Privacy Policy

Last updated: February 23, 2026

What BossBot Does

BossBot ("we", "our", "the Service") helps you get feedback on your documents before your boss sees them. It learns your manager's feedback patterns from their real comments on Google Docs, then uses those patterns to pre-review your drafts.

Google User Data

BossBot accesses your Google Drive data through OAuth 2.0 with your explicit consent. We request read-only access to your Google Drive. Specifically:

  • drive.readonly — to read documents and comments from your Google Drive
  • drive.metadata.readonly — to list file names and metadata
  • drive.activity.readonly — to discover files with comment activity
  • userinfo.email — to identify your account

BossBot cannot create, edit, or delete any files in your Google Drive. We only read documents and comments that you explicitly choose to analyze.

How We Use Your Data

  • We read your boss's comments from Google Docs to build a feedback style profile.
  • We read document content to provide context-aware feedback predictions.
  • We store extracted comments and style profiles in our database to power predictions.
  • We do not use your data to train AI models.
  • We do not sell, share, or transfer your data to third parties.
  • We do not use your data for advertising or marketing purposes.

Data Storage and Security

  • Your data is stored in Supabase (PostgreSQL) with row-level security.
  • Google OAuth tokens are stored encrypted in our database and used only to access files you have explicitly selected.
  • All connections use HTTPS/TLS encryption in transit.
  • Document content is processed transiently and not stored permanently.

Data Retention and Deletion

You can delete your boss profile and all associated feedback data at any time from the Boss Profile page. Deleting a boss profile permanently removes all stored comments, style profiles, and feedback instances. You can also disconnect Google Drive at any time, which revokes our access to your files.

Third-Party Services

  • Supabase — authentication and database hosting
  • Google — Google OAuth and Drive API for accessing files you select
  • OpenAI / Anthropic — AI inference for feedback predictions (document content is sent transiently; not used for model training)
  • Vercel — application hosting

Your Rights

You can:

  • View all data we have about you from the dashboard
  • Delete all your data at any time
  • Disconnect Google Drive to revoke access
  • Delete your account entirely

Contact

For questions about this privacy policy, contact us at forrestmill@gmail.com.