Privacy Policy
Last Updated: June 27, 2025
Arkeo AI Ltd. (“Arkeo AI”, “we”, “our”, or “us”) provides Lynda AI—an AI-powered Executive Assistant that integrates with Gmail, Google Calendar, and other services to help automate and manage email and scheduling workflows. This Privacy Policy explains how we collect, use, and protect your personal data when you use Lynda AI via https://app.lyndaai.com.
1. Who We Are
Arkeo AI Ltd. provides Lynda AI to help CEOs and entrepreneurs manage their administrative tasks more efficiently.
Contact:
Arkeo AI Inc.
806-1661 Davie Street
Vancouver, BC, V6G 0E1, Canada
Email (Support): support@arkeoai.com
Data Protection Officer: david@arkeoai.com
2. What Data We Collect
Category Typical Fields Source
Account Name, email, password-hash, billing details You
OAuth (Google) Gmail messages, labels, calendar events, inbox settings Google APIs
Usage IP address, device/browser, feature events, logs Automatically
AI-Derived Triage rules, embeddings, calendar preference model Generated
Support/Marketing Tickets, surveys, call recordings You
3. Why We Use Your Data
We only use your personal data when we have a valid legal reason to do so. Below is a breakdown of the purposes for which we use your data and the legal basis for each use, in accordance with Article 6 of the GDPR:
Purpose Legal Basis
Deliver & improve Lynda AI features (e.g., triage, drafting, scheduling) Contract
Draft, send, delete, or label emails—but only when you request it Contract
Create, update, or delete calendar events and time blocks Contract
Analyze aggregated usage data to improve reliability and performance Legitimate interest
Send product updates, feature announcements, and offers Consent (you may opt out anytime)
Process billing, taxes, and prevent fraud Legal obligation
Respond to legal claims or comply with regulatory requirements Legitimate interest / Legal obligation
4. Google restricted-scope disclosure
Lynda AI uses the following Gmail & Google Calendar restricted scopes, exactly as defined in the Google API Services User-Data Policy (Limited-Use) :
Scope Why we need it
gmail.readonly ingest messages for triage & search
gmail.modify mark read/unread, move to folders
gmail.labels (create/update/ delete) auto-apply or tidy labels you configure
gmail.send send replies you explicitly approve
gmail.settings.basic read inbox categories to build rules
gmail.settings.sharing (future) manage delegation only if enabled by you
gmail.compose compose drafts you preview in chat
gmail.delete move or delete messages when you choose “Archive” / “Delete”
calendar.readonly read events to avoid double-booking
calendar.events (create / edit / delete) schedule or reschedule meetings you approve
calendar.settings.readonly respect working-hours & time-zone
calendar.settings.write (optional) let you turn on “working hours / location” automation
calendar / calendar.events.privacy set event visibility based on your rules
We do not:
Use Gmail or Calendar data for advertising
Share it with third parties other than sub-processors under data processing agreements (DPAs)
Allow human review of your data, except when you explicitly request support
All access is programmatic, least-privilege, and scoped to your individual workspace. If you disconnect your Google account, all associated Gmail and Calendar content is automatically deleted from our systems within 30 days.
5. Sharing & Sub-Processors
We only share your data with trusted service providers (sub-processors) who help us deliver the Lynda AI experience. All sub-processors operate under strict data protection agreements and security standards.
These partners include infrastructure, billing, and AI model providers such as Google Cloud, OpenAI, and Stripe.
We may also disclose data if required by law, regulation, legal process, or government request. Otherwise, we do not share your data with third parties for advertising or unrelated purposes.
6. International Data Transfers
Lynda AI is a global service. Depending on where you’re located, your data may be processed in Canada, the United States, or other regions where our infrastructure or partners operate.
We use secure cloud infrastructure and strong encryption practices to protect your personal data, regardless of where it is stored or processed. All third-party providers are contractually obligated to handle your data securely and in accordance with applicable privacy laws.
7. Retention
We retain personal data only for as long as necessary to deliver Lynda AI services, comply with legal requirements, and maintain reliability. Below are our standard retention periods:
Email & calendar content: Deleted 30 days after you disconnect your Google account or delete the content manually.
AI embeddings derived from that content: Deleted within 24 hours of source data removal.
Logs: Retained for 180 days to help diagnose issues and improve reliability.
Account and billing records: Retained for 7 years to meet tax and legal obligations.
You can request early deletion at any time through in-app settings or by contacting us at support@arkeoai.com.
8. Security
We take data security seriously and use enterprise-grade safeguards to protect your personal information. Our infrastructure and internal policies are designed to ensure your data remains secure, confidential, and protected from unauthorized access.
Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256.
Infrastructure: We rely on trusted cloud providers with built-in security controls and continuous monitoring.
Access Control: We use strict role-based permissions and row-level security to isolate user data.
Credential Management: Sensitive credentials are stored securely using Google Secret Manager.
Threat Detection: We conduct annual penetration testing and continuously monitor for known vulnerabilities (CVEs).
We are committed to maintaining a secure environment as our service scales. If you have any security concerns, please contact us at support@arkeoai.com.
9. Your Rights
We believe in transparency and giving you meaningful control over your personal data. Depending on your location and applicable privacy laws, you may have rights that include:
Accessing the personal information we hold about you
Requesting correction of inaccurate or outdated data
Requesting deletion of your personal data
Objecting to or restricting certain types of data processing
Receiving a copy of your data in a portable format
To exercise any of these rights, email us at support@arkeoai.com. We typically respond within 30 days.
To protect your privacy, we may request verification of your identity before processing certain requests.
10. Cookies & Tracking
We use cookies and similar technologies to help our site function effectively and improve your experience. These may include:
Essential cookies: Required for core site functionality (e.g., login sessions)
Analytics cookies: Used with tools like Google Analytics 4 (GA4) to understand usage and improve performance
Marketing pixels: May be used to measure engagement with campaigns (only with your consent)
You can manage your cookie preferences through our cookie banner or via your browser settings.
11. Children
Lynda AI is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that data has been collected from a user under 16, we will delete it promptly.
12. Changes to This Policy
We will notify users 14 days in advance of any material changes via email. Minor updates will appear here with a new date.
13. Contact
Arkeo AI Inc.
806-1661 Davie Street
Vancouver, BC, V6G 0E1, Canada
Email (Support): support@arkeoai.com
Data Protection Officer: david@arkeoai.com