Privacy Policy
Last updated: July 2026
1. Introduction
This Privacy Policy describes how Adomo (“we,” “us,” or “our”) collects, uses, stores, and protects information obtained through the Adomo AI agent platform (“Platform”). By accessing or using the Platform, you (“User,” “Customer,” or “you”) consent to the data practices described in this policy.
Adomo AI is an AI-powered agent platform that enables users to describe tasks in natural language and have an AI agent plan and execute real work across enterprise systems. This policy covers data handling in connection with your use of the Platform.
2. Information We Collect
2.1 Information from Connected Integrations
When you authorize integrations through the Platform, we may collect information through OAuth2 or API key-based connections to your enterprise systems, including:
- Enterprise system data: Data from connected systems including Google Workspace (Gmail, Drive, Docs, Sheets, Slides, Calendar, Chat, Forms, Tasks, Contacts, Custom Search, Apps Script; see Section 9), CRMs (HubSpot), ERPs (SAP), communication tools (Slack, Microsoft Teams), and other services you authorize.
- Workflow execution data: Inputs, outputs, and intermediate results generated during workflow execution.
- Integration metadata: Connection status, authorized scopes, and integration configuration details.
2.2 Information from the Knowledge Base
When you upload documents to the Platform’s knowledge base, we may process:
- Uploaded documents: PDFs, DOCX, PPTX, XLSX, CSV, TXT, Markdown, and HTML files uploaded for semantic search and workflow context.
- Document embeddings: Vector representations of document content used for semantic retrieval.
- Search queries: Queries made against the knowledge base during workflow planning and execution.
2.3 Information You Provide Directly
- Account registration data: Information you provide when creating an Adomo AI account, such as your name, email address, organization details, and workspace configuration.
- Workflow instructions: Natural language descriptions and conversation history used to plan and execute workflows.
- Payment information: Billing details processed securely through our third-party payment processor, Stripe. We do not store full credit card numbers on our servers.
- Communications: Any information you provide when contacting our support team or submitting feedback.
2.4 Automatically Collected Information
- Usage data: How you interact with the Platform, including workflows created, execution history, features used, and performance metrics.
- Device and browser information: IP address, browser type, operating system, and device identifiers.
- Log data: Server logs that record Platform requests, workflow execution events, errors, and system activity.
- Audit logs: Records of all actions taken within the Platform, including workflow approvals, user access events, and configuration changes.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing and operating the Platform: To deliver the core features of Adomo AI, including AI-powered task planning, execution, knowledge base search, and integration management.
- Workflow execution: To execute authorized workflows across connected enterprise systems, including reading data, performing actions, and generating outputs as directed by you.
- AI processing: To generate workflow plans, clarify user intent, and produce AI-generated content using large language models. Workflow instructions and relevant context are processed by AI models to deliver Platform functionality.
- Improving our services: To analyze usage patterns, diagnose technical issues, and improve Platform performance, reliability, and features.
- Communications: To send service-related notices, updates, and respond to support inquiries.
- Billing and account management: To process payments, manage subscriptions, and maintain your account.
- Security and compliance: To enforce access controls, monitor for unauthorized activity, maintain audit trails, and comply with legal obligations.
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- Service providers: With trusted third-party vendors who assist in operating the Platform (e.g., cloud hosting, payment processing via Stripe, AI model providers, analytics). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
- Connected integrations: Data necessary for workflow execution is exchanged with your authorized enterprise systems (e.g., HubSpot, SAP, Slack) in accordance with the integration scopes you approve.
- AI model providers: Workflow instructions and relevant context are processed by third-party AI model providers (e.g., Anthropic, OpenAI) to generate workflow plans and content. We select providers with appropriate data handling practices and contractual protections.
- Legal requirements: When required by law, regulation, legal process, or governmental request.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
- With your consent: We may share information for other purposes with your explicit consent.
5. Data Retention
- We retain your data for as long as your account is active or as needed to provide the Platform’s services.
- Upon account termination or cancellation, we will make your data available for retrieval for thirty (30) days, after which we may delete it in accordance with our Terms & Conditions.
- Workflow execution logs and audit trails are retained in accordance with your workspace configuration and applicable compliance requirements.
- Knowledge base documents and embeddings are retained until you delete them or your account is terminated.
