Privacy Policy

Last updated: March 23, 2026

1. Introduction

Ancor Technologies ("Ancor," "we," "us," or "our") operates the Ancor OS platform at getancor.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR, CCPA, India's IT Act 2000, and the Digital Personal Data Protection Act 2023 (DPDPA).

2. Information We Collect

2.1 Information You Provide

Account Information: Full name, email address, password (hashed), organization name, role, and department.
Profile Information: Skills, job title, profile photo, and reporting structure.
Project and Task Data: Project names, descriptions, budgets, timelines, task assignments, and status updates.
Time Tracking Data: Hours logged, work session timestamps, and associated task details.
Financial Information: Project budgets, hourly rates, and billing-related data.

2.2 Information Collected Automatically

Device and Browser Information: IP address, browser type, operating system, and device identifiers.
Usage Data: Pages visited, features used, and interaction patterns.
Log Data: Server access logs, error logs, and referral URLs.
Cookies: Session cookies for authentication and preference cookies.

2.3 Gmail and Email Data (Google API Services)

Ancor's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you choose to connect your Gmail account to Ancor Assistant, we request the https://www.googleapis.com/auth/gmail.readonly scope. This scope allows Ancor to:

Read email messages in your Gmail inbox (including message headers: sender, recipient, subject, timestamp; and message bodies)
List and search your emails
Access email thread metadata

How we use Gmail data:

Our AI (powered by Google Gemini) analyzes your emails to automatically identify action items, project deadlines, and tasks mentioned by clients or colleagues
We analyze sender patterns and email frequency to detect client communication risks and team burnout signals
We extract suggested tasks and sprint items directly from your inbox content
Email content is processed in real-time and is not permanently stored — we store only the extracted structured data (task titles, suggested priorities) that you choose to save

Limitations on Gmail data use:

Gmail data is used only to provide in-app AI analysis features directly to you
We do not share, sell, transfer, or disclose Gmail message content to any third party, except to our AI processing provider (Google Gemini API) solely to perform the analysis you requested
We do not use Gmail data for advertising or to build advertising profiles
We do not allow humans to read your Gmail content unless you explicitly provide consent for support purposes
OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256 and stored securely in our database

Revoking Gmail access: You can disconnect Gmail at any time from the Ancor Assistant page (Settings → Disconnect Gmail) or by visiting your Google Account permissions page and revoking Ancor's access. Upon disconnection, your stored OAuth tokens are immediately deleted from our database.

3. How We Use Your Information

To provide, maintain, and improve the Service
To create and manage your account and organization
To process project, task, and time tracking data
To generate AI-powered reports, analytics, and recommendations
To send notifications, alerts, and service-related communications
To provide customer support
To detect, prevent, and address security issues and fraud
To comply with legal obligations
To send marketing communications (with your consent; you may opt out at any time)

4. Legal Basis for Processing (GDPR)

If you are in the EEA, we process your personal data based on:

Contract Performance: Processing necessary to provide the Service.
Legitimate Interest: Analytics, fraud prevention, and service improvement.
Consent: Marketing communications and optional data collection (including Gmail integration).
Legal Obligation: Compliance with applicable laws.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

AI Processing: Google Gemini API processes email content solely to perform the AI analysis you request. Google's use of this data is governed by Google's privacy policy.
Infrastructure Providers: Google Cloud Platform (hosting), Resend (email delivery), Supabase (database), Sentry (error tracking) — all under data processing agreements.
Within Your Organization: Team members can see project, task, and team data per your role and access settings.
Legal Requirements: When required by law, court order, or government request.
Business Transfers: In connection with a merger or acquisition, under confidentiality obligations.

6. International Data Transfers

Ancor Technologies is based in Mumbai, India. Your data may be processed in India, the United States, or other countries where our service providers operate. We implement Standard Contractual Clauses (SCCs) and encryption for all cross-border transfers.

7. Data Retention

Account data: retained while your account is active, deleted within 30 days of account deletion
Gmail OAuth tokens: deleted immediately upon disconnection or account deletion
Email-extracted tasks: retained until you delete them, subject to your account data retention
Backup data: purged within 90 days of deletion
Legally required data: retained as mandated by law

8. Your Rights

Access, correct, or delete your personal data
Export your data in a portable format
Disconnect Gmail and revoke all associated tokens at any time
Opt out of marketing communications
For EEA/UK users: right to restrict or object to processing, right to lodge a complaint with a supervisory authority
For California residents (CCPA): right to know, right to delete, right to opt out of sale (we do not sell data)
For Indian users (DPDPA): right to access, correction, erasure, and grievance redressal

To exercise any of these rights, contact us at [email protected].

9. Security

We implement industry-standard security measures including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Encrypted storage of all OAuth tokens (Gmail, Outlook)
Secure password hashing (bcrypt)
CSRF protection, rate limiting, and brute-force protection
Role-based access control and tenant isolation
Regular security audits

10. Cookies

Essential Cookies: Required for authentication and security. Cannot be disabled.
Functional Cookies: Remember preferences such as currency and timezone.
Analytics Cookies: Help us understand usage patterns. You may opt out via browser settings.

11. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect data from children. If we become aware of such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice on our website. Continued use after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Ancor Technologies
Mumbai, Maharashtra, India
Email: [email protected]