Privacy Policy

1. Introduction

Entropic ("we", "our", or "us") is a desktop AI assistant. This Privacy Policy explains how we collect, use, and protect your information when you use the Entropic application and related services at entropic.qu.ai.

2. Information We Collect

We collect the following types of information:

• Account information: Email address and authentication data when you create an account.
• Usage data: API usage metrics for billing purposes, including model usage and token counts.
• Payment information: Billing details processed securely through Stripe. We do not store your payment card information.
• Integration data: When you connect Google Calendar or Gmail, we store the OAuth access token, refresh token, granted scopes, Google account email address, and Google account identifier needed to maintain the connection. When you use Gmail or Calendar features, Entropic processes the Google user data needed to complete your request, such as message metadata and content, draft or sent message details, and calendar event titles, descriptions, times, locations, and attendees.

3. How We Use Your Information

• To provide and maintain the Entropic application and services.
• To process payments and manage your account billing.
• To authenticate third-party integrations you authorize, display the connected account, and refresh tokens needed to keep the connection active.
• To enable the Google features you request, such as searching Gmail, reading messages, creating drafts, sending emails, listing calendar events, and creating calendar events.
• To provide AI-assisted features you request, including when you ask Entropic to analyze, summarize, draft from, or otherwise act on Gmail or Calendar data.
• To improve our services and fix issues.

4. Third-Party Services and Data Sharing

Entropic integrates with third-party services only when you explicitly connect them or use features that require them. Google user data may be shared, transferred, or disclosed only in the following circumstances:

• Google: We send requests to Google to authenticate your account, refresh tokens, and perform the Gmail and Google Calendar actions you ask us to perform.
• AI Model Providers: When you ask Entropic to analyze, summarize, draft, or otherwise act on Gmail or Calendar data, the relevant Google user data may be included in the prompt or tool results sent to the AI model provider selected for that request and, when applicable, OpenRouter as the routing provider, solely to provide that feature.
• Infrastructure Providers: We use service providers such as Supabase to host parts of Entropic's integration infrastructure and store connection records such as OAuth tokens, granted scopes, and connected account metadata.
• Local Runtime: The Entropic desktop app can sync Google integration tokens and metadata to the local OpenClaw runtime on your device so Gmail and Calendar tools can run.
• Stripe: Payment processing is handled by Stripe. Their privacy policy applies to payment data.

We do not sell Google user data. We do not share Google user data with advertisers, data brokers, or information resellers. We do not transfer or disclose Google user data for purposes other than providing the features you request, protecting the service, complying with law, or a business transfer subject to applicable notice and consent requirements.

You can disconnect any third-party integration at any time from the Skills page in the Entropic application and revoke Entropic's access in your Google Account.

5. Data Storage and Security

Your data is protected with technical and organizational safeguards designed to limit access. We use HTTPS/TLS for data transmitted between Entropic, Google, and our hosted services. In the desktop app, Google integration credentials stored locally are protected using Tauri Stronghold. When synced to the local OpenClaw runtime on your device, integration tokens are stored in local application credential files protected by operating-system file permissions. In Entropic-managed services, integration records are protected by authenticated access controls and Supabase row-level security policies.

6. Data Retention

We retain your account data for as long as your account is active. We retain Google OAuth tokens, granted scopes, and connected-account metadata while the integration remains connected. Google email and calendar data is retained only for as long as needed to provide the requested feature, secure the service, troubleshoot issues, or comply with legal obligations. When you disconnect a Google integration from Entropic, we delete the stored connection records under our control used for that integration. You may also request deletion of your account and associated data at any time by contacting us.

7. Your Rights

• Access, correct, or delete your personal data.
• Disconnect third-party integrations and revoke Entropic's Google access from your Google Account.
• Request a copy of your data.
• Delete your account.

8. Google API Services User Data Policy

Entropic's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

For Gmail and Google Calendar integrations, the following disclosures apply:

• Scopes we request and why: We request basic Google account identity scopes so we can identify the connected account, Gmail scopes so we can search, read, draft, and send email features you ask us to use, and Google Calendar scopes so we can list and create calendar events you ask us to manage.
• Google user data we access: This includes your Google account email address and identifier, granted scopes, OAuth tokens, Gmail message metadata and content you ask Entropic to work with, draft or sent message details, and Google Calendar event data you ask Entropic to read or create.
• How we use Google user data: We use it to authenticate and maintain your connection, display which Google account is connected, refresh tokens, sync the integration to the Entropic desktop runtime, and perform the Gmail and Calendar actions you request.
• Who receives Google user data: Google, our infrastructure providers that host Entropic services on our behalf (such as Supabase), the local Entropic/OpenClaw runtime on your device, and the AI model provider used to fulfill the feature you explicitly requested.
• Retention and deletion: We retain Google OAuth tokens and connected-account metadata until you disconnect the integration or delete your account, unless a longer retention period is required by law. You can disconnect the integration in Entropic and revoke access in your Google Account at any time.
• What we do not do: We do not sell Google user data. We do not use Google user data for targeted advertising. Entropic does not use Google Workspace APIs data to develop, improve, or train generalized or non-personalized AI or machine learning models.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the date at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at team@dominantenergy.io.