Privacy Policy

Pocket Desk is a personal AI assistant service operated by She Thrives (Kate Parker, sole proprietor), based in Smyrna, Tennessee, USA. You can reach us at kateparker@shethrivesmarketing.com.

This policy describes how the Pocket Desk Telegram bot collects, uses, stores, and shares your personal information when you use the service. It applies to every customer of Pocket Desk, including Snap, Brain Dump, and Briefing features.

• Telegram identity — your Telegram chat ID and the bot token issued for your private bot. Used to route messages between you and the service.
• Google account access (OAuth) — when you authorize Pocket Desk, we receive a refresh token that lets the service read and write to your own Google Calendar, Google Tasks, and a dedicated folder in your Google Drive that Pocket Desk creates. We do not request Gmail access.
• Content you send to the bot — photos of business cards, voice notes, text messages, and commands. We process these to provide the requested feature and store the result in your own account data.
• Business contacts — names, emails, phone numbers, titles, addresses, and notes you capture via Snap.
• Usage data — counts of features used (for fair-use limits) and timestamps of interactions.

• To operate the features you requested (card OCR, calendar scheduling, task creation, brain dump organization, Q&A about your data).
• To read and write to your own Google Calendar, Google Tasks, and your Pocket Desk folder in Google Drive — on your behalf, using the access you granted.
• To enforce fair-use limits on your plan and to notify you when limits are reached.
• To diagnose service issues and improve reliability.

We do not sell your data. We do not use your content to train any AI model. We do not share your data with other customers.

Pocket Desk's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request and why:

• calendar.events — create meeting invites on your behalf when you ask us to schedule a meeting, and read upcoming events so we can answer questions about your calendar.
• tasks — create tasks in your default Google Tasks list when you dictate to-dos, and read open tasks so we can answer questions about your workload.
• drive.file — create a dedicated Pocket Desk folder in your Drive and write your Brain Dump notes and Quick Notes to files inside that folder only. We never access files we didn't create.
• openid email profile — identify your Google account during consent.

• OpenAI — for OCR of business cards, transcription of voice notes, and answering your questions. Content is sent to OpenAI only at the moment of processing and is not retained by OpenAI for training (OpenAI's API zero-retention policy applies).
• Google (Cloud Platform) — as the provider of Calendar, Tasks, and Drive APIs.
• Supabase — for secure storage of your account data, contacts, and conversation state. Hosted in the United States.
• Vercel — serves the Pocket Desk application.
• Telegram — the messaging platform you use to interact with your bot.

We keep your account data, contacts, meetings, brain dumps, and Quick Notes while your subscription is active. If you cancel or ask us to delete your data, we permanently remove your customer record, contacts, brain dump records, and conversation state within 30 days. The Google Drive folder, docs, calendar events, and tasks that were created in YOUR Google account remain in your account — you control them.

You can at any time:

• Request a copy of the data we store about you.
• Request deletion of your Pocket Desk account and associated stored data.
• Revoke Google access via your Google account permissions at any time. This immediately stops our ability to read or write to your Google account.
• Stop using the bot — just delete it from your Telegram.

Contact kateparker@shethrivesmarketing.com to exercise any of these rights.

Credentials (Google refresh tokens, bot tokens) are stored encrypted at rest in Supabase. All traffic between your Telegram, Pocket Desk, and Google uses TLS. The service runs on Vercel with Row-Level Security enforced on the database.

We will update this page if our practices change. The “Effective” date at the top reflects the most recent update.