ITPA — Privacy Policy

Overview

ITPA (IT Personal Assistant) is an internal productivity tool built and operated by Takeshi Nakagawa. It is not a public service. Access is limited to invited members of the IT engineering team.

This policy explains what data the application accesses, how it is used, and how it is stored.

Data We Access

ITPA connects to the following services through your Google and Slack accounts. All connections are optional and initiated by you.

Google Account

Profile: Name, email address, and profile picture for account identification.
Google Calendar: Read and create events. Used for schedule display, focus/lunch block scheduling, conflict detection, color coding, Slack status sync, and calendar analytics.
Gmail (optional): Read, label, and send emails. Used for inbox triage, email analytics, thread summarization, reply/forward, label and filter management, and unsubscribe audits.
Google Contacts (optional): Read-only access. Used solely for email address autocomplete when composing replies or adding senders to preference lists.

Slack (optional)

Status sync: Reads and updates your Slack profile status based on your calendar events.
Auto-responder: Reads incoming DMs and sends automatic replies when you are OOO or after hours. No message content is stored.

Anthropic Claude API

Calendar event summaries and email snippets are sent to the Claude API for analysis (triage, action item extraction, thread summarization, topic suggestions).
Only metadata and short previews are sent. Full email bodies are not sent unless thread summarization is explicitly triggered by the user.
Claude does not retain data between requests per Anthropic's API data policy.

Data We Store

The following data is stored in the application database:

Stored

Account info: Google profile (name, email, picture), role, and creation date.
OAuth tokens: Google and Slack tokens, encrypted at rest using Fernet symmetric encryption. Used to make API calls on your behalf.
Calendar event cache: Event metadata (title, time, attendees, organizer) for up to 12 months. Used for analytics and scheduling without live API calls.
Email metadata cache: Sender, recipient, date, read status, and label IDs for up to 12 months. Used for email analytics. No email subject, body, or attachment content is stored.
User preferences: Working hours, lunch/focus settings, starred/muted senders, priority/ignored topics, Slack status mappings, color coding preferences.
API usage logs: Claude token counts and external API call counts per user, for monitoring and cost tracking.
Audit logs: Actions performed in the app (login, sync, settings changes) for security and debugging.

Not Stored

Email body content, attachments, or full subjects
Slack message content (only event-driven actions are tracked)
Google contact details (queried live for autocomplete, never cached)
Calendar event descriptions or attachments

Data Security

The application runs on Google Cloud Run with HTTPS enforced.
Database is hosted on Google Cloud SQL (PostgreSQL) in the us-central1 region.
OAuth tokens are encrypted using Fernet symmetric encryption before storage.
Secrets (API keys, client secrets, signing keys) are managed via Google Cloud Secret Manager.
CSRF protection, rate limiting, CORS restrictions, and Content Security Policy headers are enforced.
Session cookies expire after 7 days with SameSite=lax.

Data Retention

Calendar and email caches are refreshed on each sync. Stale entries outside the sync window are removed.
Gmail mark-as-read undo cache expires after 24 hours.
API usage logs are retained indefinitely for cost monitoring.
Audit logs are retained indefinitely for security review.

Third-Party Services

Google APIs: Calendar, Gmail, People, and OAuth. Subject to Google's Privacy Policy.
Slack API: Profile and messaging. Subject to Slack's Privacy Policy.
Anthropic Claude API: AI analysis. Subject to Anthropic's Privacy Policy. API requests are not used for model training.
Google Cloud Platform: Infrastructure hosting. Subject to Google Cloud's Privacy Notice.

Your Rights

You can disconnect Gmail or Slack at any time via the Connections page.
You can request deletion of all your data by contacting the administrator.
Admin users can purge individual user data via the Data & Privacy admin panel.

Contact

For questions about this policy or your data, contact Takeshi Nakagawa.