Privacy Policy

Effective Date: October 23, 2025

1. Introduction
   Libra AI, Inc. (“Libra,” “Company,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our websites, products, browser extensions, mobile/desktop applications, APIs, and related services (collectively, the “Services”). By using the Services, you agree to the practices described in this Privacy Policy.
   
   

If you do not agree with this Privacy Policy, please do not access or use the Services.

Company details:
Libra AI, Inc.
131 Continental Dr, Suite 305, City of Newark, County of New Castle, Delaware 19713
Contact: hello@trylibra.ai | +1 (415) 212-1872

2. Scope & Who This Policy Covers
   This Policy applies to:
   • Visitors to our websites and landing pages.
   • Registered users of the Services.
   • Organizations and their authorized users who connect third-party data sources (e.g., Google Workspace).
   This Policy does not apply to third-party websites, services, or applications that we do not own or control.
   
   

3. Information We Collect
   We collect the following categories of information:

   
   

3.1 Account & Contact Information
• Name, email address, phone number, company name, job title, password or auth tokens, and communication preferences.
• Billing details (if you purchase paid Services), such as billing email, address, and limited payment details handled by our payment processor.

3.2 Service Usage & Technical Data
• Log files, device and browser information, IP address, timestamps, language, pages viewed, referring/exit pages, and crash/diagnostic data.
• Event data related to how features are used to help operate, secure, and troubleshoot the Services.

3.3 Content You Provide
• Prompts, queries, feedback, uploaded files, and other content you submit when using the Services.
• Team/workspace settings and integrations you configure.

3.4 Connected Data Sources (e.g., Google Workspace)
• If you authorize an integration (e.g., Gmail, Drive), we access only the scopes you grant. The data may include document titles and content, email metadata/content, file metadata, and other Workspace items strictly to provide user-requested functionality.

3.5 AI Input/Output
• When you use AI features, we process your inputs and generate outputs in real time. As explained in Section 9, we do not use Google Workspace data to train generalized AI/ML models, and we do not permit our third-party AI vendors to do so.

3.6 Cookies & Similar Technologies
• We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure performance, and secure the Services. You can manage cookies in your browser settings; some features may not function without them.

4. How We Use Information
   We use information to:
   • Provide, operate, maintain, and secure the Services.
   • Process your requests, prompts, and commands—including through AI features—solely to deliver user-facing functionality.
   • Authenticate users, administer workspaces, and provide customer support.
   • Monitor, detect, prevent, and investigate security incidents and abuse.
   • Measure performance, reliability, and availability; fix bugs and improve usability.
   • Communicate service notices, updates, and marketing (you may opt out of marketing anytime).
   • Comply with law, enforce our Terms, and protect our rights, users, and the public.
   
   
   

Important limitations:
• We do not use Google Workspace data to develop, improve, or train generalized/non-user-specific AI/ML models.
• Where we use third-party AI processors, they are prohibited (contractually and technically) from using your data to train their generalized models.

5. Legal Bases for Processing (EEA/UK users)
   Where GDPR/UK GDPR applies, we process your personal data under one or more of the following legal bases:
   • Contract performance (to provide the Services you requested).
   • Legitimate interests (e.g., securing the Services, preventing abuse, improving reliability) where not overridden by your rights.
   • Consent (e.g., for certain cookies/marketing or when you connect a third-party source).
   • Legal obligations (e.g., record-keeping, responding to lawful requests).
   
   
   

6. How We Share Information
   We do not sell personal information. We share information in these limited cases:
   • Service Providers/Processors: Cloud hosting, logging, analytics, customer support, authentication, payment processing, and third-party AI processors used to fulfill user prompts. These providers act under data processing agreements and are prohibited from using data for their own purposes, including generalized model training (see Section 9).
   • Enterprise Customers: For organizational accounts, certain admin analytics, audit events, and configuration metadata may be visible to your organization’s administrators consistent with your organization’s settings.
   • Legal/Compliance: If required by law or to protect the rights, property, or safety of Libra, our users, or the public.
   • Business Transactions: In connection with a merger, acquisition, financing, or sale of all or a portion of our assets, subject to appropriate confidentiality and data protection safeguards.
   • With Your Direction: We share or disclose data when you instruct us to (e.g., connecting new integrations or exporting results).
   
   
   

7. Data Retention
   We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. You can request deletion (see Section 12); for Google Workspace data, see Section 9.5 for specific deletion behavior.
   
   
   

8. Security
   We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, destruction, loss, alteration, or misuse. No security program is perfect, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for activity under your account.
   
   
   

9. Google Workspace API Limited Use Compliance
   This section applies when you connect your Google account (e.g., Gmail, Drive, Calendar) to the Services.

9.1 Limited Use Commitment
Our use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access and use Google user data only to provide user-facing features that you request or enable within the Services. We do not use Google user data to develop, improve, or train generalized/non-user-specific AI/ML models.

9.2 No Generalized Model Training (Internal or Third-Party)
• Libra does not use Google user data to develop, improve, or train generalized models.
• We prohibit our AI vendors/processors (e.g., OpenAI, Anthropic, Azure OpenAI, Groq) from using Google user data to train or improve their generalized models. We use such vendors solely as processors to generate outputs in response to your request.

