← Back to Home

Privacy & Data Policy

Your data security is paramount. Here's exactly how OpsChaos Scanner works.

πŸ”’ Read-Only Access Only

We request the minimum permissions needed to analyze your operational data. We can never modify, delete, or send data on your behalf.

Google Workspace

  • gmail.readonly β€” Read email metadata (sender, timestamp, thread structure). Never reads email body content.
  • calendar.readonly β€” Read calendar events (title, description, duration, attendees).
  • drive.metadata.readonly β€” Read file metadata (name, owner, folder structure). Never accesses file contents.

Slack

  • channels:read β€” List public and private channels.
  • channels:history β€” Read message counts and thread structure (not content).
  • users:read β€” Read user list for de-duplication.
  • search:read β€” Search for mentions of time-tracking tools.

ClickUp

  • Read-only access to workspaces, spaces, tasks, and custom fields.
  • Analyzes task lifecycle (created β†’ done), assignees, due dates, and statuses.
  • Detects presence of time-tracking features.

Notion

  • Read access to pages and databases you explicitly grant during OAuth.
  • Analyzes page structure, database properties, and relation usage.
  • Detects duplicate pages and orphaned content.

⏱️ 72-Hour Ephemeral Storage

  • βœ“All scan data automatically deletes after 72 hours.
  • βœ“OAuth access tokens are cleared immediately after analysis completes.
  • βœ“We never store refresh tokens β€” one-time access only.
  • βœ“Only aggregated metrics are stored, never raw email/message content.
  • βœ“You can delete all data instantly at any time using the "Delete My Data" button.

🚫 What We Never Do

  • βœ—Read email body content or attachments.
  • βœ—Store Slack message content; only counts, timestamps, and thread structure are used.
  • βœ—Access Google Drive file contents.
  • βœ—Store or share your data with third parties.
  • βœ—Send emails, messages, or modify any data in your tools.
  • βœ—Use your data for training AI models.

Data Collection & Processing

We collect only aggregated operational metrics: message counts, meeting durations, task completion rates, file organization statistics. We do not store message bodies or file contents. Data is processed in-memory and only aggregated results are stored temporarily.

Data Retention

All session data (tokens, metrics, reports) is automatically deleted 72 hours after creation via an automated background process. You can delete your data instantly at any time by clicking "Delete My Data" on your report page. Once deleted, data cannot be recovered.

Third-Party Services

Aggregated metrics (never raw content) are sent to OpenAI's API for analysis during report generation. OpenAI does not store API input data for training purposes per their API data usage policy. No other third parties receive your data.

Your Rights

  • β€’Right to access: View your report at any time before the 72-hour expiration.
  • β€’Right to deletion: Instantly delete all your data via the report page.
  • β€’Right to information: This policy describes exactly what data we collect and how we process it.
  • β€’Right to object: Simply don't connect your tools β€” no data is collected until you explicitly grant OAuth access.

Cookies & Local Storage

We do not use tracking cookies. We use localStorage only for session management (session ID) and language preference. No analytics or advertising trackers are present.

Changes to This Policy

We will update this page if our data practices change. Last updated: April 2026.

Questions?

Contact us at privacy@opschaos.com for any privacy-related questions or data requests.

Privacy PolicyΒ·SecurityΒ·Terms of Service