- We may retain aggregated or de-identified data that cannot be used to identify you for analytical and improvement purposes.
6. Data Security
We implement commercially reasonable technical and organizational measures to protect your information, including:
- Encryption of data in transit using TLS/SSL.
- Encryption of sensitive data at rest.
- Secrets management using HashiCorp Vault for integration credentials, API keys, and OAuth tokens.
- Role-based access controls (RBAC) and permission groups to limit data access to authorized personnel and users.
- Multi-tenancy with complete data isolation between workspaces.
- Regular security assessments and monitoring.
- Comprehensive audit logging of all Platform activity.
While we strive to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal and contractual retention requirements.
- Data portability: Request a machine-readable copy of your data, including workflow definitions and execution history.
- Withdraw consent: Revoke consent for data processing where consent is the legal basis.
- Disconnect integrations: Revoke access to connected enterprise systems at any time through your workspace settings.
To exercise any of these rights, please contact us at support@adomo.ai, which opens a tracked support request.
8. AI Processing and Model Usage
The Platform uses artificial intelligence and machine learning models to provide its core functionality:
- Workflow planning: Your natural language instructions are processed by AI models to generate structured workflow definitions.
- Content generation: AI models may generate summaries, reports, emails, and other content as part of workflow execution.
- Semantic search: Document embeddings and search queries are processed to provide knowledge base retrieval.
- Model selection: Different AI models may be used depending on your subscription tier and the nature of the task.
We do not use your proprietary data or workflow content to train AI models. Your data is processed solely to deliver Platform functionality. In particular, we do not use data from Google Workspace APIs to train generalized or non-personalized AI/ML models. See Section 9.
9. Google Workspace Data: Limited Use and Per-Scope Disclosures
This section applies to users who connect a Google Workspace account to Adomo AI. Where it conflicts with other sections, it controls.
9.1 Limited Use commitment
Adomo AI’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- We use Google Workspace data only to provide user-facing features that are prominent in the Adomo AI interface.
- We do not transfer Google Workspace data except to provide those features with your consent, for security, to comply with law, or in a merger or asset sale with your explicit prior consent.
- We do not allow humans to read Google Workspace data except with your affirmative consent, for security, to comply with law, or in aggregated, anonymized form.
- We do not use Google Workspace data to serve ads or to assess credit-worthiness.
We do not use Google Workspace data for any purpose other than the ones disclosed in Section 9.3.
9.2 No use of Google Workspace data to train generalized AI/ML models
We do not retain, use, or transfer data obtained through Google Workspace APIs to develop, improve, or train generalized or non-personalized AI or ML models. Workspace data is processed by AI models solely to execute the specific workflows you authorize, including scheduled or recurring workflows that run on your behalf when you are not actively signed in. Third-party AI providers (for example, Anthropic, OpenAI) involved in execution are contractually prohibited from training generalized models on this data.
9.3 OAuth scopes we request
Each scope below is requested to power a specific feature. Google’s consent screen lets you grant or decline individual scopes. Features that depend on declined scopes will be unavailable in Adomo AI until you grant them. All scopes are prefixed with https://www.googleapis.com/auth/ unless shown otherwise.
Drive access mode. By default, Adomo AI requests Drive, Docs, Sheets, and Slides access through a single per-file scope, drive.file — the app can only see and modify files you explicitly create with it or open through the in-app Google Picker, and it cannot list or search the rest of your Drive. The broad Drive-family scopes in the table below (drive, drive.readonly, documents, spreadsheets, presentations, and their read-only variants) are requested only in self-hosted / bring-your-own-OAuth deployments where an administrator explicitly enables full-Drive mode; they are not requested on the default hosted consent screen.
