Privacy Statement

Last updated: December 17, 2025

1. Overview

This Privacy Statement explains how KhoiDau (“we”, “us”, “our”) handles data when you use our product and services (the “Service”).

2. Your data belongs to you

You retain ownership of your content and data that you submit to the Service (“Customer Data”). We do not claim ownership over your Customer Data.

3. We do not train AI models on your data

We do not use your Customer Data to train, fine-tune, or improve general-purpose AI models.

4. We do not sell your data

We do not sell your Customer Data. We also do not share your Customer Data with third parties for their marketing or advertising purposes.

5. Google User Data Access and Usage

When you connect your Google account to our Service, we access and use specific types of Google user data to provide our core functionality. This section explains what data we access and how we use it.

5.1 Data Accessed

We access the following types of Google user data through the Google Drive API, Google Docs API, Google Sheets API, and Google Slides API:

  • Google Drive Files and Folders: We access files and folders that you explicitly authorize us to access, including:
    • File content (documents, spreadsheets, presentations, PDFs, and other supported file types)
    • File metadata (names, creation dates, modification dates, MIME types)
    • Folder structure and hierarchy
    • Sharing and permission information
  • Google Docs, Sheets, and Slides Content: We access the content of your Google Docs documents, Google Sheets spreadsheets, and Google Slides presentations to extract text and structured data for processing.
  • Google Account Information: We access basic profile information including your email address, name, and profile picture to authenticate your identity and provide account-related features.

Scopes Used: Our application uses the following OAuth 2.0 scopes: drive.readonly (read-only access to files you authorize), drive.file (access to files created or opened by our app), userinfo.email, and userinfo.profile.

5.2 Data Usage

We use the Google user data we access strictly for providing our Service to you. We do not sell, share for advertising purposes, or use your data to train general AI models. Specific uses include:

  • Document Processing and Indexing: We process the content of your Google Drive files (including documents, spreadsheets, presentations, and PDFs) to:
    • Extract text and structured data
    • Create searchable indexes for fast retrieval
    • Generate embeddings for semantic search
    • Analyze document structure and relationships
  • AI-Powered Features: We process your document content to provide AI features such as:
    • Document summarization
    • Question answering based on your documents
    • Content recommendations and insights
    • Conversational interactions with your document content
    All AI processing is done to serve you directly and your data is not used to train general-purpose AI models.
  • Synchronization: We periodically sync your authorized Google Drive files to keep our Service up-to-date with changes you make in Google Drive. This ensures you always have access to the latest versions of your documents.
  • Authentication and Account Management: We use your Google account information (email, name, profile picture) to authenticate your identity, create and manage your account, and provide personalized service.

Important: We only access and process files that you explicitly authorize. We never access files outside of your authorized scope.

5.3 Data Storage and Security

We store processed versions of your Google Drive content on secure servers to enable fast search and retrieval. All data is encrypted in transit and at rest. We implement strict access controls and security measures to protect your data from unauthorized access.

5.4 Data Retention and Deletion

We retain your Google Drive data only for as long as necessary to provide our Service to you. You have full control over your data:

  • Disconnecting Google Account: You can disconnect your Google account at any time through your account settings or by revoking access through your Google Account permissions page. This immediately stops all access to your Google data.
  • Data Deletion: When you disconnect your Google account or delete your account with us, we delete all associated Google Drive data from our systems, including processed content, indexes, and embeddings. This deletion typically occurs within 30 days.
  • Selective File Removal: You can remove specific files or folders from our Service at any time through your account settings without disconnecting your entire Google account.

5.5 Limited Use Disclosure

KhoiDau's use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

6. When we share data

We do not sell your data or share it for marketing purposes. We only share data in the following limited situations:

  • With service providers that help us run the Service (for example, cloud hosting providers, AI service providers for processing your requests, monitoring, and customer support tools). These providers are contractually obligated to protect the data and use it only to provide services to us in accordance with our instructions.
  • For legal reasons if we reasonably believe disclosure is required by law, regulation, subpoena, or court order.
  • To protect rights and safety when necessary to prevent fraud, abuse, or security incidents.

Regarding Google User Data specifically: Information received from Google APIs is processed in accordance with the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as necessary to provide or improve our Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.

7. Security is our priority

We take security seriously and implement administrative, technical, and organizational measures designed to protect your data. No method of transmission or storage is 100% secure, but we work continuously to improve our security posture.

8. Data retention and deletion

We retain Customer Data for as long as needed to provide the Service and for legitimate business purposes (such as compliance, dispute resolution, and enforcing agreements). You may request deletion of your account and associated Customer Data by contacting support@khoidau.com.

9. Changes

We may update this Privacy Statement from time to time. When we do, we will update the "Last updated" date above.

10. Contact

Questions? Contact us at support@khoidau.com.

Privacy Statement