BOSBOS
Back to BOS

Legal · Privacy

Privacy Policy

How USEKASE Pte. Ltd. collects, uses, shares, and protects your information when you use BOS, including data accessed through Google APIs.

Last updated: 15 July 2026

1.Introduction

This Privacy Policy explains how USEKASE Pte. Ltd. ("USEKASE", "BOS", "we", "us") collects, uses, shares, and protects personal information when you use the BOS platform at bos.online and its connected integrations.

BOS is a business-operating-system platform used by organizations ("workspaces"). This policy describes how we handle information about you as an individual who signs in to and uses BOS. Where BOS processes personal data that your organization uploads or connects about its own customers, contacts, or employees, USEKASE acts as a data processor on that organization's documented instructions — those terms are in our Data Processing Addendum.

2.Information we collect

  • Account & profile data: your name, email address, and profile details you provide when you create an account or are invited to a workspace, together with your workspace role.
  • Content you create: the records, documents, messages, and other content you and your workspace create or upload within BOS.
  • Connected-service data: information from third-party accounts you choose to connect — see “Google user data” below.
  • Usage & device data: log data, access timestamps, IP address, and device/browser information generated as you use BOS.

3.Google user data

When you choose to connect a Google account, BOS requests only the access needed for the feature you are using. Scopes are requested incrementally — you are only asked for a permission when you first use the feature that needs it.

  • Gmail: with your permission, BOS reads your messages (gmail.readonly) to build a per-contact interaction timeline in the Sales module, and sends only the follow-up emails you explicitly approve (gmail.send). BOS never deletes or alters your existing mail.
  • Google Calendar: BOS reads your events (calendar.readonly) to log meetings against deals, and creates or updates only the events you confirm (calendar.events).
  • Google Drive: BOS saves documents it generates for you (drive.file), and reads only the files you attach or select for Knowledge ingest (drive.readonly). The optional onboarding scan reads file names and counts only (drive.metadata.readonly) — never file contents.
  • Google Meet: with your permission, BOS reads the transcript and Gemini notes document of meetings you attended (meetings.space.readonly) and attaches them to the matching calendar event as meeting notes. Action items extracted from them are only applied after you approve them.
  • Google Contacts: BOS reads your saved and auto-collected contacts (contacts.readonly, contacts.other.readonly) to enrich your CRM. This access is read-only.

How we use, store, and share Google data. Google user data is used solely to provide the user-facing features described above within your workspace. It is encrypted in transit (TLS 1.3) and at rest, and isolated per workspace. We do not sell it, do not use it for advertising, and do not allow humans to read it except with your consent, for security purposes, or where required by law.

AI processing. To power the Q assistant, relevant Google data may be sent to our AI sub-processor, Anthropic, solely to generate the output you requested. Under Anthropic's commercial API terms, your data is never used to train AI models.

Revoking access. You can disconnect any Google connection at any time from BOS Settings, or revoke BOS's access directly at myaccount.google.com/permissions. When you disconnect, BOS stops syncing and deletes the stored access tokens.

BOS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.How we use your information

  • Provide, operate, and maintain the BOS platform and its features.
  • Authenticate you and secure your account and workspace.
  • Power the AI-assisted features (the Q assistant) that you invoke.
  • Communicate with you about your account, security, and changes to the service.
  • Comply with legal obligations and enforce our terms.

We do not sell your personal information, and we do not use it for advertising.

5.AI processing and sub-processors

BOS uses third-party AI providers to deliver its assistant and search features. Anthropic, PBC provides LLM inference for the Q assistant, and Voyage AI provides text embeddings for knowledge search. Data you submit for AI processing is used only to generate the output you requested and, under these providers' commercial API terms, is not used to train their models. A current list of sub-processors is maintained in our Data Processing Addendum.

6.Cookies & analytics

BOS uses strictly necessary cookies to keep you signed in and to secure your session. We also use Google Analytics to understand aggregate, non-identifying usage of the platform so we can improve it. We do not use advertising cookies.

7.How we share information

We share personal information only as needed to operate BOS: with the infrastructure and AI sub-processors described above (our cloud hosting provider, Anthropic, and Voyage AI); with other members of your own workspace, according to your workspace's roles and permissions; and where required by law or to protect the rights and safety of our users. We never sell your personal information.

8.Data retention & deletion

We retain your personal information for as long as your account and workspace are active, and thereafter only as needed to comply with legal obligations, resolve disputes, and enforce our agreements. When you disconnect a Google account, stored tokens are deleted and syncing stops. On workspace termination, Customer Data is deleted or returned per the timelines in our Data Processing Addendum (a 30-day export window followed by a structural wipe).

9.Your rights & choices

Depending on your location, you may have the right to access, correct, delete, or port your personal information, and to object to or restrict certain processing. You can manage most of your data directly in BOS, disconnect connected accounts at any time (see “Google user data”), or contact us at the address below. Where your data is processed on behalf of your organization, please direct requests to your organization, which acts as the controller.

10.Security

We implement technical and organizational measures designed to protect your information, including encryption in transit and at rest, per-workspace isolation with row-level security, strict need-to-know access controls, audit logging, and regular vulnerability scanning. No system is perfectly secure, but we work continuously to protect your data.

11.International data transfers

BOS may process and store information in countries other than your own. Where personal data originating in the EEA, United Kingdom, or Singapore is transferred to a country without an adequacy decision, we rely on approved transfer mechanisms, including the European Commission's Standard Contractual Clauses.

12.Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you within BOS.

13.Contact us

If you have questions about this policy or your personal information, contact USEKASE Pte. Ltd. at legal@usekase.ai.