This Privacy Policy explains how Sacred Garden ("we," "us," or "our") handles information when you use our custom Model Context Protocol (MCP) server (the "Service"). The Service connects an AI assistant operated by you to your own Google account(s) so that it can act on your behalf with content you explicitly authorize. We are committed to protecting your privacy and being transparent about how your data is accessed and used.

1. Who we are

The Service is provided by Sacred Garden. For any questions, requests, or concerns about this policy or your data, contact us at [email protected].

2. Scope of this policy

This policy applies to the custom MCP server hosted under the sacredgarden.life domain and the Google account data it is authorized to access. It does not cover third-party services you may separately connect to, including Google's own services, which are governed by their respective privacy policies.

3. Information we access

With your explicit authorization through Google's OAuth consent screen, the Service may access the following categories of Google user data:

Google Drive

• Files, folders, and their metadata (names, IDs, types, modification dates) in the Google Drive accounts you connect, including My Drive and Shared Drives where applicable.
• The contents of files you ask the Service to read, search, create, edit, move, or copy.

Gmail

• Email messages, threads, labels, drafts, and filters in the Gmail accounts you connect.
• Message contents, headers, and metadata needed to read, search, draft, send, label, or organize mail as you direct.

Account and authentication data

• OAuth access and refresh tokens issued by Google, used solely to maintain your authorized connection.
• Basic account identifiers (such as the email address of the connected account) used to route requests to the correct account.

4. How we use information

We access and process your Google data exclusively to provide the features you request. Specifically, to:

• Carry out the specific actions you instruct the AI assistant to perform (for example, finding a document, summarizing an email thread, drafting a reply, or organizing files).
• Maintain an authenticated connection to your Google account(s) so requests can be fulfilled.
• Diagnose and fix errors when an operation fails.

We do not use your data for any purpose unrelated to fulfilling your direct requests.

5. Google API Limited Use disclosure

In particular:

• We only access and use Google user data to provide or improve user-facing features that are prominent in the Service's functionality.
• We do not transfer or sell Google user data to third parties, including for advertising, market research, or data brokering purposes.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google user data unless: (a) you have given affirmative consent for specific messages or files; (b) it is necessary for security purposes (such as investigating abuse); (c) it is required to comply with applicable law; or (d) the data has been aggregated and anonymized for internal operations.
• We do not use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models.

6. AI processing

To fulfill your requests, the contents of files or emails you ask about may be sent to the AI assistant/model provider you have configured for real-time processing. This data is transmitted solely to generate the response or perform the action you requested. We do not control, and are not responsible for, the data practices of any third-party AI model provider you choose to use; please review that provider's privacy policy. We do not use this data to train any models ourselves.

7. Data storage and retention

• The Service is designed to access your Google data on demand and process it in real time. We do not maintain a persistent copy of your Drive files or Gmail messages beyond what is needed to complete a request in progress.
• OAuth tokens are stored only as long as necessary to keep your connection active and are deleted when you revoke access or disconnect the Service.
• Any transient data held in memory during processing is discarded once the request is complete.

8. Data sharing

We do not sell, rent, or trade your data. We do not share your Google user data with third parties except:

• With the AI model provider you have configured, strictly to process your requests (see Section 6).
• When required by law, legal process, or a valid government request.
• To protect the rights, property, or safety of users or the public, or to investigate fraud or abuse.

9. Security

We take reasonable administrative and technical measures to protect your data, including encrypted transport (HTTPS/TLS) for data in transit and secure handling of OAuth credentials. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Your choices and rights

• Revoke access at any time. You can disconnect the Service and revoke its access to your Google account through your Google Account security settings at myaccount.google.com/permissions.
• Access, correction, and deletion. Because your data lives in your own Google account, you control it directly through Google. You may also contact us to request deletion of any tokens or data we hold.
• Depending on your location, you may have additional rights under laws such as the GDPR or CCPA. Contact us to exercise them.

11. Children's privacy

The Service is not directed to children under 13 (or the applicable age of digital consent in your jurisdiction), and we do not knowingly collect data from them.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact us

If you have questions or requests regarding this Privacy Policy or your data, contact:

Sacred Garden
Email: [email protected]