Privacy Policy
This policy explains how Sidekick AI collects, uses, stores, and shares information when you use the Sidekick AI website, onboarding flow, dashboard, agents, messaging workflows, and connected integrations.
Last updated: July 15, 2026
Who We Are
Sidekick AI provides AI-assisted business operations workflows for service teams and local businesses. The service helps users coordinate approvals, email triage, document work, reminders, receipts, website and SEO tasks, reports, and connected-tool actions.
Questions or privacy requests can be sent to support@sidekickai.ca.
Information We Collect
- Account information, such as your Supabase authentication user ID, email address, login state, and account ownership records.
- Business onboarding information, such as business name, phone or contact identifier, timezone, tone, business context, primary goal, first-week success notes, website URL, website platform, and SEO preferences.
- Integration information, such as provider name, connection status, Nango connection ID, connected timestamps, reconnect state, Wix instance metadata, Slack team metadata, and related setup details.
- Messaging information, such as Telegram or Slack identifiers, channel routing metadata, owner-approved messages, reminders, routine state, and message content needed to deliver Sidekick workflows.
- Operational content, such as receipts, files, exports, draft responses, reports, website project metadata, Vercel deployment metadata, SEO audits, error logs, support records, and agent workspace notes.
- Usage and device information, such as pages visited, actions taken in the product, analytics events if analytics are enabled, browser metadata, timestamps, and diagnostic logs.
Connected Services and OAuth
Sidekick AI uses OAuth or provider-authorized flows for connected services. We do not ask for or store your Google, Dropbox, Asana, Slack, Wix, or other third-party account passwords. OAuth tokens and connection metadata may be handled by Nango and the relevant provider so Sidekick can perform only the workflows you enable.
You choose which integrations to connect. Before a Google authorization begins, Sidekick identifies the categories of Google data the feature needs and how that data will be used. Sidekick requests permissions by feature so you can connect only the Google services you want to use.
Google User Data
If you connect Google services, Sidekick AI may access and process Google user data only for the Sidekick features you enable and use. Depending on the integrations you connect, this may include:
- Gmail data, such as message lists, message details, threads, profile metadata, attachments, and sent messages when you ask Sidekick to investigate, summarize, draft, or send email.
- Google Calendar data, such as calendars, event details, attendees, locations, times, and created or updated events when you ask Sidekick to check availability or manage scheduling.
- Google Drive data, such as files, folders, file metadata, file content, and upload or organization actions when you ask Sidekick to find, summarize, store, copy, move, or manage Drive files.
- Google Sheets data, such as spreadsheets, ranges, values, created sheets, and appended rows when you use Sidekick for records, receipts, expenses, or tabular business workflows.
- Google Analytics and Search Console data, such as accounts, properties, reports, traffic metrics, search visibility, indexing status, and website performance information.
Sidekick's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Sidekick strictly prohibits the use of restricted Google user data (such as emails or calendar events) to train generalized AI or machine learning models.
We do not sell Google user data, use it for advertising, transfer it to data brokers, or use it to determine credit-worthiness. We do not use Google user data to train or improve any generalized, foundation, frontier, or personalized AI/ML model.
Google Data Storage, Retention, and Deletion
Nango stores and refreshes Google OAuth credentials on Sidekick's behalf. Sidekick stores the corresponding connection identifier and connection status so it can use and manage the integration; Sidekick does not store your Google password. Google data is generally retrieved when a connected feature needs it rather than copied as a permanent, complete replica of your Google account.
Google-derived content may appear in the user-requested output and records needed to provide the service, such as a summary, draft, report, task record, chat history, or agent workspace artifact. Those records are retained while needed to provide your active Sidekick service, maintain security, and meet legal obligations, unless you request deletion sooner.
Disconnecting a Google integration in Sidekick deletes the OAuth connection and stored credentials managed through Nango, removes Sidekick's local connection record, and stops future access through that connection. You can also revoke Sidekick's access from your Google Account permissions. Revoking or disconnecting does not automatically delete summaries, drafts, reports, messages, or other Google-derived content already saved as part of your Sidekick service.
To delete stored Google-derived content or other Sidekick account data, contact support@sidekickai.ca. We will delete or de-identify the requested data unless we must retain limited information for security, fraud prevention, legal compliance, dispute resolution, or time-limited backups.
How We Use Information
- Create and manage your Sidekick account, onboarding, dashboard, integrations, and assigned agent.
- Provide user-facing workflows, including approvals, email summaries, document retrieval, receipt processing, reminders, website updates, SEO checks, traffic reports, and connected-tool actions.
- Generate drafts, summaries, recommendations, and operational reports using AI systems and model providers where needed to provide the service.
- Maintain security, prevent abuse, debug errors, monitor reliability, and support the product.
- Communicate with you about setup, support, account status, product changes, security, and legal notices.
- Comply with law, enforce our Terms, resolve disputes, and protect the rights of Sidekick AI, users, providers, and the public.
AI Processing
Sidekick AI uses AI systems and agent runtimes, including OpenClaw-powered workflows and configured model providers, to prepare summaries, drafts, reports, and task recommendations for user-facing features. When AI processing is needed, we send only the information reasonably needed for the task.
Google user data is processed by AI/model providers only to produce the user-facing result you request. Sidekick does not permit Google user data to be used to train or improve those providers' generalized or personalized AI/ML models.
Users remain responsible for reviewing and approving outputs before relying on them or sending them externally. Sidekick is designed for business operations assistance, not professional legal, tax, medical, financial, or compliance advice.
How We Share Information
We share information only as needed to provide, secure, and operate Sidekick AI, including with:
- Infrastructure and platform providers, such as Supabase, Vercel, and hosting or monitoring vendors.
- Integration and OAuth providers, such as Nango and the third-party services you connect.
- Messaging and workflow providers, such as Telegram, Slack, Google, Dropbox, Asana, Wix, and Vercel, when you connect or direct Sidekick to use those services.
- AI/model providers and agent runtimes that process content to provide Sidekick's user-facing features.
- Professional advisors, authorities, or counterparties when required by law, legal process, security needs, or a business transaction.
We do not sell personal information or Google user data. We do not share connected-service content for unrelated advertising or data brokerage.
Sidekick personnel do not access Google user data unless you give affirmative permission for them to access specific data for support, access is necessary to investigate security or abuse, access is required by law, or the data has been aggregated and anonymized for internal operations. Any permitted access is limited to authorized personnel who need it for that purpose.
Data Retention and Deletion
We keep information for as long as needed to provide Sidekick AI, maintain security, comply with law, resolve disputes, enforce agreements, and preserve backups. Operational records, logs, reports, and agent workspace artifacts may be retained while your account or assigned agent is active.
You can request deletion of your Sidekick account data or connected-service records by contacting support@sidekickai.ca. Some information may remain in backups, logs, legal records, or provider systems for a limited time where deletion is not immediately practical or legally required.
The Google-specific connection, revocation, retention, and deletion practices described above apply to information received from Google APIs.
Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information in transit and at rest. Access to production systems and secrets is limited to authorized personnel and service processes. No internet service can be guaranteed completely secure.
Your Choices
- Access, correct, or update account and onboarding information through Sidekick where available.
- Disconnect integrations in Sidekick or revoke provider access directly from the provider.
- Request access, export, correction, or deletion by contacting us.
- Opt out of non-essential communications by following available instructions or contacting support.
Children
Sidekick AI is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy as the service, integrations, or legal requirements change. If we materially change how we use Google user data or other personal information, we will update this page and provide additional notice where required.