At Lobby, data privacy and security are not features. They're foundations. We only access the information required to deliver the features you've enabled, such as your emails, calendar events, or connected tools, and never more.

Scope of Access

Lobby reads only the data needed to perform actions you've approved: sorting, labeling, drafting replies, scheduling, and updating connected tools. If an email contains personal or sensitive information, it may be processed for labeling or drafting, but it is always handled securely and privately.

We do not access data beyond what is necessary for the features you've enabled.

Security Practices

OAuth 2.0 Authorization. Lobby connects to your email and calendar using standard Google APIs with OAuth 2.0. Credentials are never stored, and data is fully isolated.

Encryption. All information is encrypted in transit and at rest with enterprise-grade protocols.

Infrastructure. Hosted on Google Cloud, benefiting from automatic encryption, built-in threat detection, and compliance with leading security standards.

Access control. Only authorized systems can access your data. Every access is monitored and logged.

Data Policy

No data sharing. Your data is never shared with third parties.

No model training. Lobby's AI does not train on your emails or any personal data.

Data Processing Addendum. A DPA is available in our standard customer agreements for full transparency.

Data Retention

Lobby retains your data only for as long as your account is active and as needed to provide the service. When you delete your account, all associated data is permanently removed from our systems within 30 days.

Processed email summaries, draft suggestions, and learned patterns are tied to your account and are not retained independently.

Your Rights

You have the right to access, correct, or delete your personal data at any time. You can disconnect any integrated service from your Lobby account, and we will stop accessing data from that service immediately.

If you're located in the EU, UK, or California, additional rights may apply under GDPR or CCPA. We honor all applicable data protection regulations.

Cookies & Analytics

Lobby uses minimal, essential cookies to maintain your session and preferences. We use privacy-respecting analytics to understand how the product is used. We do not use tracking pixels, retargeting, or sell any data to advertisers.

Third Party Services

Lobby integrates with services like Gmail, Google Calendar, HubSpot, Notion, Linear, and Slack. When you connect these services, Lobby accesses data through their official APIs under your authorization. We do not store credentials for any third-party service.

Each integration can be disconnected at any time from your Lobby settings.

Changes to This Policy

We may update this policy from time to time. When we do, we'll update the date at the top of the page and notify active users by email if the changes are material.

Questions?

If you have any questions about this privacy policy or how we handle your data, reach out to us at [email protected].

Lobby OS, Inc., San Francisco, CA.