Helios Vision

BUILDING YOUR DREAMS TECH, LLC

Privacy Policy

Effective date: March 1, 2026

This Privacy Policy explains how Building Your Dreams Tech, LLC ("we", "us", or "our") collects, uses, discloses, and protects information when you use our Helios Vision AI platform, websites, and related services (the "Services"). By using the Services, you agree to the terms of this Policy.

1. Information We Collect

  • Account data: name, email address, company details, phone number, and role.
  • Authentication and security data: credentials, OAuth tokens (encrypted at rest), and audit logs.
  • Usage data: application interactions, configuration choices, device and browser metadata, and diagnostics.
  • Content you provide: prompts, messages, uploaded documents, and AI agent configurations.
  • Integration data: when you connect third-party services (see Section 3 below), we access only the minimum data needed to perform the requested actions.

2. How We Use Information

  • Provide, operate, maintain, and improve the Services and AI agents.
  • Secure the platform, detect fraud or abuse, and maintain audit trails.
  • Personalize experiences, recommend configurations, and support users.
  • Send transactional communications (updates, security notices, service messages).
  • Comply with legal obligations and enforce our Terms of Service.

Note: Data obtained from Google APIs is used exclusively to provide and improve the user-facing features described in Section 3 below. Google user data is not used for any other purpose listed in this section.

3. Google API Services — Limited Use Disclosure

Our platform integrates with Google API Services to provide AI-powered automation features. We request only the permissions strictly necessary for each integration:

Google Sign-In (Authentication)

We use Google OAuth for user authentication. We access your basic profile information (name and email address) solely to create and authenticate your account. No additional Google data is accessed through sign-in.

Gmail Sending (gmail.send, gmail.labels)

When a business connects their Gmail account for sending, their AI agents can send emails on behalf of the business. This includes sending appointment confirmations, customer follow-ups, and internal staff notifications about customer interactions. Thegmail.send scope is used exclusively for sending emails that are explicitly initiated by the user or by automated workflows configured by the user within the platform. Thegmail.labels scope is used only to apply or manage labels for messages generated and sent by the platform.

Gmail Inbox (gmail.readonly)

When a business optionally connects their Gmail inbox, the platform can read incoming emails so that AI agents can classify, summarize, and draft responses to customer messages. The gmail.readonly scope provides read-only access — the platform cannot modify, delete, or send emails through this connection. Inbox data is processed transiently by AI services to generate responses and is not stored beyond the immediate request. This integration is separate from the Gmail sending integration and must be explicitly enabled by the account administrator.

Google Calendar Integration (calendar.events)

When a business connects their Google Calendar, their AI agents can check availability and create, update, or cancel calendar events on behalf of the business. This enables automated appointment scheduling when customers interact through WhatsApp, web chat, email, or voice channels.

AI Processing of Google Data

When you connect Gmail or Google Calendar, your AI agents process the minimum data needed to execute user-initiated actions (e.g., composing an email or scheduling an event). This processing is transient and inference-only: data is sent to the AI provider in real time to fulfill the request, and is not stored, cached, or retained by the AI provider after the response is generated.

We use the following AI services as data sub-processors, strictly under our instructions:

  • OpenAI API — powers conversational AI agents that execute actions such as sending emails or managing calendar events. OpenAI's API data usage policy states that data submitted via the API is not used to train or improve their models.
  • Google Gemini API — powers our knowledge retrieval (RAG) functionality for document-based queries.

No Google user data is used to train, fine-tune, or improve any AI or machine learning model — whether our own, OpenAI's, Google's, or any third party's. Google Workspace data is not used to develop, improve, or train generalized artificial intelligence or machine learning models.

Bring Your Own Key (BYOK) Architecture

Our platform operates on a BYOK model: each business provides and manages their own AI provider API keys. These keys are encrypted at rest and are never shared across tenants. This architecture ensures that each business maintains direct control over their AI provider relationship and data processing.

Google API Services User Data Policy Compliance

Our use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide the user-facing features described above (sending emails, reading inbox messages, managing calendar events, and authenticating accounts). Google user data is not used for any other purpose.
  • Google user data is processed transiently for inference only — it is not stored or retained beyond the immediate request.
  • We do not use Google user data to train, fine-tune, or improve any generalized AI/ML models.
  • We do not sell Google user data to third parties.
  • We do not use Google user data for advertising or to serve ads.
  • We do not allow humans to read Google user data unless required for security purposes, to comply with applicable law, or with the user's explicit consent.

4. OAuth Token Storage and Security

When you connect a third-party service (Google, Microsoft, etc.), the OAuth access and refresh tokens are encrypted at rest before being stored in our database. Tokens are automatically refreshed before expiration and can be revoked by the user at any time from the Integrations settings page. Upon disconnection, tokens are permanently deleted from our systems.

5. Legal Bases for Processing (EEA/UK)

We process personal data based on: performance of a contract (providing the Services), legitimate interests (platform security, fraud prevention), legal obligations, and consent where required (e.g., optional marketing communications or certain cookies).

6. Sharing and Disclosure

  • Service providers and sub-processors: cloud hosting (Vercel, Supabase), AI inference providers (OpenAI, Google Gemini), communications infrastructure (Twilio), and payment processors (Stripe), each bound by confidentiality obligations and used solely to operate the Services. AI providers process data transiently for inference and do not retain or use it for model training.
  • Integrations you enable: we share only the minimum data needed to perform the requested action (e.g., event details to Google Calendar, email content to Gmail for sending).
  • Legal and safety: to comply with law, protect rights, or respond to lawful requests.
  • Business transfers: in mergers, acquisitions, or asset sales, subject to this Policy.

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.

7. International Transfers

We may process data in the United States and other locations where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

8. Data Retention

We retain information as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account or disconnect an integration, associated data (including OAuth tokens) is permanently removed within 30 days.

9. Security

  • OAuth tokens encrypted at rest using industry-standard encryption.
  • All data transmitted over HTTPS/TLS.
  • SQL queries are read-only (SELECT only), validated by a parser before execution.
  • Input validation and output filtering to prevent prompt injection and data leakage.
  • Per-tenant rate limiting to prevent abuse.
  • Role-based access controls within the platform.

No system is fully secure. We encourage users to use strong passwords, enable multi-factor authentication where available, and protect their credentials.

10. Your Rights and Choices

  • Access and update your account data from your profile settings.
  • Disconnect integrations at any time from the Integrations page — this immediately revokes access and deletes stored tokens.
  • Delete your account by contacting us at the email below. We will remove your data within 30 days.
  • Revoke Google access at any time from your Google Account permissions page.
  • Opt out of non-essential marketing communications.
  • EEA/UK residents: you may exercise rights to object, restrict processing, data portability, or lodge a complaint with a data protection authority.

11. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, preferences, and analytics. See our Cookie Policy for details and management options.

12. Third-Party Links

Our Services may contain links to third-party sites. We are not responsible for their privacy practices; review their policies before providing personal information.

13. Children

The Services are not directed to children under 13 (or under the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new effective date. Material changes will be communicated via email or in-app notice.

15. Contact Us

Building Your Dreams Tech, LLC

1111B S Governors Ave STE 23576, Dover, DE 19904, USA

Email: admin@buildingyourdreamstech.com

Phone: (302) 415-3063

← Back to Home