Privacy Policy

Great Arrow Digital is a product operated by Manito AI, the parent company. This Privacy Policy describes how Manito AI (“we”, “our”, “us”) collects, uses, discloses, and protects information when you use our hosted Software-as-a-Service application at greatarrowdigital.com and related APIs (the “Service”). It applies to personal information we process about you as the data controller; for content you store in your workspace (memories, files, agent outputs), we act as a processor on your behalf.

1. Information we collect

Account information

• Email address, hashed password (when you sign in with email + password), and OAuth identifier(s) when you sign in with a provider such as Google.
• Profile metadata you choose to add (display name, avatar URL).
• Workspace name(s) and the role(s) you hold in each.

Customer Content

• Memories, documents, chat sessions, agent runs, meeting transcripts, and any other content you upload, generate, or store. We process this on your behalf and do not access it beyond what is necessary to operate the Service.
• Vector embeddings derived from your text. Stored alongside the source content under the same access controls.

Integration credentials

• OAuth refresh / access tokens for third-party providers you choose to connect (Google Workspace, Microsoft 365, Slack, Notion, Atlassian, Asana, Discord, Zoom, Dropbox, GitHub, GitLab). Encrypted at rest with AES-256-GCM under a key we control or a per-workspace key (BYOK) if you provide one. Decrypted in-process only for the duration of an integration sync.

Operational data

• Audit log: every read and write against your workspace, including actor, IP address, user-agent, and resource. Used for security incident response and for the in-app audit dashboard.
• Usage metrics: token counts, model identifiers, latency, and error rates per request — used for billing, capacity planning, and SLO monitoring.
• Diagnostic data: error reports, stack traces, and performance spans (Sentry, Vercel logs). Personal information appearing in stack traces is redacted at our logger boundary where possible.

2. How we use information

• To provide and maintain the Service for you.
• To authenticate you, enforce workspace boundaries, and prevent abuse.
• To bill you, manage subscriptions, and resolve billing disputes.
• To respond to support requests, communicate Service updates, and send transactional email (invitations, password resets, health digests).
• To detect, investigate, and prevent fraud, security incidents, and abuse.
• To comply with legal obligations and respond to lawful requests by public authorities.

We do not sell, rent, or trade personal information. We do not use Customer Content to train large language models for any third party, and we do not use it for our own model training without your separately-given consent.

3. Sub-processors

We rely on the following sub-processors to operate the Service. Each operates under written terms that include confidentiality and security obligations no less protective than those in this Policy:

We will provide at least thirty (30) days’ notice before adding a new sub-processor or materially changing the role of an existing one. To object, contact privacy@greatarrowdigital.com.

3a. Google API Services — Limited Use

Great Arrow Digital’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, do not use it for advertising, and use it only for the user-facing features described below.

When you connect Google integrations we may access:

• Gmail: read-only inbox, message metadata and attachments (ingested into your workspace memory); send-only access to send messages on your behalf.
• Google Drive: read-only access to your files for import; write access limited to files this app creates (drive.file).
• Google Calendar: read and write access to view, create, update and cancel events and generate summaries.
• Google Contacts: read-only access to names, emails and birthdays for meeting scheduling and reminders.
• Google Docs / Google Sheets / Google Slides: read-only content extraction; Google Sheets additionally supports creating and writing spreadsheets you request.
• Google Analytics: read-only GA4 reporting for analytics summaries.

When you ask an AI assistant to act on this data (for example, “summarize my inbox”), the specific content you reference is transmitted to our configured AI inference providers (Anthropic, OpenAI, Google) solely to produce your requested output. These providers do not train language models on your data per their usage terms and our agreements.

You can revoke access at any time at /account/connections, which deletes stored credentials within 24 hours and revokes the token upstream, or delete your entire account at /account.

4. Retention

• Account & profile data: retained for the duration of your account; deleted within thirty (30) days of account closure.
• Customer Content (memories, documents, chats): retained while you maintain a workspace. Deleting a workspace soft-deletes its content; hard deletion completes thirty (30) days later. Encrypted database backups may persist for up to ninety (90) days.
• Integration credentials: deleted within twenty-four (24) hours of disconnect; we attempt upstream revocation where the provider supports it.
• Audit log: retained for ninety (90) days.
• Operational logs & metrics: retained for thirty (30) days, except aggregated, non-identifying usage counters which we retain longer for capacity planning.

5. Security

• All traffic is encrypted in transit via TLS 1.2 or higher.
• Personal access tokens are stored hashed (SHA-256). The plaintext is shown to you exactly once at mint time.
• OAuth refresh tokens are encrypted at rest with AES-256-GCM. Per-workspace BYOK is available.
• Workspace data isolation is enforced by Postgres row-level security on every workspace-scoped table.
• Realtime broadcast channels use HMAC-signed names so a stranger who learns a workspace ID cannot subscribe to its events.
• We follow least-privilege for operator access; admin actions are audit-logged.

6. Your rights

Depending on your jurisdiction you may have rights to access, correct, export, delete, restrict, or object to processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise these rights:

• Access & export: use the in-app export at your workspace settings, or email privacy@greatarrowdigital.com.
• Correct: update profile fields from /account.
• Delete: close your account from /account; revoke a single integration from /account/connections.
• Object / restrict: email privacy@greatarrowdigital.com and we will respond within the timelines required by applicable law.

7. International transfers

Data is processed in the United States during the current rollout. If you are located in the European Economic Area, the United Kingdom, or Switzerland, transfers of personal information to the United States are made under appropriate safeguards (such as the Standard Contractual Clauses approved by the European Commission). Multi-region replicas are on the roadmap; until then, please do not store data you are required by law to keep within another jurisdiction.

8. Children

The Service is not intended for, and we do not knowingly collect information from, children under thirteen (13) — sixteen (16) in the EEA / UK. If you believe we have collected such information, contact us at privacy@greatarrowdigital.com and we will delete it.

9. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via the Service at least thirty (30) days before they take effect. The current revision date appears at the top of this page.

10. Contact

Privacy: privacy@greatarrowdigital.com
Security: security@greatarrowdigital.com
See also our Terms of Service.