Privacy Policy

1. Introduction

This Privacy Policy explains how Durable, Inc. ("Durable," "we," "us," or "our") collects, uses, and discloses information about you when you use our platform and services ("Service"). By using the Service, you consent to the collection, use, and disclosure of information as described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your email address and password.

2.2 App Specifications

When you build an app using our Service, we collect the requirements and specifications you provide into a specification document ("Blueprint"), which may include information about your business, workflows, processes, and other details necessary to create your app.

2.3 Usage Information

We collect information about how you interact with our Service, including log data, device information, and usage patterns.

2.4 Third-Party Integration Data

When you connect third-party services to your apps, we process the data necessary to enable those integrations. This may include API credentials and authorization tokens.

2.5 Google User Data

When you connect Google services to your applications through our platform, we may access and process the following categories of Google user data on your behalf:

• Google Workspace data (including but not limited to Gmail messages, Google Drive files, Google Calendar events, Google Sheets data, Google Docs content)
• User profile information (name, email address)
• Authentication credentials and tokens
• Any other Google service data that you specifically authorize through OAuth consent screens

The specific Google user data accessed depends on the integrations you configure and the permissions you grant through Google's OAuth authorization process.

3. How We Use Your Information

3.1 Providing and Improving the Service

We use your information to operate, maintain, and improve the Service, including creating and deploying your apps, facilitating integrations, and monitoring app performance.

3.2 Communications

We may use your email address to send you Service-related announcements, updates, and customer support messages.

3.3 Analytics

We use information about how you use the Service to analyze and improve our offerings, troubleshoot issues, and enhance user experience.

3.4 Google User Data Usage

We use Google user data exclusively to provide the functionality you have requested through your applications built on our platform. Specifically, we use Google user data to:

• Execute the workflows and automations you have configured in your applications
• Facilitate data synchronization between Google services and other integrated platforms
• Enable you to review and approve automated actions involving Google data through our supervision features

We do not use Google user data for any of the following prohibited purposes:

• Targeted advertising or personalized advertisements
• Training AI models or machine learning algorithms
• Selling to data brokers or information resellers
• Determining credit-worthiness or lending purposes
• Creating databases for purposes other than providing your requested functionality
• Any purpose unrelated to providing or improving your application's functionality

4. Data Processing in Apps

4.1 App Data Flow

Apps generated and run by Durable are isolated in their own execution environment. Data that flows through apps, either by being read from or written to external APIs, is not permanently stored in our system except as described below.

4.2 Monitoring and Supervision

We temporarily process data for:

• Live monitoring through log messages to help you understand app actions.
• Supervision of apps to allow you to review and approve or deny actions.

This data is processed ephemerally and retained only for the duration necessary to provide these functions. Both live monitoring and supervision are gated behind user logins.

5. Sharing Your Information

5.1 Third-Party Service Providers

We may share your information with third-party service providers who help us operate the Service, such as cloud hosting providers and analytics services. These providers are contractually obligated to protect your information and use it only for the purposes of providing services to us.

5.2 Google User Data Sharing

We do not sell, rent, or otherwise transfer Google user data to third parties. Google user data may only be shared in the following limited circumstances:

• With third-party services that you have explicitly authorized through your application configurations (e.g., when your app synchronizes data between Google services and other platforms you've connected)
• With cloud infrastructure providers that help us operate the Service, who are contractually bound to protect your data and use it only to provide hosting and operational services
• When required by law or to protect our rights, safety, or property

We do not transfer Google user data to third parties for advertising, marketing, or any other commercial purposes unrelated to your application's functionality.

5.3 Business Transfers

If Durable is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction.

5.4 Legal Requirements

We may disclose your information if required to do so by law or if we believe that such action is necessary to comply with legal obligations or protect our rights, safety, or property.

6. Data Security

We implement reasonable security measures to protect your information from unauthorized access, alteration, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

6.1 Your Identity

We use industry-standard recommended password hashing and salting approaches to ensure that your identity is secure.

6.2 Integrations with 3rd Party Services

Only you can access and modify your external integration credentials. These external credentials are end-to-end encrypted from the time you first authenticate them until the time they are used in an app. We never store unencrypted credentials.

6.3 Google User Data Protection

We implement specific security measures to protect Google user data, including:

• End-to-end encryption of all Google authentication tokens and credentials
• Secure transmission of all data between your applications and Google services using industry-standard encryption protocols (TLS/SSL)
• Access controls that ensure only authorized users can access their own Google data
• Regular security audits and monitoring of our systems handling Google user data
• Isolation of Google user data processing in secure execution environments

6.4 Runtime App Data

Any communication between your application and Durable's systems is encrypted. This communication is limited to app controls (starting and stopping it), generic diagnostic health checks. All other messages are end-to-end encrypted to ensure privacy of your data and credentials.

7. Data Retention

We retain your account information for as long as your account is active or as needed to provide you the Service. We may retain certain information as required by law or for legitimate business purposes.

7.1 Google User Data Retention and Deletion

Google user data is handled with the following retention and deletion practices:

• Transient Processing: Google user data is processed transiently and not stored permanently. Data flows through your applications in real-time without persistent storage.
• Temporary Logs: For monitoring and supervision purposes, we may temporarily retain log data containing Google user information for up to 30 days, after which it is automatically deleted.
• Authentication Tokens: Google OAuth tokens are retained only as long as necessary to maintain your authorized integrations. These tokens are automatically refreshed as needed and expired tokens are immediately deleted.
• User-Requested Deletion: You may request deletion of your Google user data at any time by:
  • Revoking Google OAuth permissions through your Google Account settings
  • Disconnecting Google integrations from your Durable applications
  • Contacting us directly to request data deletion
• Account Deletion: When you delete your Durable account, all associated Google user data and integration credentials are permanently deleted within 30 days.
• Legal Requirements: We will retain Google user data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

8. Your Rights and Choices

8.1 Account Information

You can access and update your account information by logging into your account settings.

8.2 Marketing Communications

You may opt out of receiving marketing communications from us by following the unsubscribe instructions included in these communications.

8.3 Google User Data Rights

Regarding your Google user data, you have the right to:

• Access and review what Google data your applications access
• Revoke authorization for Google integrations at any time through your Google Account settings or through your Durable account
• Request deletion of your Google user data from our systems
• Export your Google user data (where technically feasible)

8.4 Data Subject Rights

Depending on your location, you may have certain rights regarding your personal information, such as the right to access, correct, or delete your data. To exercise these rights, please contact us using the information provided at the end of this policy.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

10. International Data Transfers

Durable is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our servers are located.

11. AI and Machine Learning

We want to be transparent about our use of AI and machine learning technologies:

• No Training on Google User Data: We do not use Google user data to develop, improve, or train generalized AI and/or ML models
• Application Generation: We use AI to help generate applications based on your specifications, but this process uses only the requirements and specifications you provide, not any Google user data
• Data Processing: Any AI-assisted processing of data within your applications operates only on data you have explicitly authorized and is used solely to provide the functionality you have requested

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.