1. Information We Collect

• Account data: name, company, work email, billing information.
• Plan data: drawings, models, metadata, and annotations you upload.
• Usage data: logs, audit events, device/browser details, and support interactions.
• Derived insights: conflict logs, RFI drafts, and analytics generated from your inputs.
• Email integration data: If you connect a third-party email account (such as Gmail or Microsoft Outlook), we access email message content, headers, attachments, and contact information solely to provide in-app email features you initiate. See Section 2a below for details.

2. How We Use Information

• Deliver and improve the Services, including AI-powered plan analysis.
• Provide customer support, training, and product announcements.
• Monitor abuse, enforce policies, and secure the platform.
• Comply with legal obligations and respond to lawful requests.

2a. Third-Party Email Integrations (Gmail & Outlook)

Foreman AI offers optional email integrations so you can search, read, and send email directly from within the application. These integrations are entirely opt-in — no email data is accessed until you explicitly connect your account.

Google Gmail Integration

When you connect your Gmail account, Foreman AI requests the following permissions (scopes):

• gmail.readonly — Read email messages and metadata so you can search and view emails within Foreman AI.
• gmail.send — Send emails on your behalf when you compose and send a message through Foreman AI.

How we use your Gmail data:

• Display email search results and message content inside the Foreman AI interface when you request it.
• Send emails you compose through the Foreman AI interface.
• Provide AI-assisted email drafting and responses when you use the Foreman Autopilot feature.

What we do NOT do with your Gmail data:

• We do not store, cache, or retain copies of your email messages on our servers. Email content is fetched in real time and displayed only during your active session.
• We do not use your email data for advertising, marketing, or any purpose unrelated to the Services.
• We do not sell, share, or transfer your email data to third parties, except as required to provide the Services or comply with law.
• We do not use your email data to train machine-learning or AI models.

Foreman AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Microsoft Outlook Integration

When you connect your Microsoft account, similar permissions are requested via Microsoft Graph to search, read, and send email. The same data-handling principles described above apply.

Disconnecting Email Integrations

You may disconnect your Gmail or Outlook account at any time from the Integrations panel in your Foreman AI session. Upon disconnection, all stored OAuth tokens are immediately deleted from our systems and no further access to your email occurs.

3. How We Share Information

• With service providers that support hosting, storage, email, and analytics under strict confidentiality.
• With your authorized teammates or workspace admins, per your settings.
• When required by law, subpoena, or to protect Foreman AI and its users.
• In connection with a merger, acquisition, or financing, subject to appropriate safeguards.

4. Security & Retention

• We employ encryption in transit, role-based access, monitoring, and secure infrastructure.
• Customer Data is retained for the duration of your subscription and deleted within 90 days of termination unless otherwise agreed.
• Backups and audit logs may be stored longer to meet regulatory or safety requirements.

5. Your Choices & Rights

• Update profile details in-app or by contacting support.
• Request export or deletion of Customer Data, subject to contractual and legal limits.
• Manage marketing communications via unsubscribe links or email preferences.
• Connect or disconnect third-party email accounts (Gmail, Outlook) at any time from the Integrations panel. You can also revoke Foreman AI's access directly from your Google Account permissions or Microsoft account permissions pages.

6. International Transfers

• We store data in the United States and rely on contractual safeguards for cross-border transfers.
• EU/UK users may enter into standard contractual clauses for additional assurances.

7. Children

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a minor has provided data, contact us to remove it.

8. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the revised version with a new effective date and notify you when material updates occur.