← Back to TabHR

Privacy Policy

Last updated: February 2025

1. Introduction

TabHR (“we,” “our,” or “us”) provides a platform for creating and managing AI-powered virtual employees. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, website, and related products (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

We collect information you provide directly and information generated through use of the Service.

  • Account information. When you sign in (e.g., via Google), we receive and store your email address, name, and profile image from the provider. We use this to identify you and manage your account.
  • Company and profile data. You may provide company name, industry, website, location, size, description, mission, values, and notes. This is used to configure your workspace and, where applicable, to tailor AI-generated content for your virtual employees.
  • Virtual employee data. For each virtual employee you create, we store job descriptions, personas, titles, names, contact methods, chat sessions and messages, task data, deployment and console logs, and related configuration. Some sensitive fields (e.g., credentials) may be encrypted at rest.
  • Communications and chat. Messages you send to virtual employees and their replies are stored to maintain conversation history and to improve and operate the Service.
  • Integrations and credentials. If you connect third-party services (e.g., email, SMS, calendar), we store configuration and, where necessary, encrypted credentials to enable those integrations.
  • Billing information. Payment processing is handled by Stripe. We store Stripe customer identifiers and subscription state; we do not store your full payment card details.
  • Usage and technical data. We collect session data, log data (e.g., IP, user agent, timestamps), and information about how you use the Service (e.g., pages visited, actions taken) to operate, secure, and improve the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate you and manage your account and companies.
  • Run, deploy, and monitor virtual employees (including processing chat, tasks, and integrations).
  • Process payments and manage subscriptions.
  • Send you service-related notices and, where you have agreed, marketing or product updates.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our terms.
  • Analyze usage in an aggregated or de-identified way to improve our product and experience.

4. Data Storage and Security

We store your data on infrastructure chosen for reliability and security. We use industry-standard measures (including encryption in transit and, where applicable, at rest) to protect your information. Access to personal and sensitive data is limited to those who need it to operate and support the Service. We do not sell your personal information.

5. Third-Party Services

We use and integrate with third parties who may process your data:

  • Authentication. Sign-in may be provided by Google or other identity providers; their privacy policies apply to the data they collect and share with us. For a comprehensive disclosure of how TabHR accesses, uses, stores, and shares Google user data, see Section 6 (Google User Data).
  • Payments. Stripe processes payments. Their privacy policy applies to payment data they collect and process.
  • Hosting and infrastructure. Our application and data may be hosted on third-party providers (e.g., cloud providers); they process data on our behalf to run the Service.
  • AI and runtime. Virtual employees may use AI models and external services to perform tasks and generate responses; relevant data may be sent to those services in accordance with our agreements and your usage.
  • Integrations you enable. If you connect email, SMS, or other services, their respective privacy policies apply to data handled by those services.

6. Google User Data

TabHR integrates with Google services for sign-in and, when you choose to connect it, for Google Workspace. This section discloses how we access, use, store, and share Google user data.

  • Google Sign-In. When you sign in with Google, we receive and store your Google account email address, name, and profile image. We use this solely to authenticate you, identify your account, and manage your use of the Service. We store this in our database and do not sell it or use it for advertising.
  • Google Workspace (optional). If your company connects Google Workspace to TabHR, we use Google OAuth with limited scopes to enable provisioning of Workspace users for your virtual employees. We request access only to: (1) list domain names in your Workspace (admin.directory.domain.readonly), and (2) create and update user accounts in your Workspace (admin.directory.user). We do not access, read, or store the contents of Gmail, Google Drive, Google Calendar, or any other Google product—only the Directory API (domains and user account metadata) as needed to provide the integration.
  • Data we access and use via Google Workspace. When you use the Google Workspace integration, we: (a) receive and store OAuth access and refresh tokens (encrypted) so we can call the Admin SDK on your company’s behalf; (b) list your Workspace domain names to let you choose a domain when adding an employee to Workspace; (c) create or update Workspace users with data you provide (e.g., primary email, first and last name, recovery/alternate email, recovery phone, job title, profile photo). We use this data only to provision and manage Workspace accounts for your virtual employees. Temporary passwords for newly created Workspace users are generated by us, stored encrypted, and provided only to the virtual employee’s workspace so the agent can log in; we do not use them for any other purpose.
  • Storage and security. Google-derived data (including OAuth tokens and any stored emails/names used for Workspace provisioning) is stored in our systems with encryption where appropriate. Access is limited to what is necessary to operate and support the Service.
  • Sharing. We do not sell Google user data. We do not use Google user data for advertising. We share Google user data only: (1) as necessary to operate the Service (e.g., with Google’s APIs when you use sign-in or Workspace); (2) with our infrastructure and service providers who process data on our behalf under contract; and (3) when required by law or to protect rights and safety.
  • Your choices. You can disconnect Google Workspace at any time from the Integrations area of the Service. You can revoke TabHR’s access to your Google account via your Google account settings. Signing out or deleting your TabHR account does not automatically revoke Google’s access; you may need to revoke TabHR in Google account settings if you want to remove that access.

Google’s privacy policy and API terms also apply to your use of Google services. Our use of Google user data is limited to the purposes described in this section and is consistent with Google’s API Services User Data Policy, including the Limited Use requirements.

7. Cookies and Session Data

We use session and authentication tokens (including cookies where applicable) to keep you logged in and to secure the Service. You can control cookie settings in your browser; disabling certain cookies may affect your ability to use the Service.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. If you delete your account or request deletion, we will delete or anonymize your personal data in line with our retention practices and applicable law, except where we must retain data for legal or safety reasons.

9. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct or update your personal data (e.g., via account or company settings).
  • Request deletion of your personal data or your account.
  • Object to or restrict certain processing of your data.
  • Data portability (e.g., receive your data in a structured format).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (e.g., in the EU/EEA or UK).

To exercise these rights, contact us using the details in Section 12. We will respond in accordance with applicable law.

10. Children

The Service is not intended for users under the age of 16 (or higher where required by law). We do not knowingly collect personal information from children. If you believe we have collected such data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Material changes may be communicated via the Service or by email where appropriate. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or wish to exercise your rights, please contact us at the support or contact address provided in the Service or on our website.

← Back to TabHR