Privacy Policy
1. Overview
Theo helps people and teams find SaaS bills in Gmail, store bill artifacts, review spend, and export selected bills to Google Drive or a local download. This Privacy Policy explains what information Theo collects, how we use it, and the choices you have.
2. Information we collect
| Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email address, Google account identifier, workspace membership | Sign-in, account management, workspace access, support |
| Google OAuth tokens | Encrypted access and refresh tokens, granted scopes, token expiry | Access Gmail and Drive only as authorized by you |
| Gmail data | Email metadata, sender, subject, dates, message body snippets, bill attachments | Find SaaS bills, filter non-bill messages, extract bill details, store bill artifacts |
| Bill and spend data | Vendor, billing period, amount, currency, bill number, payment status, stored file metadata | Show folders, analytics, exports, and bill previews |
| Drive export data | Files and folders Theo creates in your Google Drive | Export selected bills and manifests at your request |
| Support and feedback | Messages, bug reports, feature requests, optional attachments | Respond to support requests and improve the service |
| Security and usage data | Login events, audit logs, IP-derived rate-limit data, error logs | Protect accounts, prevent abuse, debug issues, satisfy legal obligations |
3. Google user data and Limited Use
Theo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- Theo uses Gmail data only to find, classify, store, display, and export SaaS bills and receipts for you.
- Theo uses Google Drive access only to create or upload files and folders that you choose to export.
- We do not sell Google user data.
- We do not use Google user data for advertising or ad targeting.
- We do not use Gmail content to train, fine-tune, or improve generalized AI or ML models.
- We do not allow humans to read Google user data unless you ask us for support, it is needed for security or abuse investigation, it is required by law, or the data is aggregated and anonymized.
4. Google scopes Theo requests
| Scope | Why Theo needs it |
|---|---|
| openid, email, profile | Sign you in, identify your account, and show your name or email in the app. |
| https://www.googleapis.com/auth/gmail.readonly | Read Gmail messages and attachments to find SaaS bills and receipts. Theo does not modify, delete, or send email with this scope. |
| https://www.googleapis.com/auth/drive.file | Create and manage bill export files that Theo creates or that you explicitly choose in Google Drive. |
5. How we use information
- Authenticate users and keep accounts secure.
- Search Gmail for likely SaaS bills and filter out unrelated messages.
- Store private bill artifacts so you can view, download, and export them later.
- Show spend analytics by vendor, month, user, and workspace.
- Export selected bills to Google Drive or a local ZIP file.
- Provide team collaboration, support, billing, security, and product maintenance.
6. Sharing and processors
We do not sell personal information. We share information only as needed to provide Theo, comply with law, protect rights and security, or with your direction. Our service providers may include cloud hosting, database, object storage, email delivery, analytics, support, and error monitoring providers. These providers may process information only for Theo's purposes.
Google provides Gmail, Drive, and sign-in services under your Google account. Theo stores bill metadata in its database and stores private bill artifacts in cloud object storage.
7. Retention
We keep account, bill, workspace, and support information while your account is active or as needed to provide the service. You can delete your account from the Account page. Account deletion removes user-owned bill metadata, stored bill artifacts, OAuth tokens, settings, and related account data, except limited records that must be retained for security, legal, tax, or audit purposes.
8. Your controls
- You can disconnect Theo by revoking access in your Google Account permissions.
- You can export your account data from Theo's Account page.
- You can delete your Theo account from the Account page.
- You can ask us to access, correct, delete, or restrict use of your personal information.
9. Security
Theo uses HTTPS in transit and encrypts stored Google OAuth tokens with AES-256-GCM. Bill artifacts are stored privately and served through authenticated endpoints. We use access controls, rate limits, tenant scoping, audit logs, and monitoring to protect the service.
10. International processing
Theo and its providers may process information in countries other than where you live. Where required, we rely on appropriate safeguards for international transfers.
11. Children
Theo is intended for business use and is not directed to children. We do not knowingly collect personal information from children.
12. Changes
We may update this Privacy Policy as Theo changes. If changes are material, we will provide notice in the app or by email where required.
13. Contact
Privacy requests: subhro@theoforwork.com
Support: subhro@theoforwork.com
Website: https://theoforwork.com