deletion page).
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@getemploy.io. We will respond within 30 days.

9. Data Retention

We retain your data for as long as your account is active. Upon account closure or deletion request:

  • All personal data, OAuth tokens, AI employee data, and conversation history will be permanently deleted within 30 days.
  • Anonymized, aggregated analytics data may be retained for service improvement.
  • Legal and compliance records may be retained as required by law.

10. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

11. Children's Privacy

Employ is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or requests, contact us at:

Email: support@getemploy.io