Legal

Privacy Policy

Last updated: March 1, 2026

GRIND ("we", "our", "us") is a local-first personal operating system. This policy describes what data we access, why, how it is stored, and your rights over it. It applies specifically to data accessed through third-party integrations, including Google OAuth.

GRIND is self-hosted software. Unless you explicitly configure a cloud deployment, all data lives on your own machine. You are the data controller.

1. Data We Access

Google Account — Always Requested on Connect

  • openid Verifies your identity with Google. No personal data is returned beyond a stable user ID.
  • profile Your display name and profile photo URL, used to personalise the GRIND interface.
  • email Your Google email address, used as your GRIND account identifier.

Google Calendar — Always Requested on Connect

  • calendar Read and write access to your Google Calendars. GRIND reads calendar events to surface them as quests and reminders. It creates and updates events when you schedule quests or Forge automations that target your calendar.

Gmail — Optional, User-Enabled Only

Gmail access is not requested during initial Google sign-in. It is only requested if you explicitly enable the Gmail integration from the Integrations settings page.

  • gmail.readonly Read-only access to your Gmail messages. Used to surface relevant emails as context for your AI companion and Forge automations. GRIND does not store full email bodies; it indexes metadata and extracts structured data you configure.
  • gmail.send Ability to send email on your behalf. Used exclusively when you trigger a send-email action via the AI companion or a Forge rule that you have explicitly created and activated.

2. How We Use Your Data

  • Quests and XP. Calendar events are converted into quests. Completing quests awards XP and updates your skill tree. No data leaves your device for this purpose.
  • AI Companion. When you send a message to your AI companion, GRIND may include structured summaries of your calendar or email data as context. Only data you have explicitly made available, and only within the context window of the request you initiate.
  • Forge Automations. Forge rules you create may read calendar or Gmail data as triggers. The actions taken are exactly those you define — GRIND does not create automations without your explicit configuration.
  • Analytics. Aggregated quest and XP data is used to power your personal analytics dashboard. This data never leaves your instance.

GRIND does not use your Google data to train machine learning models, for advertising, or for any purpose other than providing the features described above. Use of data obtained through Google APIs conforms to the Google API Services User Data Policy, including the Limited Use requirements.

3. Data Sharing

We do not sell, rent, or share your Google user data with any third parties for marketing, advertising, or analytics purposes.

The only case where your data is transmitted to a third party is when you use the AI companion: GRIND sends the conversation context (which may include structured summaries of calendar or email data you have enabled) to the AI inference provider configured in your instance — by default this is Anthropic or OpenAI. These providers process requests on your behalf and are governed by their own privacy policies. GRIND does not send raw email content or full calendar data to AI providers.

GRIND is self-hosted software. If you deploy it to a cloud provider (e.g. Cloudflare, a VPS), your data is subject to that provider's infrastructure policies. We do not operate a shared GRIND cloud.

4. Data Storage and Security

  • Local SQLite. All GRIND data — including OAuth tokens, calendar syncs, and quest history — is stored in a local SQLite database on the machine where GRIND runs. You control this file entirely.
  • Token encryption. OAuth access tokens and refresh tokens are stored encrypted at rest.
  • Transport security. All communication between GRIND and Google APIs uses HTTPS/TLS. The GRIND web interface enforces HTTPS when deployed.
  • Minimum scope. GRIND requests only the OAuth scopes required for the features you enable. Gmail scopes are never requested unless you explicitly activate the Gmail integration.

5. Data Retention and Deletion

Your data is retained as long as you run GRIND. There is no automatic expiry.

Revoke Google access at any time via your Google Account permissions page at myaccount.google.com/permissions . Revoking access immediately invalidates GRIND's tokens; the app will stop syncing Google data and will prompt you to reconnect.

Delete your data from within GRIND via Settings → Account → Delete Account. This removes all locally stored quest history, XP, tokens, and Google data from the SQLite database.

Request deletion by email. If you need assistance or cannot access the app, email us at privacy@grindxp.app and we will respond within 30 days.

6. Contact

Questions about this policy? Email privacy@grindxp.app .