Last updated: March 28, 2026
This privacy policy describes how the Democrify application ("Winston"), a personal AI assistant, accesses, uses, and protects data from Google services. Winston is a private, single-user application built for personal productivity — it is not available to the general public.
Winston connects to Google APIs to provide personal assistant functionality. The application requests only the permissions necessary to perform its core functions. Below is a complete list of the Google API scopes used and why each is needed:
| Scope | Purpose |
|---|---|
| gmail.modify | Read incoming emails to triage them by priority; draft and send follow-up messages on the user's behalf. |
| gmail.settings.basic | Read Gmail settings to configure email watch notifications for real-time inbox monitoring. |
| gmail.settings.sharing | Access forwarding and delegation settings to support email management workflows. |
| calendar | Read Google Calendar events to provide daily briefings and pre-meeting preparation summaries. |
| drive | Read and create files in Google Drive to generate expense reports and store business documents. |
| documents | Create and edit Google Docs for expense reports and business documents. |
| spreadsheets | Read and write Google Sheets for tracking expenses and business data. |
All data accessed through Google APIs is used exclusively to provide the personal assistant features described above. Data is processed on a private server controlled by the application owner and is used solely to deliver the requested functionality.
Data accessed from Google APIs is not used for advertising, market research, or any purpose unrelated to the core functionality of the application.
Winston operates on a private, secured server. OAuth tokens and credentials are stored using encrypted storage and are never exposed in logs, configuration files, or chat history. The application employs automated security monitoring including daily credential exposure checks and weekly permission audits.
Data obtained through Google APIs is never sold, shared with, or disclosed to any third party. No data is transferred to any external service, advertising platform, or analytics provider. Data is only used within the application to serve the user directly.
The application retains data only as long as needed to provide its services. Users can revoke the application's access at any time through their Google Account permissions page, which immediately terminates the application's ability to access any Google data.
Democrify's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
This privacy policy may be updated from time to time. Any changes will be reflected on this page with an updated revision date.
For questions about this privacy policy or how your data is handled, contact:
luca@ascotnyc.com