Privacy Policy

Last updated: April 30, 2026

Introduction

Spatio Inc. (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Spatio desktop application and related services (collectively, the “Service”).

Google API Services User Data Policy

Spatio’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Information We Collect

Account Information

We collect the following information when you create a Spatio account or purchase a license:

  • Email address (required)
  • First name (when provided)
  • Last name (when provided)
  • Account creation date and last updated date

Google Account Integration

When you connect a Google account, you are asked to grant Spatio the OAuth scopes listed below. Each scope maps to a specific user-facing feature inside the desktop app. We request the minimum scopes necessary, and you can revoke access at any time.

  • https://www.googleapis.com/auth/gmail.modify: Read, send, draft, label, and organize your Gmail messages from inside the Spatio mail platform.
  • https://www.googleapis.com/auth/calendar: View, create, update, and delete events on your Google Calendars from inside the Spatio calendar platform.
  • https://www.googleapis.com/auth/calendar.acls: Read sharing settings on your calendars so Spatio can show who an event is shared with (subsumed by the calendar scope above).
  • https://www.googleapis.com/auth/userinfo.email: Identify which Google account you connected so Spatio can label the connection.
  • https://www.googleapis.com/auth/userinfo.profile: Show your name and avatar in the connected-accounts UI.
  • openid: Sign you in via Google’s OpenID Connect.
  • https://www.googleapis.com/auth/contacts.other.readonly: Suggest recipients from people you have previously emailed when you compose a message.

How We Use Your Information

Google Services Data Usage

When you connect a Google account, we use your data exclusively to provide the user-facing features you invoked:

  • Gmail: Display, read, compose, send, and organize emails; manage labels and drafts.
  • Google Calendar: View, create, update, and delete calendar events; manage multiple calendars.
  • No third-party LLM or inference service: Spatio does not transmit your Gmail message bodies, calendar event details, or contacts to any third-party large language model, nor to any Spatio-hosted inference service. AI features in Spatio run against your own Claude account on your local desktop; Google user data does not pass through our servers for inference.
  • No advertising, no resale, no model training: We do not use Google user data for advertising, do not sell or transfer it, and do not use it to train, fine-tune, or evaluate any AI model.

License Information Usage

We use your license purchase information to:

  • Validate your Spatio license through our dedicated license validation server
  • Provide customer support when you contact us
  • Send important notices about license updates or application changes
  • Comply with legal and tax obligations

Data Sharing and Disclosure

Google Services Data

Mail and calendar message bodies and event details are fetched directly to your local desktop session. We do not store Gmail message bodies or calendar event details on our servers, and we do not share, sell, or transfer Google user data to third parties.

Your Google data is accessed only through official Google APIs with your explicit OAuth consent.

License Information

We may share your license information only in these limited circumstances:

  • With your explicit consent
  • To comply with legal obligations (such as tax reporting)
  • To protect our rights or investigate violations of our terms
  • With payment processors necessary to complete your purchase

Data Access and Human Review

We do not read your Gmail messages or calendar events. Spatio engineers and support staff do not have access to your Google user data. The only exceptions are: (a) with your explicit consent (e.g. you forward us a specific message while debugging an issue), (b) when required by law, or (c) to investigate abuse or violations of our Terms.

For account information, human access is limited to customer support when you contact us.

Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection practices
  • Incident response procedures

Data Retention

Mail and calendar data are fetched to the user’s local desktop session only. Spatio does not store message bodies or event details on its servers; only short-term sync metadata (delta tokens, message IDs, timestamps) is held server-side, and is deleted when the user disconnects the provider or deletes their account.

  • Google user data (message bodies, event details, contacts): Not retained on Spatio servers.
  • Sync metadata (delta tokens, message IDs, timestamps): Retained server-side only as long as the provider is connected. Deleted on disconnect or account deletion.
  • OAuth refresh tokens: Stored encrypted, scoped to your account, and revoked + deleted on disconnect or account deletion.
  • Account information: Retained while your Spatio account exists. Deleted on account deletion, except where retention is required by law (e.g. tax records).

How to Revoke Access and Delete Your Data

You can disconnect Google access and delete your Spatio data at any time:

  • Revoke Google access: Visit your Google account permissions page and remove Spatio. This invalidates the OAuth grant immediately.
  • Disconnect from inside Spatio: In the desktop app, open Settings › Connections, find the Google account, and click Disconnect. Spatio will revoke its OAuth tokens with Google and delete the associated sync metadata.
  • Delete your Spatio account: Sign in at Settings › Profile › Delete Account on the Spatio web dashboard and confirm. This revokes all OAuth grants, deletes your account record, and removes any server-side sync metadata. Once deleted, the action cannot be undone.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Revoke Consent: Revoke consent for Google account access at any time
  • Data Portability: Request a copy of your data in a portable format
  • Opt-out: Opt-out of certain communications and data processing

To exercise these rights, please contact us at [email protected].

Third-Party Services

Our Service integrates with third-party services, including Google APIs. Your use of these services is subject to their respective privacy policies:

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: [email protected]