wingmnn

Privacy Policy

Privacy

Effective May 2026

Your data is yours. This page explains exactly what that means — what we collect, why, how we protect it, and how you stay in control.

Our principles

Four commitments we don't break.

We don't train on your data

Your information is never used to improve our models. Your patterns, preferences, and history belong to you — not our training pipeline.

We don't sell it

No data brokers. No ad networks. No "anonymized" datasets sold to third parties. Your subscription is our business model.

We don't share it

No partner integrations that leak your information. No analytics vendors that receive PII. What's yours stays yours.

You can delete everything

One click. Full account deletion. All data purged within 30 days — no hidden archives, no backups we conveniently forget about.

What we collect

We only collect what's necessary to make each module work. Here's a complete breakdown by category.

Email (Gmail, Outlook)
What

Message content, metadata, labels/folders, contact frequency. Gmail via gmail.modify scope; Outlook via Microsoft Graph mail scopes.

Why

Inbox triage, draft generation, priority ranking, label/folder management

Retention

Active account + 30 days after deletion

Calendar (Google Calendar, Outlook)
What

Events, attendees, scheduling patterns. Google via calendar.events scope; Outlook via Microsoft Graph calendar scopes.

Why

Conflict detection, meeting prep, schedule optimization

Retention

Active account + 30 days after deletion

Finances
What

Transaction data, balances, account metadata (via Plaid)

Why

Spending tracking, anomaly detection, bill reminders

Retention

Active account + 30 days after deletion

Projects
What

Task names, deadlines, status updates

Why

Deadline tracking, workload analysis, nudges

Retention

Active account + 30 days after deletion

Messages
What

Thread metadata, message content across platforms

Why

Conversation summaries, response drafting

Retention

Active account + 30 days after deletion

Travel
What

Itineraries, bookings, loyalty program IDs

Why

Trip management, price monitoring, document storage

Retention

Active account + 30 days after deletion

Wellness
What

Sleep, steps, activity data (from connected devices)

Why

Pattern tracking, gentle nudges, weekly summaries

Retention

Active account + 30 days after deletion

Journal & Notes
What

Free-form text, voice transcriptions

Why

Searchable archive, prompt generation, reflection

Retention

Active account + 30 days after deletion

How we protect it

Encryption everywhere

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Your information is unreadable without the decryption keys, which are managed through a dedicated key management service.

Audited cloud infrastructure

Our infrastructure and processes are audited annually by an independent third party. We meet the Trust Services Criteria for security, availability, and confidentiality.

Read-only financial access

Financial connections use Plaid with read-only permissions. We can see transaction data but can never move money, initiate transfers, or modify your accounts.

Infrastructure

Hosted on secure, isolated cloud infrastructure with restricted access and full audit logging. Network-level isolation, automated vulnerability scanning, and 24/7 monitoring. No data ever leaves secure, audited environments.

Your controls

Granular permissions

Every module can be connected or disconnected independently. Revoke access to any data source at any time — the associated data is deleted within 24 hours.

Full data export

Request a complete export of your data in standard, portable formats at any time. No lock-in. No proprietary formats. Your data leaves when you do.

One-click account deletion

Delete your account and all associated data with a single action. Everything is permanently purged within 30 days. No archives, no backups, no "we'll keep it just in case."

Google user data

Wingmnn's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

  • gmail.modify — read, compose, send, and modify your Gmail messages and labels so Wingmnn can triage your inbox, draft replies on your behalf, and organize threads.
  • calendar.events — read and write events on your Google Calendar so Wingmnn can detect conflicts, prepare you for meetings, and adjust your schedule when you approve it.
  • userinfo.email — identify your account.

How we use Google user data

Only to provide and improve user-facing features inside Wingmnn — inbox triage, draft generation, calendar conflict detection, scheduling, and cross-module context for features you've explicitly connected. Nothing else.

What we never do with Google user data

  • We do not use it to train, develop, or improve generalized AI or machine learning models.
  • We do not use it for advertising of any kind.
  • We do not sell it.
  • We do not transfer it to third parties except as necessary to provide the service you requested, to comply with applicable law, or as part of a merger or acquisition with equivalent privacy protections.

Human access

No human at Wingmnn reads your Google user data, except: (a) with your explicit consent for support; (b) to investigate abuse or security incidents; (c) to comply with a legal obligation; or (d) when the data has been aggregated and anonymized so it cannot be linked to you or any individual.

Revoking access

You can disconnect Wingmnn from your Google account at any time from your Wingmnn settings, or directly from your Google Account permissions page. Once revoked, Wingmnn deletes the associated data within 24 hours.

Third parties

We work with the minimum number of third parties necessary to operate.

Plaid

Used exclusively for the Finances module. Read-only bank account connections. Plaid maintains its own audited security infrastructure and is the industry standard for financial account connectivity.

Cloud infrastructure

Isolated hosting infrastructure. Data encrypted at rest and in transit. No PII is shared with the provider beyond what's required for hosting.

No ad networks. No analytics vendors that receive PII. No data brokers. No social login providers that track you. The list above is complete.

Contact

Questions about your data or this policy? We respond to every inquiry.

hello@wingmnn.com