Legal

Privacy Policy

Effective date: April 30, 2026 · Last updated: May 12, 2026

    SmoothiePlace ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform at smoothieplace.ai.
  

1. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored as a secure hash). If you authenticate via a third-party provider (e.g., Google), we receive basic profile information from that provider.

Usage Data

We automatically collect information about how you interact with SmoothiePlace, including pages visited, features used, agent configurations created, and conversation logs generated through the platform.

User-Provided Content

We store content you create within the platform: AI agent configurations, system prompts, uploaded documents (for RAG indexing), and conversation histories between your agents and your end users.

Third-Party API Queries

If you enable integrations such as the USCIS Case Status API, we process the data required to fulfill those queries (e.g., receipt numbers) on your behalf and on behalf of your end users, as instructed by you.

Technical Information

We collect IP addresses, browser type, device identifiers, and log data for security and operational purposes.

2. How We Use Your Information

Provide, operate, and maintain the SmoothiePlace platform.
Process your instructions and run AI agents on your behalf.
Send transactional emails (account verification, password reset, billing notifications).
Improve the platform through aggregated, anonymized analytics.
Detect, prevent, and address fraud, abuse, and security incidents.
Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.

3. Data Sharing and Disclosure

Service Providers

We share data with trusted sub-processors that help us operate the platform:

Supabase — database and authentication (supabase.com)
Anthropic — AI model inference (anthropic.com)
Google Cloud — embedding models and infrastructure
Railway — cloud hosting (railway.app)
Zoho — transactional email

These providers are contractually bound to handle your data only as directed and in compliance with applicable privacy laws.

Government Integrations

When you enable the USCIS Case Status API integration, queries are sent to USCIS servers (api.uscis.gov) using credentials provisioned for your account. We do not retain USCIS case data beyond the duration of a single session unless you explicitly configure your agent to do so.

Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of SmoothiePlace, our users, or the public.

4. Google API Services — User Data

SmoothiePlace's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google Data We Access

When you choose to connect your Google account to enable the Personal Assistant agent, SmoothiePlace may request access to the following Google services on your behalf, using only the scopes you explicitly authorize:

Gmail (gmail.modify) — Read, search, and send emails to allow your agent to retrieve, draft, and respond to messages as you instruct.
Google Drive (drive) — List, read, and create files in your Drive so your agent can retrieve documents or create new ones on your request.
Google Docs (documents) — Read and write Google Docs documents so your agent can draft, edit, or extract content from documents on your behalf.
Google Slides (presentations) — Create, read, and edit Google Slides presentations so your agent can generate decks or retrieve slide content on your behalf.
Google Calendar (calendar) — List and create calendar events so your agent can schedule, check availability, or create reminders on your behalf.
Google Sheets (spreadsheets) — Read and write data to spreadsheets you specify, enabling your agent to log information, generate reports, or retrieve records.

How We Use Google User Data

Google user data accessed through the above scopes is used exclusively to perform the specific actions you direct your agent to take. We do not use this data for any other purpose, including:

We do not sell or transfer your Google user data to third parties.
We do not use your Google user data to serve advertisements.
We do not use your Google user data to train AI models.
We do not allow humans to read your Google user data, except as necessary to provide or improve user-facing features, or where required by law.

Data Retention for Google User Data

SmoothiePlace stores only the OAuth tokens required to authenticate with Google APIs on your behalf. The content of your emails, files, calendar events, and spreadsheet data is processed in memory to execute your agent's actions and is not persisted to our databases beyond the duration of a single session, unless you explicitly configure your agent to store specific data.

OAuth access and refresh tokens are encrypted at rest using AES-256 and stored in our database. They are never exposed to third parties.

Your Control

You can revoke SmoothiePlace's access to your Google account at any time from your Google Account permissions page. After revocation, your agent will no longer be able to access any Google services until you reconnect.

Scope Justifications

gmail.modify — Required to allow the agent to both read incoming emails and send/reply to emails as instructed. Read-only scope is insufficient because the Personal Assistant use case requires composing and sending messages on the user's behalf.
drive — Required to read file content from Google Drive and to create new files as requested. The narrower drive.readonly scope is insufficient when users need the agent to create or update files.
documents — Required to read and write Google Docs documents. Used when the agent drafts new documents, edits existing ones, or extracts structured content from Docs files.
presentations — Required to create, read, and edit Google Slides presentations. Used when the agent generates presentation decks or reads slide content as context.
calendar — Required to list events and to create new events. calendar.readonly is insufficient for the scheduling use case.
spreadsheets — Required to both read spreadsheet data and write to spreadsheets for logging, CRM updates, and record keeping.

5. Data Retention

We retain your account data for as long as your account is active. Conversation logs are retained for a maximum of 12 months by default. You may request deletion of your data at any time by contacting us at [email protected].

Upon account termination, we delete or anonymize your personal data within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, Row-Level Security (RLS) in our database, and regular access reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate data.
Deletion — request deletion of your personal data.
Portability — receive your data in a machine-readable format.
Opt-out — opt out of non-essential communications.

To exercise any of these rights, contact us at [email protected].

8. Cookies

We use strictly necessary cookies to maintain your authentication session. We do not use tracking or advertising cookies. You can configure your browser to refuse cookies, but this may affect platform functionality.

9. Children's Privacy

SmoothiePlace is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date and, where appropriate, by email. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For questions, requests, or concerns about this Privacy Policy, please contact:

Email: [email protected]
General: [email protected]
Website: smoothieplace.ai