e.OS

Privacy Policy

Last updated: February 12, 2026

Escala AI ("we", "our", or "company") operates the e.OS platform. This policy describes how we collect, use, and protect your personal information.

1. Data We Collect

1.1 Data you provide

  • Registration data: name, email, profile picture (via Google OAuth)
  • Organization data: company name, team and member information
  • Content: objectives, key results, projects, updates, and comments
  • Integration data: information synced via Google Calendar, HubSpot, and Slack, when authorized by you

1.2 Automatically collected data

  • Usage data: pages visited, features used, access times
  • Technical data: IP address, browser type, operating system
  • Monitoring data: error logs and performance metrics for service improvement

2. How We Use Your Data

We use your data to:

  • Provide and maintain the e.OS platform
  • Authenticate your access via Google OAuth
  • Send service-related communications
  • Improve our products and services
  • Comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share information only:

  • With service providers that help us operate the platform:
    • Supabase - database and authentication
    • Vercel - application hosting
    • PostHog - usage and product analytics
    • Sentry - error monitoring
    • Langsmith - AI feature monitoring
  • When required by law or court order
  • With your organization, according to configured permissions
  • With third-party services you authorize (Google Calendar, HubSpot, Slack)

4. Storage and Security

  • Your data is stored on secure servers via Supabase and Vercel
  • We use encryption in transit (TLS) and at rest
  • We implement role-based access controls (RBAC)
  • We maintain data isolation between organizations (multi-tenancy)

5. Google Calendar Integration

When you connect your Google account to e.OS, we access and use your Google Calendar data as described below. This section is provided in compliance with Google API Services User Data Policy.

5.1 Data We Access

When you authorize the Google Calendar integration, we request access to:

  • Calendar events: event titles, descriptions, times, locations, attendees, and video conference links
  • Calendar list: names, colors, and time zones of your calendars
  • Account information: your Google email address and display name (for identification purposes)

5.2 How We Use Google Data

Your Google Calendar data is used exclusively to:

  • Display your upcoming events and schedule within the e.OS AI Chat
  • Check your availability when scheduling meetings
  • Create new calendar events on your behalf (only with your explicit approval)
  • Update existing events on your behalf (only with your explicit approval)

We do NOT:

  • Store your calendar events in our database
  • Use your Google data for advertising or marketing
  • Share your Google data with third parties
  • Train AI models on your personal calendar data
  • Access your Google data when you are not actively using the integration

5.3 Human-in-the-Loop Controls

All write operations to your Google Calendar (creating or modifying events) require your explicit approval through our Human-in-the-Loop (HITL) system. The AI assistant will show you a preview of any proposed changes and wait for your confirmation before executing them.

5.4 Token Security

  • OAuth tokens are encrypted using AES-256-GCM before storage
  • Tokens are only decrypted at runtime when needed for API calls
  • Refresh tokens are stored securely and automatically rotated

5.5 Revoking Access

You can disconnect your Google Calendar at any time:

  1. Go to Settings > Integrations in e.OS and click "Disconnect"
  2. Additionally, you can revoke access from Google Account Permissions

When you disconnect, we immediately delete your stored OAuth tokens.

6. Your Rights (LGPD)

In accordance with the Brazilian General Data Protection Law (LGPD), you have the right to:

  • Access: request a copy of your personal data
  • Correction: correct incomplete or outdated data
  • Deletion: request deletion of your data
  • Portability: receive your data in a structured format
  • Revocation: withdraw your consent at any time

7. Data Retention

We keep your data while your account is active. After account deletion:

  • Personal data is removed within 30 days
  • Backups are eliminated according to retention policy
  • Anonymized data may be kept for statistical analysis

8. Cookies and Similar Technologies

We use cookies to:

  • Keep your session authenticated
  • Remember preferences (theme, language)
  • Usage analytics (PostHog)

You can manage cookies in your browser settings.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or platform notice.

10. Contact

To exercise your rights or clarify questions:

  • Email: tecnologia@escala.ai
  • Address: Escala.ai Sistemas de Inteligencia de Negocios LTDA, Avenida Paulista 1636, Suite 1504, Bela Vista, São Paulo - SP, 01310-200, Brazil

This policy was prepared in compliance with the Brazilian General Data Protection Law (Law No. 13.709/2018) and applicable regulations.