Command Palette

Search for commands and navigate the app

Privacy Policy

Last Modified: April 29, 2026

1. Introduction

Welcome to TheMachine. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data, with particular focus on our use of Google Calendar API integration.

Developer: Machine Labs
Contact: support@themachine.vc

2. Information We Collect

2.1 Google Calendar Data

When you connect your Google Calendar to TheMachine, we access and collect the following information:

  • Calendar Events: Event titles, descriptions, dates, start times, end times, and durations
  • Meeting Information: Participant names and email addresses, meeting locations (physical or virtual)
  • Video Conferencing Links: Google Meet links and other video conferencing URLs
  • Calendar Metadata: Calendar names, time zones, and calendar settings
  • Event Status: Whether events are confirmed, tentative, or cancelled
  • Event Modifications: Changes made to events through TheMachine, including events created, updated, or deleted via the platform or the AI agent

2.2 API Scopes We Use

TheMachine requests the following Google API scopes:

  • https://www.googleapis.com/auth/calendar.events - Read and write access to your calendar events, enabling you to view, create, edit, and delete events directly from TheMachine and through our AI agent calendar tools
  • https://www.googleapis.com/auth/userinfo.email - Access to your email address for account identification

2.3 Other Information We Collect

  • Account Information: Name, email address, profile information
  • Usage Data: How you interact with our platform, features used, session duration
  • Technical Data: IP address, browser type, device information, operating system

2.4 Phone Numbers and Messaging Data

  • We collect verified mobile phone numbers when users opt into the AI assistant SMS or voice features. Verification is via a 6-digit one-time code; we never bind a phone to a user without proof of ownership.
  • Inbound and outbound SMS message bodies are processed for the purpose of agent message dispatch and stored as conversation history within the user's organization database.
  • Voice call audio is streamed in real time through Twilio to OpenAI's Realtime API and is not stored on our servers. Transcripts generated for the agent's reference, when produced, are stored in the user's organization database.
  • Our SMS provider (Twilio) processes message bodies and metadata. We have enabled Twilio Message Redaction to minimize provider-side body retention. Refer to https://www.twilio.com/docs/messaging/guides/privacy-message-redaction for Twilio's policy.
  • Our voice provider (Twilio + OpenAI Realtime API) processes call audio in real time. Per OpenAI's API data policy (https://openai.com/policies/api-data-usage-policies), API request data is not used for model training.

2.5 How long we retain messaging data

  • Phone-number identity bindings (userPhoneIdentities): retained while the user maintains the binding; deleted on user deletion or self-removal.
  • Per-org phone-number assignments (organizationPhoneNumbers): retained for the lifetime of the organization.
  • SMS message bodies and conversation history: retained in the organization's database for as long as the organization retains its data; deletable on request.
  • Twilio retention: bodies redacted from production logs within ~24 hours per Twilio's redaction policy linked above.
  • Voice call audio: not stored on our servers. Twilio retains call metadata (caller, callee, duration, timestamps) per its standard retention policy.

2.6 Your rights and opt-out

  • Reply STOP, STOPALL, OPTOUT, UNSUBSCRIBE, REVOKE, QUIT, CANCEL, or END to any platform SMS to opt out. We honor opt-outs immediately and persistently.
  • Reply START or UNSTOP to re-enable SMS after opt-out.
  • Remove a phone-number binding via Settings → Phone Numbers; this deletes the verification record.
  • Request full data deletion via support@themachine.vc.

2.7 SMS Program Disclosure

When you opt in to receive SMS messages from TheMachine by binding your phone number through our two-step in-app verification flow, you will receive conversational SMS from your AI personal assistant, including meeting reminders, task confirmations, follow-up nudges, and responses to your requests. Message frequency varies based on your activity, typically 0–10 messages per week. Message and data rates may apply.

You can opt out at any time by replying STOP, STOPALL, OPTOUT, CANCEL, END, QUIT, UNSUBSCRIBE, or REVOKE, or by removing your phone number from your account settings. Reply HELP for assistance, or contact support@themachine.vc.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. SMS opt-in data and consent will not be shared with any third parties.

