Legal

Privacy Policy

Last updated:

Agent Integrator is software middleware that lets users connect their accounts on third-party platforms — such as Google Calendar, HubSpot, Calendly, GoHighLevel, Zoho, SendGrid, Twilio, Shopify, and Stripe — to AI agents they have built and authorized. This page describes what data Agent Integrator handles, how it is used, who else may see it, and how it is protected.

1. Information we receive

When you click Connect for any third-party provider, you are redirected to that provider's own consent screen. After you grant consent, the provider issues us short-lived access tokens (and, where offered, refresh tokens) scoped to the permissions you approved. We also receive the basic account-identifying information needed to label the connection in your dashboard — typically your account email, your organization or shop name, a calendar name, or a non-sensitive account identifier.

We do not receive your password for any third-party platform. The provider authenticates you directly; only the resulting tokens cross our boundary.

Google user data specifically

If you connect Google Calendar, the data we may access on your behalf is limited to the scopes you approve at consent, which currently are:

We do not request, read, or store any other Google user data, including Gmail messages, Drive files, Contacts, or any restricted scopes outside the ones listed above.

2. How we use the data

Tokens and provider data are used solely to perform the actions your AI agent is authorized to take on your behalf — for example, checking free time slots in your Google Calendar, creating a calendar event when a caller books an appointment, creating a contact in your CRM, sending a transactional email, or fetching an order status.

We do not sell, rent, advertise against, or monetize Google user data or any other connected-provider data. We do not use Google user data for any purpose other than fulfilling the user-initiated action that requires it.

3. Subprocessors and third parties with whom we share data

To deliver the service we rely on a small set of subprocessors. Google user data flows through them only as needed to fulfill a user-initiated agent action — for example, when your AI voice agent needs to ask the LLM "given the free slots at 2pm and 3pm, which one fits the caller's preference?" the relevant calendar fragment is passed in-memory to the LLM provider hosting that turn of the conversation.

SubprocessorPurposeMay see Google user data?
Amazon Web Services (AWS)Compute and file storage (knowledge-base files, call recordings, transcripts).Yes — when calendar data appears in an agent transcript or recording, that record is stored in AWS S3.
CloudflareCDN and SSL termination for app and tenant domains.Only as encrypted in-transit traffic. No data is stored at Cloudflare.
VAPIVoice-agent platform that runs the AI conversation, including tool calls back to our calendar endpoints.Yes — calendar tool responses pass through VAPI's runtime.
OpenAILarge language model that decides agent responses for voice and chat turns (used directly and as the inference backend for VAPI voice agents).Yes — calendar fragments may be included in the model's input context for the turn.
TavusVideo-agent platform that runs the AI persona for video calls.Yes, when using a video agent — calendar tool responses pass through Tavus's runtime.
TwilioPhone numbers and SMS delivery.No. Twilio carries voice audio and SMS, not structured calendar data.
StripeBilling and subscriptions.No.

Each of these providers operates under its own enterprise-grade privacy and security commitments. We do not share Google user data with any party not in this list, and we do not share it for advertising, marketing, or any purpose unrelated to the user-initiated agent action.

4. Storage and security

We apply the following protections to Google user data and all other connected-provider data:

5. AI and machine learning

We do not use Google user data — or any connected-provider data — to train, fine-tune, or improve any AI or machine-learning model, ours or any third party's.

Agent Integrator passes connected-provider data (including Google Calendar fragments such as free/busy windows or event titles your agent reads or writes) to third-party AI providers only as part of the inference context for the specific user-initiated turn of the conversation, and only when that turn requires it to fulfill the action you asked the agent to perform.

The third-party AI providers we use, and how they handle data, are:

Connected-provider data is never sent to any AI provider for the purpose of model training, evaluation, benchmarking, or product improvement. It is only sent as inference input for the specific live turn that needs it.

6. Retention and deletion

Tokens are retained as long as the integration is connected. When you click Disconnect on the integrations page, the tokens are deleted from active storage and we call the provider's revoke endpoint.

You can also:

Routine encrypted backups are retained for up to 30 days on a rolling basis as part of standard operational continuity, after which they are overwritten. On account deletion, we delete all live data immediately; any data still present in rolling backups is overwritten within the 30-day window.

7. Your rights

You can:

8. Compliance with the Google API Services User Data Policy

Agent Integrator's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This means Google user data is used only to provide or improve user-facing features that are prominent in the requesting application's user interface, is not transferred to others except as necessary to provide or improve those features, is not used for advertising, and is not read by humans except with explicit user consent or for security/legal/operational reasons.

9. Cookies and analytics

This website uses only the cookies necessary to operate. We do not run third-party advertising trackers or sell visitor data. Limited aggregate analytics may be used to understand which pages are loading slowly or returning errors, but no individual identification is performed on this marketing site.

10. Children

Agent Integrator is not directed at children under 13 (or under 16 in regions where that is the applicable age threshold), and we do not knowingly collect personal information from minors.

11. International data

Connected provider tokens may be processed in the region selected by the platform operator that bundles Agent Integrator into their product. Where applicable laws (such as GDPR or UK-GDPR) confer additional rights — access, correction, deletion, portability, objection — those rights are honored on request via support.

12. Changes

We may update this policy. The "last updated" date at the top reflects the most recent change. Material changes affecting how Google user data or other connected-provider data is handled will be communicated to active users.

13. Contact

For privacy questions, please reach out via the support page or email support@myswiftly.ai. The operator of the platform that bundles Agent Integrator into their product is the data controller for your account.

See also: Terms of Service · Data Deletion · Support