| Service | Scope | Data accessed | Why we request it |
|---|---|---|---|
| Identity | openid |
Google account ID | Identify the connecting Google account. |
| Identity | userinfo.email |
Email address | Match and display the connected account. |
| Identity | userinfo.profile |
Name, avatar | Display the connected user inside Adomo AI. |
| Gmail | gmail.modify |
Email messages, attachments, drafts, labels | Read, send, draft, label, and archive email on your behalf. |
| Gmail | gmail.settings.basic |
Signature, vacation responder, filters | Read basic settings so workflows respect your configuration. |
| Drive | drive |
Files and folders in your Drive | Read, create, and update files. |
| Drive | drive.readonly |
File names, metadata, content | Discover and list files a workflow needs to find. |
| Drive | drive.file |
Files Adomo AI creates or you open with it | Read and modify only files scoped to Adomo AI. |
| Docs | documents |
Google Docs content and structure | Read, create, and edit Google Docs. |
| Sheets | spreadsheets |
Spreadsheet cells, formulas, structure | Read, create, and edit Google Sheets. |
| Slides | presentations |
Slide content and structure | Read, create, and edit Google Slides. |
| Calendar | calendar |
Events, attendees, free/busy | Read, create, update, and delete calendar events. |
| Chat | chat.messages |
Chat messages and attachments in spaces you grant | Read and post messages in Google Chat spaces. |
| Chat | chat.spaces |
Space membership, names, settings | List and manage Chat spaces so workflows post to the right place. |
| Forms | forms.body |
Form questions, structure, settings | Create and edit Google Forms. |
| Forms | forms.responses.readonly |
Form responses | Read responses when a workflow processes them. |
| Tasks | tasks |
Task lists and individual tasks | Read, create, and update your Google Tasks. |
| Contacts | contacts |
Contacts and contact groups | Read and update your Google Contacts. |
| Custom Search | cse |
Search queries and results | Execute Custom Search queries during research workflows. |
| Apps Script | script.projects |
Script project source and metadata | Manage Apps Script projects when a workflow edits a script. |
| Apps Script | script.deployments |
Deployment metadata | Manage Apps Script deployments. |
| Apps Script | script.processes |
Running script process metadata | Workflow visibility into running scripts. |
| Apps Script | script.metrics |
Script execution metrics | Workflow visibility into script execution. |
| Apps Script | script.scriptapp |
Script execution context | Execute Apps Script functions on your behalf. |
| Apps Script | script.external_request |
Outbound HTTP requests from your scripts | Allow Apps Script run on your behalf to call external services. |
9.4 What we store and for how long
For each connected Google Workspace account we retain:
- OAuth refresh token: encrypted at rest. Held for the duration of your Google Workspace connection so Adomo AI can mint short-lived access tokens to execute scheduled, recurring, or asynchronous workflows on your behalf when you are not actively signed in. Removed from our live database when you disconnect inside Adomo AI; cleared from encrypted backups on our standard backup-rotation cycle.
- Google account identifier (email, name): retained while the integration is connected; deleted within 30 days of disconnection.
- Workflow audit logs identifying which scopes were used by which workflows, retained for the audit-log window configured for your workspace (default 12 months).
- Workflow execution artifacts: content fetched from Google APIs is held in memory for the duration of execution. Items you explicitly save (for example, into your knowledge base) follow the retention rules in Section 5.
We do not maintain shadow copies of your Gmail, Drive, Calendar, Docs, Sheets, Slides, Chat, Forms, Tasks, or Contacts content outside of these defined categories.
9.5 Revoking access and deleting Google Workspace data
This Privacy Policy is publicly accessible at the URL referenced on the Google OAuth consent screen shown when you connect Google Workspace. You can disconnect at any time from Settings → Integrations → Google Workspace inside Adomo AI. Disconnecting stops all Google API calls from us and removes the stored refresh token from our live database. To also revoke the underlying OAuth grant on Google’s side, visit myaccount.google.com/permissions and remove Adomo AI; we recommend doing both. To delete cached Google Workspace data in workflow logs or your knowledge base, email support@adomo.ai (which opens a tracked support request); we action verified requests within thirty (30) days, subject to legitimate retention for security, fraud prevention, and legal compliance.
9.6 Re-consent on material changes
If we add scopes or materially change how we use Google Workspace data, we will update this policy and re-prompt you to authorize before any new access occurs. We will give you at least 30 days’ notice for material changes to how Google Workspace data is processed, except where a shorter timeline is required for security or legal reasons.
10. Third-Party Services
The Platform integrates with various third-party services. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you connect, including but not limited to:
- Stripe Privacy Policy
- Anthropic Privacy Policy
- OpenAI Privacy Policy
- Google Privacy Policy and Google API Services User Data Policy
- Twilio Privacy Notice (used for SMS delivery as described in Section 11)
11. SMS / Text Messaging (A2P 10DLC)
This section applies to users of the Platform who opt in to receive transactional SMS notifications about workflow approvals, escalations, and reminders. A reference page documenting the in-app opt-in flow, including screenshots of the consent checkbox, is available at /legal/sms-consent.
