JOINT

Privacy Policy

Effective Date: April 10, 2026 · Last Updated: April 10, 2026

1. Introduction

Joint, Inc. ("Joint," "we," "us," or "our") operates a team collaboration platform that includes messaging, task management, and an AI-powered assistant. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, including integrations with third-party services such as Google Calendar.

2. Information We Collect

2.1 Account Information

When you create a Joint account or join a workspace, we collect:

  • Name and email address
  • Workspace membership information
  • Authentication credentials

2.2 Usage Data

We collect information about how you interact with our services, including:

  • Messages and content you send within Joint
  • AI Chat conversation history
  • Feature usage and interaction patterns

2.3 Third-Party Integration Data

When you connect third-party services (such as Google Calendar), we may access:

  • Calendar event data (titles, dates, times, locations, attendees)
  • OAuth tokens required to maintain the connection

3. Google Calendar Data — Use and Handling

If you choose to connect your Google Calendar to Joint, our AI assistant accesses your calendar data to provide schedule-related features. This section describes exactly how we handle your Google Calendar data.

Joint's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What We Access

Scope Data Accessed Purpose
calendar.readonly Calendar events (title, date, time, location) Answer schedule questions via AI Chat
calendar.events Calendar events (create, update, delete) Manage events on user's behalf via AI Chat

3.2 How We Use Google Calendar Data

  • Reading events: When you ask the AI assistant a schedule-related question, we retrieve your calendar events to generate an accurate response.
  • Managing events: When you ask the AI assistant to create, update, or delete an event, the action is performed only after you explicitly approve via a confirmation prompt.

3.3 What We Do NOT Do

  • We do not use Google Calendar data for advertising or marketing purposes.
  • We do not sell, rent, or share Google Calendar data with third parties.
  • We do not allow humans to read your Google Calendar data, except where necessary for security purposes, required by law, or with your explicit consent.
  • We do not use Google Calendar data to build user profiles for purposes unrelated to the functionality of Joint.

3.4 Data Storage, Retention, and Deletion

  • OAuth tokens are encrypted using industry-standard encryption at rest and are never exposed to client-side code.
  • Calendar event data retrieved for AI responses is processed in real-time and is not permanently stored beyond the conversation context.
  • When you disconnect Google Calendar from Settings > Integrations, all stored OAuth tokens are immediately and permanently deleted, and access to your Google Calendar is revoked.
  • When you delete your Joint account, all associated integration data — including Google Calendar OAuth tokens — is permanently deleted.
  • You may also revoke Joint's access directly from your Google Account permissions page.

3.5 User Control

  • Connecting Google Calendar is entirely optional and requires explicit opt-in via Settings > Integrations.
  • You can disconnect Google Calendar at any time from the same settings page.
  • Disconnecting immediately revokes our access and deletes stored credentials.
  • The connection is per-user. Workspace administrators cannot connect or disconnect Google Calendar on behalf of other members.

4. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest (industry-standard encryption for OAuth tokens)
  • Access controls limiting data access to authorized systems and personnel
  • Regular security reviews and monitoring

5. Data Sharing

We do not sell your personal data. We may share data only in the following circumstances:

  • Service providers: With trusted partners who assist in operating our services, subject to confidentiality obligations
  • Legal requirements: When required by law, regulation, or legal process
  • Safety: To protect the rights, property, or safety of Joint, our users, or the public

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect third-party integrations at any time
  • Export your data

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date above.

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Joint, Inc.

Email: privacy@joint.now

9. Subprocessors

For a full list of third-party vendors and AI service providers that process data on our behalf, please see our Subprocessors page.