Privacy Policy

Effective Date: August 20, 2025

Peonies is a product of Bloomsgiving LLC (“Peonies,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, share, and protect information when you use our website, mobile applications, and related services (the “Services”).

1. Information We Collect

Personal Information: Name, email address, and business details you provide during registration or profile setup.
Google User Data (if you connect Gmail): Message metadata (e.g., sender, subject, date) and message content needed to identify opportunities, generate summaries, draft replies, and—if you choose—send replies.
Authentication Data: OAuth tokens/refresh tokens and related identifiers to maintain your session and connect your inbox.
App Usage Data: Interactions within the app (e.g., screens, clicks) and device information (e.g., device type, OS version) used to improve the Services.
Cookies & Similar Technologies (web): We may use cookies/local storage to keep you signed in and remember preferences.

2. How We Use Your Information

To provide, operate, and secure the Services, including connecting to your Gmail account at your direction.
To generate AI‑assisted summaries and suggested replies and, if you choose, to send replies on your behalf.
To personalize features, troubleshoot issues, analyze performance, and improve the user experience.
To communicate with you about updates, security alerts, and administrative messages.
To comply with legal obligations and enforce our Terms of Use.
Google User Data Access: With your consent, we request access to your Gmail messages (read-only) to identify opportunities, generate summaries, and draft replies. We may also request permission to send emails on your behalf when you choose to use our reply feature. We do not request broader access than necessary.

3. Sharing / Transfer / Disclosure of Google User Data

We do not sell Google user data and we do not share it with third parties for advertising or marketing.

We may disclose Google user data only under these limited circumstances:

Service Providers: With vendors that host, store, process, or support the Services (e.g., cloud infrastructure, analytics, customer support). These providers are contractually bound to protect data, use it only to provide services to us, and keep it confidential.
Legal & Safety: When required by law, regulation, subpoena, or to protect rights, safety, or property of users, the public, or Peonies.
Business Transfers: If we are involved in a merger, acquisition, financing, or sale of assets, data may be transferred as part of the transaction subject to this Privacy Policy.

4. Data Protection (Security Measures)

Transport security via HTTPS/TLS for data in transit.
Secure storage & encryption for OAuth tokens and other sensitive credentials.
Access controls: Gmail data access is restricted to authorized systems and personnel only when strictly necessary to operate or support the Services.
Operational safeguards: Monitoring, logging, and periodic audits to detect misuse or unauthorized access.

5. Data Retention & Deletion (Google User Data)

Retention: We retain Google user data only for as long as needed to provide the features you enable. Any cached Gmail content used for processing is temporary and deleted once processing is complete. OAuth tokens are retained only while your account remains active and authorized.
Deletion: You may revoke our access to your Google account at any time via your Google Account permissions. You may also request account deletion by emailing hello@peonies.ai. Upon account deletion or access revocation, we delete OAuth tokens and associated Gmail data from our systems within 30 days, unless a longer period is required by law or for legitimate business purposes (e.g., fraud prevention, security, or dispute resolution).

6. Google API Services — Limited Use Disclosure

Peonies’ use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access Gmail data only to provide user‑requested features; we do not sell user data, and we do not allow human reading of Gmail content except with your explicit consent, for security/abuse investigation, to comply with law, or where strictly necessary for service operations.

7. International Transfers

We may process information in the United States and other countries. Where required, we implement safeguards for cross‑border transfers consistent with applicable law.

8. Children’s Privacy

The Services are not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us to request deletion.

9. Your Choices & Rights

Access / Correction / Deletion: Request access to, correction of, or deletion of your personal data.
Revoke Google Access: At any time in your Google Account permissions.
Marketing Preferences: Opt out of non‑essential communications.
California & Similar Rights: If applicable, you may have rights to know, correct, delete, and limit certain uses; we will not discriminate for exercising these rights.

To exercise rights, email us at hello@peonies.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Effective Date” above. Your continued use of the Services after changes means you accept the updated Policy.

11. Contact Us

Bloomsgiving LLC
301 Castro St, Mountain View, CA
Email: hello@peonies.ai