AI Oracle
Sign in

Privacy Policy

Effective June 4, 2026

This Privacy Policy explains how Blast Off Apps LLC, a West Virginia limited liability company ("Blast Off Apps", "we", "us", or "our"), collects, uses, shares, and protects information in connection with AI Oracle (the "Service"), available at aioracleapp.com. Blast Off Apps is the data controller for personal data processed in connection with the Service.

Contact: adam@aioracleapp.com.

1. Information we collect

a. Account information

When you sign in we record your email address (provided through Supabase Auth) and create an organization membership. We do not store passwords; authentication runs through magic-link email.

b. Connected-service tokens

When you connect a third-party service we receive an OAuth access token and, where the provider supports it, a refresh token. We store these tokens to make authenticated requests on your behalf, and we request only the permissions a feature actually needs — for Google, read-only access to the specific Docs, Sheets, and Slides you check, and nothing more. We never see, request, or store your password to those services. The connection available to all users today is Google; additional integrations (Notion, GitHub, Atlassian, Linear, Slack, and Zapier) are offered through AI Oracle's agent platform. The full list of connectable services, and the exact scope we request from each, is in Section 5.

c. Content you create in the Service

Decision records, agent configurations, agent memories, notes, and other content you create are stored in our database and associated with your account.

d. Content fetched from connected services

When an agent runs, it may fetch data from a service you connected (for example, the text of a Google Doc you ask it to reconcile, or a Notion page you ask it to summarize). The fetched content passes through our servers in transit and is included in the prompt sent to our AI provider for that run. We retain the agent's run record (including a summary of what it did and the resulting memories) but we do not separately store the raw fetched content unless you explicitly save it as a memory or decision in the Service.

e. Usage and diagnostic data

We collect basic logs (request times, endpoint paths, error messages, IP address, user-agent string) to operate, secure, debug, and monitor the Service. We do not run third-party analytics, advertising trackers, or session-replay tools.

2. How we use your information

  • To provide and operate the Service (authenticate you, run your agents, store your decisions);
  • To debug, monitor, secure, and improve the Service;
  • To communicate service-relevant updates (security notices, account messages, billing changes if introduced);
  • To respond to your support requests;
  • To enforce our Terms of Service, prevent abuse, and protect the rights, property, or safety of Blast Off Apps, our users, and the public;
  • To comply with legal obligations and respond to lawful requests.

Blast Off Apps does not sell your personal information, share it with advertisers, or use it to train third-party AI models.

3. Legal bases for processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:

  • Contract. Processing necessary to provide the Service you have signed up for.
  • Legitimate interests. Operating, securing, and improving the Service, preventing abuse, and communicating service updates — balanced against your rights and interests.
  • Consent. Where you have explicitly authorized a connected service via OAuth, or where a specific feature requires opt-in consent.
  • Legal obligation. Where we are required by law to process or retain certain data.

4. Google user data — limited-use disclosure

AI Oracle's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We use Google user data only to provide and improve the user-facing features that are prominent in the AI Oracle app.
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, or to comply with applicable law.
  • We do not use Google user data for serving advertisements, including retargeting or personalized advertising.
  • Humans do not read Google user data unless we have your explicit consent for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.

Concretely, AI Oracle requests read-only access to only the Google Docs, Sheets, and Slides you ask it to check — the documents.readonly, spreadsheets.readonly, and presentations.readonly scopes, plus your basic profile and email address for sign-in. We do not request the broad Google Drive scope, and we do not request access to Gmail, Google Calendar, Contacts, or any other Google product. When you reconcile a document by link, we read only that one document, by its identifier, through the typed Google Docs, Sheets, and Slides APIs — we do not browse, list, or download the rest of your Drive.

5. Subprocessors and third parties

The Service relies on a small number of third-party providers, each acting as a subprocessor to Blast Off Apps:

  • Supabase, Inc. — database, authentication, file storage, and edge-function hosting. Privacy
  • Anthropic, PBC — large-language-model inference for agent runs (Claude). Per Anthropic's commercial terms, your data is not used to train their models. Privacy
  • OpenAI, L.L.C. — text embeddings used to index and search your decision corpus, and the language-model judge used to detect conflicts and relevance. Per OpenAI's API terms, your data is not used to train their models. Privacy
  • Vercel Inc. — application hosting and content delivery. Privacy
  • Connected services you choose — only when you explicitly connect them, and only with the scopes shown on that provider's consent screen during sign-in. We request the minimum each feature needs; the current request from each service is broken out below.

What we request from each connected service

AI Oracle requests only the permissions a feature needs, and read-only access wherever reading is enough. The connection available to all users today is Google; the remaining integrations are offered through AI Oracle's agent platform and request access only when you connect them.

