Privacy Policy

Last updated: April 30, 2026

This Privacy Policy describes how Newtonian Consulting LLC (“we,” “us,” or “our”) collects, uses, and shares information when you use the Chief.Staff service (the “Service”) at chief.mynewtons.com.

1. Summary

• Chief.Staff is an invite-only AI assistant. You connect your Google account (and optionally a Microsoft 365 work-data feed and other services) so the assistant can read your calendar, email, tasks, and files to provide a personalized daily brief, manage habits, and act on your behalf.
• All AI processing is performed by Anthropic’s Claude API under a zero-data-retention policy. We do not sell your data, do not use it for advertising, and do not use it to train AI models.
• We use cookies only as strictly necessary for OAuth flows. We do not use Google Analytics or any third-party analytics service. We do not have advertising or marketing partners and do not buy data from data brokers.
• You can ask the assistant to forget specific information at any time, or request full account deletion by emailing info@newtoniannuggets.com.

2. Information we collect

2.1 From you, directly

• Name, email address, and any account preferences you set
• Phone number (if you opt in to SMS notifications)
• Pushover user key (if you opt in to push notifications)
• Notification preferences and quiet hours
• Any text, memory entries, or settings you provide through chat or the account page

2.2 From third-party services you connect

When you grant the Service access via OAuth or configure a webhook, we read data from the following sources on your behalf:

• Google (Gmail, Google Calendar, Google Drive, Google Tasks) — via OAuth with your consent
• Microsoft 365 (Outlook email, calendar, Teams chats) — via a Power Automate webhook you configure in your work tenant
• Optional integrations: Spotify, TripIt, Atlassian (JIRA), Planning Center, Typefully, Dropbox — each enabled only if you connect it

2.3 Automatically

• Server logs (IP address, request timestamp, user agent, request path) collected by our hosting provider for security and debugging
• Tool call traces (which assistant features you use, in aggregate) used to improve the Service

2.4 Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide the Chief.Staff features you have requested.
• We do not transfer Google user data to third parties except as necessary to provide the Service, for security purposes, or to comply with law.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google user data unless we have your affirmative consent, it is necessary for security purposes (such as investigating abuse), to comply with law, or the data has been aggregated and anonymized.

3. How we use information

• To provide the Service: generate your daily brief, read and respond to messages, search your data, surface tasks and habits, send notifications you opt in to.
• To personalize the Service: long-term memory, habit tracking, and brief content tailored to your preferences.
• To improve the Service: aggregated analysis of tool usage and assistant performance. This analysis happens within our own systems and does not feed any third-party model training.
• To bill you: if you are on a paid plan, we use your email and Stripe customer ID to manage subscriptions.
• To comply with legal obligations and enforce our Terms of Service.

4. Who we share information with

We share information only with the service providers required to deliver Chief.Staff. We do not sell or rent your information, do not share it for advertising, and do not have “business partners” for promotional purposes.

4.1 Service providers (sub-processors)

• Anthropic — LLM that powers the assistant; operates under zero-data-retention for our API traffic; does not use prompts or completions to train models
• Vercel — serverless hosting and compute
• Upstash — Redis storage (primary database)
• Tavily — web search backend (only the search query is sent, never your private data)
• Twilio — SMS delivery (if you opt in)
• Pushover — push notification delivery (if you opt in)
• Stripe — payment processing (if you are on a paid plan); we never see card numbers
• Google — OAuth provider and source of Gmail / Calendar / Drive / Tasks data you grant access to
• Microsoft — source of Outlook / Teams data you choose to push via Power Automate
• Typefully — social-media drafting (only if you connect it)

4.2 Other circumstances

• Legal compliance — we may disclose information if required by law, subpoena, or court order, or to protect our rights, property, or safety, or that of our users or others.
• Business transfers — if we are involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction. We will notify users in advance.

5. AI processing

Chief.Staff uses large language models (LLMs) provided by Anthropic to read your data and generate responses, summaries, and suggestions.

