Privacy Notice

Google user data

YAO LifeOS requests Google access only after the user starts a connection flow and approves Google OAuth consent. The service uses the minimum practical scope for each feature stage.

Drive alpha uses a user-selected or app-created Drive root. Gmail and Calendar public beta access remain blocked until the Google verification and restricted-scope review posture is complete.

Storage posture

OAuth token bodies are stored only in encrypted backend vault custody. Ordinary operational records store provider name, scope, status, root reference, source pointer, summary, audit status, and secret references rather than token bodies.

Gmail raw message body storage is denied by default. Summaries and source pointers are preferred for LifeOS project context.

User controls

Users can disconnect providers, request export of LifeOS-managed operational data, and request deletion of LifeOS-managed data.