Back

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Shotgun ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

  • Email address
  • Name (if provided)
  • Profile picture (from OAuth providers)

Connected Service Data

When you connect third-party services, we access data necessary to perform requested actions:

  • Gmail: Read, send, compose, and modify emails; manage labels; access email metadata for email management
  • Google Docs: Create, read, edit, and delete Google Docs documents
  • Google Sheets: Create, read, edit, and delete spreadsheets and data
  • Google Slides: Create, read, edit, and delete presentations
  • Google Drive: View and manage Drive app associations; view photos and videos in Drive
  • Google Meet: Create meeting spaces; read meeting information and conference data
  • Google Photos: Upload photos to your library; read photos uploaded by the app (not your existing library)
  • YouTube: Manage your channel; view and edit videos, comments, captions; view channel membership info
  • Google Activity: View your activity history across Google apps
  • Other services: Data as required by the specific integration (Slack, GitHub, Notion, etc.)

Google OAuth Scopes

We request the following specific Google OAuth scopes to provide our services:

  • gmail.modify - Read, compose, send, and organize emails
  • docs - Create, read, edit, and delete Google Docs
  • spreadsheets - Create, read, edit, and delete Google Sheets
  • presentations - Create, read, edit, and delete Google Slides
  • drive.apps - View and manage Google Drive app associations
  • drive.photos.readonly - View photos and videos in Google Drive
  • activity - View activity history across Google apps
  • meetings.space.created - Create Google Meet meeting spaces
  • meetings.space.readonly - Read meeting information
  • photoslibrary.appendonly - Upload photos to Google Photos
  • photoslibrary.readonly - View photos in Google Photos library
  • youtube - Manage your YouTube account
  • youtube.force-ssl - View, edit, and delete YouTube videos, comments, and captions
  • youtube.channel-memberships.creator - View channel membership information
  • devstorage.write_only - Write to Google Cloud Storage for temporary file processing
  • userinfo.email - Access your email address for account identification

Usage Data

  • Conversation history with the AI assistant
  • Preferences and saved prompts
  • Browser location (only if you grant permission)

3. How We Use Your Information

  • To provide and maintain the Service
  • To execute tasks you request through the AI assistant
  • To personalize your experience and remember your preferences
  • To improve and optimize the Service
  • To communicate with you about updates or issues
  • To detect and prevent fraud or abuse

4. Data Storage and Security

We use industry-standard security measures to protect your data:

  • OAuth tokens are encrypted and stored securely
  • Data is transmitted over HTTPS/TLS encryption
  • We use Supabase for secure database storage
  • Access to production systems is restricted and logged

5. Data Sharing

We do not sell your personal information. We may share data with:

  • AI Providers: Conversation content is sent to AI models (Anthropic, Google) to generate responses
  • Connected Services: Data is sent to services you connect (Google, Slack, etc.) to perform actions
  • Service Providers: We use Supabase for database and authentication services
  • Legal Requirements: We may disclose data if required by law

6. Third-Party Services

Our Service integrates with third-party platforms that have their own privacy policies. We encourage you to review the privacy policies of any third-party services you connect:

  • Google Privacy Policy
  • Slack Privacy Policy
  • GitHub Privacy Policy
  • Spotify Privacy Policy

7. Google API Services Limited Use Disclosure

Shotgun's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Requirements

In accordance with Google's Limited Use requirements, Shotgun will:

  • Only use access to read, write, modify, or control Google user data to provide or improve user-facing features that are prominent in the requesting application's user interface
  • Not transfer Google user data to third parties except as necessary to provide or improve user-facing features, with user consent, or for security purposes
  • Not use Google user data for serving advertisements
  • Not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes, it is necessary to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized

How We Use Google Data

We access Google user data solely to provide the following user-facing features:

  • Gmail Integration: Read, compose, send, and organize emails through our AI assistant interface
  • Google Docs Integration: Create, read, edit, and manage documents
  • Google Sheets Integration: Create, read, and modify spreadsheet data
  • Google Slides Integration: Create, read, and edit presentations
  • Google Drive Integration: Browse files, manage app associations, and view Drive photos
  • Google Meet Integration: Create meeting spaces and retrieve meeting information
  • Google Photos Integration: Upload photos to your library; view only photos uploaded by the app
  • YouTube Integration: Manage your channel, videos, comments, captions, and view channel membership info
  • Activity Integration: View your recent activity across Google apps

Data Processing

When you use our AI assistant with connected Google services:

  • Google data is processed only when you explicitly request actions through the assistant
  • We use AI models (Anthropic Claude, Google Gemini) to understand your requests and generate responses
  • Google data may be temporarily processed by these AI providers to fulfill your requests
  • We do not permanently store the content of your Google data beyond what is necessary to provide the service
  • OAuth tokens are securely encrypted and stored only to maintain your connection

8. Data Retention

We retain your data for as long as your account is active. Conversation history is stored to maintain context and improve your experience. You can delete your account and all associated data at any time through the Account settings page.

9. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data and account
  • Portability: Request your data in a portable format
  • Revoke Access: Disconnect third-party services at any time

10. Chrome Extension

The Shotgun Chrome Extension ("Save to Memory") allows you to save web pages and notes to your Shotgun knowledge base directly from your browser.

Data Collected by the Extension

  • Page Information: When you save a page, we collect the URL, title, meta description, and favicon
  • Page Content: Optionally, the main text content of the page for knowledge base indexing
  • User Notes: Any notes you add when saving a page
  • Settings: Your extension preferences (default knowledge base, storage type) stored locally via Chrome Storage API

Permissions Used

  • activeTab: Access current page URL and title only when you click the extension
  • storage: Save your preferences locally on your device
  • tabs: Query active tab information for the save functionality
  • scripting: Extract page content when you choose to save a page

The extension only activates when you click it. It does not track your browsing history, run in the background, or collect data without your explicit action.

11. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising trackers.

12. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

13. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@shotgun.ai