3. How We Use Your Information

3.1 Google Calendar Data Usage

We use your Google Calendar data exclusively for the following user-facing features:

  • Meeting Recording Integration: Automatically join and record meetings through our Recall.ai integration
  • Meeting Transcription: Generate transcripts and summaries of recorded meetings
  • Calendar Synchronization: Display your upcoming meetings and schedule in our platform
  • Meeting Notes: Create and organize notes linked to specific calendar events
  • Calendar Management: Create, edit, reschedule, and delete calendar events directly within TheMachine
  • AI Agent Calendar Tools: Our AI agent can manage your calendar on your behalf, including scheduling new events, modifying existing events, and cancelling events, based on your explicit instructions within the platform
  • Event Management: Allow you to manage meeting recordings and related content

3.2 What We Do NOT Do With Your Data

In compliance with Google API Services User Data Policy, we do NOT:

  • Use your Calendar data for serving advertisements
  • Use your data for retargeting, personalized advertising, or interest-based advertising
  • Use your data to train AI/ML models or generalized machine learning models
  • Allow humans to read your Calendar data unless you explicitly provide consent for specific support requests
  • Sell your data to third parties
  • Create permanent copies of your data beyond what's necessary for the features described above

3.3 Google API Services Limited Use Disclosure

TheMachine's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Store and Protect Your Information

We employ industry-standard security measures to protect your data, including encryption in transit and at rest. Your data is stored securely in the United States.

5. Sharing, Transfer, and Disclosure of Google User Data

We take your privacy seriously and limit the sharing of your Google user data to only what is necessary to provide our services:

5.1 Third-Party Service Providers

We share Google Calendar data with the following trusted service providers who assist us in delivering our services:

  • Recall.ai: We share meeting links and calendar event information to enable automated meeting recording and transcription services
  • Cloud Infrastructure Providers: Your data is stored on secure cloud infrastructure (AWS) with appropriate data processing agreements in place

5.2 What We Do NOT Share

We do NOT share, sell, rent, or transfer your Google user data to:

  • Advertisers or ad networks
  • Data brokers or data resellers
  • Any third party for their own marketing purposes
  • Any party for purposes unrelated to providing TheMachine services

5.3 Legal Requirements

We may disclose your Google user data if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order or government agency request). We will notify you of such requests where legally permitted.

6. Retention and Deletion of Google User Data

6.1 Data Retention Periods

We retain your Google user data only for as long as necessary to provide our services:

  • Calendar Event Data: Retained while your account is active and for up to 30 days after account deletion to allow for account recovery
  • Meeting Recordings and Transcripts: Retained until you delete them or close your account, after which they are permanently deleted within 30 days
  • OAuth Tokens: Stored securely while your calendar connection is active; immediately revoked when you disconnect your Google Calendar

6.2 Your Deletion Rights

You have the right to request deletion of your Google user data at any time:

  • Disconnect Calendar: You can disconnect your Google Calendar from TheMachine at any time through your account settings, which will stop all future data collection and revoke our access
  • Delete Specific Data: You can delete individual meeting recordings, transcripts, and notes through the platform interface
  • Delete Account: You can request complete deletion of your account and all associated data by contacting us at support@themachine.vc
  • Google Account Controls: You can also revoke TheMachine's access to your Google account at any time through Google's security settings

6.3 Deletion Process

When you request deletion of your data or close your account:

  • Your Google Calendar connection is immediately terminated and OAuth tokens are revoked
  • All calendar event data, meeting recordings, and transcripts are permanently deleted within 30 days
  • Backup copies are purged from our systems within 90 days in accordance with our backup retention schedule
  • You will receive confirmation once the deletion process is complete

7. Contact Us

If you have questions regarding this Privacy Policy, please contact us:

Email: support@themachine.vc

Company: Machine Labs