  • Google (Docs, Sheets, Slides). Read-only access to the documents, spreadsheets, and presentations you check — the documents.readonly, spreadsheets.readonly, and presentations.readonly scopes — plus your basic profile and email for sign-in. We do not request broad Google Drive access, Gmail, Google Calendar, Contacts, or any other Google service (see Section 4).
  • Notion. Read and search the pages in the workspace you authorize, and append blocks you ask an agent to add.
  • GitHub. Read repositories and your user profile, and open or update issues (repo, read:user).
  • Atlassian (Jira / Confluence). Read your Jira user and Jira work items, create or update Jira work, and read Confluence content summaries (read:jira-user, read:jira-work, write:jira-work, read:confluence-content.summary).
  • Linear. Read and write issues (read, write).
  • Slack. Search and read channels, read channel history, and post messages you ask an agent to send (search:read, channels:read, channels:history, chat:write).
  • Zapier. Only the actions you configure inside Zapier's own connection; AI Oracle exercises just the actions you expose to it there.

Each grant is per-user and revocable: you can disconnect any service from the Connections page in the Service, or from the provider's own security settings, at any time (see Section 9).

Blast Off Apps may also disclose your information when required by law, valid legal process, or to protect the rights, property, or safety of Blast Off Apps, our users, or the public. In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction, subject to the protections of this Policy.

6. Browser extension

AI Oracle publishes a Chrome browser extension that connects to your AI Oracle workspace. The extension is gated by an API token you generate at aioracleapp.com/connections and paste into the extension's options page; without that token the extension transmits nothing. Below is exactly what the extension reads, sends, and stores. This section mirrors the permissions declared in the extension's manifest.

a. What the extension stores locally

The following items are stored in chrome.storage.local on your device. They are not synced to your Google account and are not transmitted anywhere except to the AI Oracle workspace you configured. Removing the extension deletes this local storage.

  • Your API token.
  • The workspace base URL you configured.
  • The id of the team (workspace) the team-switcher is currently pointed at, if you belong to more than one.
  • The timestamp of the most-recent inbox alert you've already seen.
  • A draft of any in-progress capture (typed body and title) so the popup survives being closed.
  • Your most-recent Ask question, the synthesized answer, and the citation cards returned, so reopening the popup restores them.

b. What the extension transmits, and when

Every request below is to your configured AI Oracle workspace only and carries your API token; if you belong to more than one team, it also carries the id of the team you have selected, as a ?org= query parameter, so the server acts in the right corpus and can verify your membership in it. All actions are user-initiated except the inbox poll. The extension does not contact any third-party analytics, advertising, telemetry, or error-reporting service, and it does not load remote scripts.

  • Capture from the popup. Clicking Create note sends the active tab's URL and title, the text you have selected on the page (if any), and the body and category you typed in the popup to /api/notes/quick.
  • Capture from the floating button. Clicking the in-page "+" button sends the page's URL, title, and your current text selection (if any) to /api/notes/quick. The button transmits nothing until you click it.
  • Append to an existing note. Choosing an existing note from the popup's match list and clicking Add to selected sends the captured body, optional separator, and an optional rename to /api/notes/{id}/append.
  • Link a captured note. Selecting other notes or decisions in the post-capture attach panel and clicking Attach sends those target IDs, a relation label, and an optional rationale to /api/notes/{id}/attach.
  • Find-related search. While the popup is open, the extension sends the active tab's URL, title, and your typed body (capped at 2,000 characters) to /api/match so the popup can offer existing notes and decisions to append to instead of duplicating. The content script never calls this endpoint; only the popup does, and only while you have it open.
  • Typed search. Text you type into the popup's quick-search field is sent to /api/search.
  • Reconcile / Find similar. Clicking Reconcile (or Find similar on the Home tab) sends the active tab's URL to /api/check, which runs the conflict-and-relevance judge and returns Blockers, Supporting, and Warning matches from your corpus. For Google Docs, Sheets, and Slides, AI Oracle fetches the content server-side via your own Google connection. For other sites, the extension reads the page's selectable body text (capped at 60,000 characters) from the active tab and includes it in the request.
  • Paste check. Text you paste into the Paste tab and the contents of text files you attach (capped at 60,000 characters combined) are sent to /api/check.
  • Ask. Questions you type into the Ask tab are sent to /api/ask.
  • Rate a result. When you mark whether a surfaced item was the right call (the thumbs-up / thumbs-down control), the extension sends that rating and the item's id to /api/check/feedback.
  • Switch teams. If you belong to more than one team, the popup lists them by calling /api/me/orgs and reads your identity for the header via /api/me. Selecting a team stores its id locally and appends it as ?org= to subsequent requests; the server validates your membership before acting.
  • Inbox polling (background). Every two minutes the service worker calls /api/alerts/unread. This request carries only your API token (and the selected team id, if any) — no page content, no URL, no title.

