Golem

← Cover

Privacy Policy

Effective April 28, 2026

1. Who we are

Golem (“we,” “our,” or “us”) operates personalgolem.com — a private relationship-intelligence tool. This policy explains what personal data we collect, why, and how you can control it.

2. Data we collect

Account data

Your email address, used to authenticate you and send transactional messages (magic links, OTP codes). We do not collect a password.

Google account data (optional)

If you connect a Google account, we access the following via the Google API — solely to power your Golem workspace:

  • Gmail (read-only): email headers, bodies, and metadata, used to build your relationship memory and surface conversation history.
  • Google Calendar (read-only): event titles, attendees, and times, used to track meetings and upcoming interactions.
  • Google Contacts (read-only): contact names and email addresses, used to enrich people records.

We store only the data necessary to provide the service. Raw email bodies are processed to extract structured information and then may be retained in encrypted form to support search and memory features. We do not index or store email attachments.

Usage data

Server logs (IP address, request path, timestamps) retained for up to 30 days for security and debugging. We do not use third-party analytics trackers.

3. How we use your data

  • To operate and improve the Golem service for you.
  • To send authentication emails (no marketing email without consent).
  • To detect and prevent fraud or abuse.

We do not sell your data, share it with advertisers, or use it to train AI models that are shared outside your workspace.

Golem’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data storage and security

All data is stored on servers within the United States. Sensitive credentials (OAuth tokens) are encrypted at rest using AES-256-GCM with per-tenant encryption keys. Data in transit is protected by TLS 1.2 or higher.

Each workspace is logically isolated. Row-level security in the database prevents one workspace from accessing another’s data.

5. Data retention and deletion

You can disconnect a mailbox or delete your account at any time from Settings → Integrations. Disconnecting a mailbox removes its OAuth credentials and stops further syncing. The “Shred” action permanently deletes all indexed mail data for that connection.

To delete your entire account and all associated data, email privacy@personalgolem.com. We will process deletion within 30 days.

6. Third-party services

We use a limited set of sub-processors to operate Golem:

  • Google APIs — to access your connected Google account (only with your explicit consent).
  • Vultr — cloud hosting and managed database in the US.
  • Ionos — transactional email delivery.

No personal data is shared with any other third party.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at privacy@personalgolem.com.

8. Changes to this policy

We may update this policy. Material changes will be communicated via email or a notice in the app. Continued use after the effective date constitutes acceptance.

9. Contact

Questions about this policy: privacy@personalgolem.com