9.3 Data Minimization & Scope
We request only the minimum Google API scopes needed to deliver requested features. We process only the data necessary for the specific action (e.g., retrieving a document to answer your query).

9.4 Ephemeral Processing & Isolation
• AI processing of Google data is performed on a per-request basis to produce the output you asked for.
• We do not combine Google user data across customers to build generalized capabilities.
• Any intermediate artifacts (e.g., temporary caches) are short-lived and protected.

9.5 Storage & Deletion of Google Data
• By default, we avoid persistent storage of Google content unless necessary to provide a feature you enabled (e.g., saving a summary you asked us to store).
• Temporary processing artifacts derived from Google data are routinely purged; where short-term caching is required for reliability, we delete cached content within a commercially reasonable period (typically within 30 days).
• You can disconnect Google access at any time via your Google Account permissions page and/or within our product settings. Upon disconnect, we cease new access and delete any remaining cached Google data in accordance with the schedule above.
• You may request deletion of Libra-stored data associated with your Google integration at hello@letslibra.com. We will fulfill verified requests consistent with law and our data retention obligations.

9.6 No Unapproved Transfers
• We do not sell or transfer Google user data except to subprocessors necessary to provide the Services, subject to written agreements that comply with Limited Use requirements.
• We do not permit any subprocessor to use Google user data for advertising or training generalized models.

9.7 Transparency
We will keep this section current and consistent with the Google API Services User Data Policy. If our practices materially change, we will update this Policy and, where required, seek consent.

10. Third-Party AI Processors (LLMs)
    To deliver AI features you request, we may use third-party AI processors strictly as data processors, such as OpenAI, Anthropic, Azure OpenAI, and Groq. Our commitments:
    • Purpose Limitation: We send only the necessary inputs to generate the output you requested.
    • No Generalized Training: We require processors not to use your data to train their generalized models.
    • Ephemeral Use: Inputs/outputs are processed on a per-request basis. Any short-term retention by a processor (e.g., for abuse detection) is governed by our processor agreements and is not permitted for training generalized models.
    • Confidentiality & Security: Processors are bound by confidentiality and security obligations consistent with this Policy.
    
    
    

11. International Data Transfers
    We may transfer, store, and process information in the United States and other countries where we or our service providers operate. Where required, we implement appropriate safeguards (e.g., standard contractual clauses) to protect personal data when transferred internationally. By using the Services, you understand that your information may be processed outside your country of residence.
    
    
    

12. Your Privacy Rights
    Depending on your location, you may have rights including:
    • Access, correction, deletion, restriction, or portability of your personal information.
    • Object to certain processing (including where we rely on legitimate interests).
    • Withdraw consent where processing is based on consent (this does not affect prior processing).
    • Opt out of marketing communications at any time.
    To exercise rights, contact hello@letslibra.com. We may need to verify your identity before fulfilling your request. For Google integrations, you may also revoke access via your Google Account settings.
    
    
    

California residents: We do not sell or share personal information as defined by the CCPA/CPRA. You have the right to know, delete, correct, opt out of certain uses, and not be discriminated against for exercising rights. You may use an authorized agent with proper authorization.

EEA/UK residents: You may lodge a complaint with your local data protection authority. Our contact information is above.

13. Children’s Privacy
    The Services are not intended for or directed to children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact hello@letslibra.com and we will take appropriate steps to delete such information.
    
    
    

14. Data of Organizational Users
    If you access the Services through an organization (your employer or another entity), that organization may control certain data and account settings. Your use may be subject to your organization’s policies. Questions about organizational data access should be directed to your administrator.
    
    
    

15. Do Not Track & Preference Signals
    Our websites do not currently respond to “Do Not Track” signals. Where required by law, we honor applicable browser-based or platform privacy preference signals for opt-out where supported by our Services.
    
    
    

16. Changes to This Privacy Policy
    We may update this Policy from time to time. If we make material changes, we will post the updated Policy and update the “Effective Date” above. Where required, we will notify you and/or seek consent.
    
    
    

17. Contact Us
    If you have questions, concerns, or complaints regarding this Policy or our practices:
    Libra AI, Inc.
    131 Continental Dr, Suite 305, City of Newark, County of New Castle, Delaware 19713
    Email: hello@letslibra.com
    Phone: +1 (415) 212-1872
    
    
    

18. Summary of Key Google Limited Use Assurances
    The following statements are intended to aid platform reviewers and customers:
    • We access Google user data only to provide user-facing features requested by the user or their organization.
    • We do not use Google user data to develop, improve, or train generalized/non-user-specific AI/ML models.
    • We prohibit our third-party AI processors from using Google user data to train or improve their generalized models.
    • AI processing is per-request and ephemeral; we do not aggregate Google user data across customers to create generalized capabilities.
    • Any temporary caches are short-lived and are purged within a commercially reasonable period (typically within 30 days).
    • Users can disconnect Google at any time; upon disconnect, we cease access and delete remaining cached Google data within our standard purge window.
    • We do not sell Google user data. We do not permit processors to use Google user data for advertising.
    • Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use.
    
    
    

By using the Services, you acknowledge that you have read and understood this Privacy Policy.