11.1 Program description
Adomo AI sends transactional SMS notifications to authenticated workspace members when a workflow requires their action — for example, an approval request, an escalation after a prior approver’s inactivity, or a reminder that a pending decision is about to expire. Messages are strictly transactional; we do not send marketing or promotional SMS through this program. Every message includes the “[Adomo]” brand tag and standard STOP / HELP opt-out instructions. Typical message frequency is 0–5 messages per user per day and fewer than 30 per user per month.
11.2 How you opt in
Opt-in takes place inside the authenticated Platform, after you sign in with your corporate single sign-on account. In Settings → Notifications you may add a mobile phone number in E.164 format (for example, +1 for US/Canada, +44 for the UK, +61 for Australia) and must then actively check a consent box that reads:
“I consent to receive transactional SMS from this platform at the number above. Reply STOP to opt out. Msg & data rates may apply.”
A View consent terms link next to the checkbox opens your workspace’s full consent terms. Until you affirmatively check the box, SMS dispatch is blocked for your number and the interface displays “Required — SMS dispatch is blocked until you consent.” Once you save, we record the timestamp of your consent (shown in the Platform as “Consent recorded [date and time]”) together with your phone number. The consent checkbox is unchecked by default and is never pre-selected on your behalf.
11.3 Data collected for SMS
For users who opt in to SMS we collect and retain:
- the mobile phone number you provide;
- the timestamp of your consent and of any subsequent re-consent or revocation events;
- a record of opt-out, opt-in, and HELP requests received from your number via our SMS provider (Twilio);
- the delivery status and error codes returned for each outbound message, for troubleshooting and regulatory recordkeeping.
11.4 How we use SMS data — no sharing with third parties for marketing
We do not sell, rent, or share your mobile phone number, consent status, or SMS content with any third party or affiliate for that party’s own marketing, advertising, promotional, or analytics purposes. Mobile opt-in data is not shared with third parties or affiliates for marketing purposes. No mobile information is shared with third parties or affiliates for marketing or promotional purposes under any circumstances.
We use your mobile information solely to deliver the transactional workflow notifications originating from your own Adomo AI workspace. We share your phone number only with:
- Twilio, our SMS delivery provider, strictly as necessary to route individual messages to you and to process your inbound STOP, START, and HELP replies; and
- the administrators and authorized system-of-record integrations of the workspace that licenses the Platform on your behalf, strictly as necessary to fulfill the underlying approval, escalation, or reminder workflow you are receiving.
11.5 Opt-out
You can revoke consent at any time by either of the following:
- Unchecking the consent box in Settings → Notifications inside the authenticated Platform; or
- Replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT, REVOKE, or OPTOUT to any SMS you receive from us.
On receipt of any of those signals, our inbound webhook records the suppression in real time and blocks all future outbound SMS to your number. After you opt out, you will receive one final confirmation message:
“You have been unsubscribed from Adomo and will receive no further messages. Reply START to resubscribe.”
You may later resubscribe by replying START, UNSTOP, or YES to the confirmation, or by re-checking the consent box in Settings → Notifications.
11.6 Help
Reply HELP or INFO to any Adomo SMS to receive:
“Adomo approval notifications. Reply STOP to unsubscribe. Questions: support@adomo.ai. Msg & data rates may apply.”
11.7 Message and data rates
Message and data rates may apply. Rates are determined by your mobile carrier and depend on your plan. Adomo does not charge you a separate fee for receiving these messages.
11.8 Message frequency
Message frequency varies based on workflow activity in your workspace. Typical volume is 0–5 messages per user per day and fewer than 30 messages per user per month.
11.9 Retention of SMS records
Phone numbers, consent records, and opt-out records are retained for as long as your account remains active and for a reasonable period afterwards to satisfy our legal, audit, and carrier-compliance obligations. Consent-revocation and suppression records are retained indefinitely to ensure we do not message a number that has opted out.
12. Children’s Privacy
The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy within the Platform or by email. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: