Privacy Policy

Effective date: May 20, 2026

This Privacy Policy describes how Human Peak ("Human Peak", "we", "us") collects, uses, stores and protects your personal information when you use our personalized AI assistant service (the "Service"), available primarily through WhatsApp and the website at humanpeak.ai.

Human Peak is based in São Paulo, SP, Brazil. For any privacy-related questions, contact contato@humanpeak.ai.

1. Information we collect

We collect only the data needed to provide the Service:

  • Account information. Name and email address when you authenticate with Human Peak or sign in with Google.
  • Google Workspace content. When you explicitly authorize access via Google OAuth, we may access content from Gmail, Google Calendar, Google Drive, Google Docs and Google Sheets, strictly limited to the scopes you consent to.
  • WhatsApp messages. Messages you send to and receive from your personal AI assistant, along with related metadata (timestamps, phone number).
  • Usage logs. Technical logs of commands executed by the assistant, errors and timestamps, used for reliability and abuse prevention.

2. How we use Google user data

Human Peak's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We access your Google Workspace data only to fulfill tasks you explicitly request through your personal AI assistant. Specifically, we do not:

  • Use Google user data to train generalized or third-party AI/ML models.
  • Sell Google user data or share it for advertising purposes.
  • Transfer Google user data to third parties, except as necessary to provide or improve user-facing features that are prominent in the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Allow humans to read Google user data, unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.

Use by OAuth scope:

  • gmail.modify / gmail.send / gmail.readonly — read, draft, send, label and organize email messages on your behalf when you ask the assistant to do so.
  • calendar / calendar.events — read, create, update and delete events on your calendars when requested.
  • drive / drive.file — read and write files in Google Drive when you ask the assistant to summarize, create or modify documents.
  • documents / spreadsheets — read and edit Google Docs and Sheets content for tasks you initiate.
  • userinfo.email / userinfo.profile / openid — identify your account and link it to your assistant.

3. Legal basis (GDPR / LGPD)

We process your personal data based on your consent (granted when you connect Google or WhatsApp), the performance of a contract (providing the Service you signed up for), and our legitimate interest in operating and securing the Service. You may withdraw consent at any time.

4. Storage and retention

  • OAuth tokens are stored encrypted at rest (JWE) inside the isolated Docker container dedicated to your account.
  • WhatsApp messages are retained for up to 90 days to provide conversational context to your assistant and are then automatically deleted.
  • Google content is read on demand to perform your tasks. We do not maintain long-term copies of your emails, calendar events or files outside of short-lived processing caches strictly needed to complete a task.
  • Account deletion. You may request account deletion at any time by emailing contato@humanpeak.ai. All personal data and OAuth tokens are erased within 30 days, except where we are legally required to retain specific records.

5. Security

  • Each customer's assistant runs in an isolated Docker container, segregating data between tenants.
  • OAuth tokens and sensitive credentials are encrypted at rest using industry-standard cryptography.
  • All connections between clients, our servers and Google APIs use TLS.
  • Access to production systems is restricted to authorized personnel and protected by strong authentication.

6. Data sharing and subprocessors

We do not sell or rent your personal data. We share data only with the following subprocessors, strictly to operate the Service:

  • Google LLC — Google Workspace APIs and identity (OAuth).
  • Hetzner Online GmbH — compute infrastructure hosting the assistant containers.
  • Vercel Inc. — hosting of the public website at humanpeak.ai.
  • WhatsApp / Meta Platforms, Inc. — delivery of messages between you and your assistant.

7. Your rights

Subject to applicable law (including GDPR in the EU and LGPD in Brazil), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data.
  • Request portability of your data.
  • Object to or restrict certain processing.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection authority (in Brazil, ANPD).

To exercise these rights, email contato@humanpeak.ai.

8. Revoking Google access

You can revoke Human Peak's access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing the Human Peak application. Once revoked, we will no longer be able to access your Google Workspace data on your behalf.

9. Children's privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

10. International transfers

Your data may be processed in countries other than your country of residence, including the United States and Germany, where our subprocessors operate. We rely on appropriate safeguards such as Standard Contractual Clauses where applicable.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Effective date" at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

Questions, requests or complaints regarding this Privacy Policy can be sent to:

Human Peak
São Paulo, SP, Brazil
contato@humanpeak.ai

See also: Terms of Service.