The only destination for any of the above traffic is the AI Oracle workspace URL you configured (default https://aioracleapp.com).

c. Permissions the extension declares

  • storage. Persists the items listed in section (a) above in chrome.storage.local.
  • alarms. Schedules the recurring two-minute inbox poll that updates the toolbar badge.
  • notifications. Shows a desktop notification when a new alert arrives in your AI Oracle inbox while the extension is running.
  • activeTab + scripting. Reads the title, URL, current text selection, and (for non-Google sources during Reconcile) the body text of the tab you have explicitly clicked the AI Oracle icon on. Used only when you initiate Capture or Reconcile, and only on the active tab.
  • tabs. Opens the AI Oracle dashboard, a matched decision, an attached note, or an inbox item in a new tab when you click a result inside the extension popup or a notification.
  • clipboardRead. Reads navigator.clipboard.readText() only while the popup is open, to populate the "Clipboard" preview row at the bottom of the editor so you can insert clipboard contents into a note or question with one click. Clipboard contents stay on your device unless you explicitly insert them and submit.
  • host_permissions: aioracleapp.com. The only URL the published extension is allowed to call. The extension does not have host permissions for any third-party site. (Internal development builds may additionally target a project-controlled staging URL, but the published extension declares only aioracleapp.com.)
  • content_scripts on <all_urls>. Injects a floating capture button on http(s) pages. The script bails out inside iframes and on browser-internal URLs, transmits nothing on its own, and only sends the page's URL, title, and your text selection to your configured AI Oracle workspace when you click the button. It never injects remote code.

d. Retention and deletion

Data the extension transmits is governed by the retention rules in this Policy for the AI Oracle account it is sent to (see Section 7 below for retention, and Section 9 for your access, correction, and deletion rights). The extension itself retains nothing on AI Oracle's servers beyond what the corresponding API endpoint stores; uninstalling the extension does not by itself delete content already saved to your account, which you can edit or delete from inside the AI Oracle web app.

7. Data retention

We retain account data and content you create for as long as your account is active. When you delete your account or remove a connection, the corresponding tokens and content are deleted within 30 days, except where retention is required by law or reasonably necessary for security investigation. Service logs are retained for up to 90 days.

8. Security

Blast Off Apps uses HTTPS in transit and relies on Supabase's at-rest encryption for the database. OAuth tokens and client secrets are stored in plaintext columns today and will be moved to encrypted-at-rest storage in a near-term release. Access to production data is limited to authorized personnel of Blast Off Apps LLC.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and any required regulator without undue delay and in line with applicable law.

9. Your choices and rights

  • Access and portability. Email adam@aioracleapp.com to request a copy of the personal data Blast Off Apps holds about you.
  • Correction and deletion. You can edit or delete decisions, memories, and connections from within the Service. To correct or delete other personal data, or to delete your entire account, email the address above.
  • Disconnect a service. Use the Connections page to remove a connection at any time. You can also revoke AI Oracle's access from the third party itself (e.g. myaccount.google.com/permissions for Google).
  • Object or restrict. You may object to or request that we restrict certain processing activities. Where processing is based on your consent, you may withdraw consent at any time without affecting prior processing.
  • Lodge a complaint. If you are in the EEA or UK, you have the right to lodge a complaint with your local data-protection authority.

We will respond to verifiable rights requests within the time required by applicable law (typically 30–45 days).

10. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), grants you specific rights regarding your personal information. The categories of personal information Blast Off Apps collects, the purposes for which we collect them, and the categories of recipients are described in Sections 1, 2, and 5 above.

  • Right to know. You may request the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to delete. You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to correct. You may request correction of inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing. Blast Off Apps does not sell or "share" (as defined under the CCPA) your personal information, and has not done so in the preceding 12 months.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise any CCPA right, email adam@aioracleapp.com. We will verify your request based on the email associated with your account.

11. Children

The Service is not directed to children under 13 (or under 16 in the EEA / UK), and Blast Off Apps does not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

12. International transfers

Blast Off Apps' infrastructure is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required by law (including for transfers from the EEA and UK), Blast Off Apps relies on standard contractual clauses with its subprocessors and applies appropriate technical and organizational safeguards.

13. Changes to this Policy

Blast Off Apps may update this Policy from time to time. Material changes will be posted on this page with a new effective date and, where reasonably possible, communicated by email. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact

Privacy questions, data-rights requests, and breach reports:

Blast Off Apps LLC
Registered in the State of West Virginia, USA
Email: adam@aioracleapp.com