• When you interact with the assistant, relevant portions of your emails, calendar events, tasks, memory entries, and other connected data are sent to Anthropic’s Claude API to generate a response.
• Anthropic operates under a zero-data-retention policy for our API traffic. Your data is not used to train AI models and is not retained by Anthropic beyond the request lifecycle.
• The assistant occasionally issues web searches via Tavily; only the search query is sent, never your private data.
• We use AI to derive patterns about your behavior (memory consolidation, brief personalization). We do not make legally significant automated decisions about you.
• You can request human review of any AI-generated content by emailing the operator.
• Outputs are AI-generated and may be inaccurate. Please verify before acting on them.

6. How long we keep information

• Memory entries — persistent until you delete them or close your account
• OAuth refresh tokens — persistent until you revoke access or close your account
• Daily briefs, news scans, end-of-day reviews — 7 days
• Tool call traces — 7 days, used to improve the Service
• SMS log — 30 days
• Cost / usage metrics — 90 days at daily granularity, 365 days at monthly rollup
• Backups — 7-day rolling pre-consolidation snapshots
• Account deletion — within 30 days of your request, all data keyed to your account is purged. You must separately revoke any OAuth grants in the third-party provider’s account settings.

7. Security

• In transit: all connections use TLS.
• At rest: sensitive fields (third-party API tokens, Pushover keys, JIRA tokens) are encrypted with AES-256-GCM. Other persisted data is stored in Upstash Redis with at-rest encryption provided by Upstash.
• Access: only the operator has access to production data. There is no third-party employee access.
• Payment cards: we do not store card numbers; Stripe handles them directly.

No system is 100% secure. Despite our safeguards, we cannot guarantee that an unauthorized third party will never defeat them.

8. Your rights

Depending on where you live, you may have rights under applicable privacy law. These include the rights to know, access, correct, delete, and obtain a copy of your personal information, the right to opt out of sale or sharing for cross-context behavioral advertising (which we do not do), and the right to non-discrimination for exercising these rights. We do not engage in profiling for legally significant decisions.

To exercise any of these rights, email info@newtoniannuggets.com. You may also ask the assistant in chat to delete specific memory entries (e.g., “forget that Mike works at Acme”).

For US state-specific rights (CCPA / CPRA, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia), contact us at the same email and identify the law you’re invoking. We will respond within the statutory window. If we deny your request, you may appeal by replying to our response.

California “Shine the Light”: we do not disclose personal information to third parties for their direct marketing purposes.

9. Categories of personal information (US state law disclosure)

In the past 12 months, we have collected the following categories from US-resident users:

• Identifiers (name, email, IP address, account name) — collected
• Personal information under California Customer Records statute (name, contact info) — collected
• Internet/network activity (server logs, tool usage) — collected
• Inferences (preferences and behavioral patterns derived for personalization) — collected
• Commercial information — not collected (will become applicable when paid plans launch)
• Protected classification characteristics (race, gender, etc.) — not collected
• Biometric, geolocation, audio/sensory, professional, education data — not collected
• Sensitive personal information — not processed as sensitive personal information under applicable law

We retain each category for as long as you have an account, subject to the schedule in section 6. We do not sell or share personal information.

10. Children’s privacy

The Service is not directed at children under 18. We do not knowingly collect data from anyone under 18. By using the Service you represent that you are at least 18. If you learn that a minor has provided us information, please contact info@newtoniannuggets.com and we will delete it.

11. Cookies and tracking

The website does not use cookies for tracking, analytics, or advertising. We do not use Google Analytics, web beacons, pixels, or any third-party analytics service. The MCP server uses OAuth Bearer tokens, not cookies. The only cookies present are strictly-necessary session cookies issued during OAuth flows.

12. Do Not Track

No uniform standard exists for honoring Do Not Track browser signals. We do not currently respond to them.

13. International users

All processors are based in the United States (Microsoft is US/Ireland depending on tenant). If you access the Service from outside the US, you consent to processing of your information in the US.

14. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a new “Last updated” date at the top. For material changes we will post a notice on the Service or notify you by email.

15. Contact

For questions or to exercise any privacy right, contact:

Newtonian Consulting LLC
102 Weston Pl, Asheville, NC 28803, United States
Email: info@newtoniannuggets.com