← Donna

Privacy Policy

Effective June 12, 2026.

Donna is an AI executive-function partner that helps you follow through on what matters to you. This policy explains what information Donna collects, why, how it is stored, and the control you have over it. Donna is operated by GSD Labs LLC (“we,” “us”).

Information we collect

  • Account information. When you sign in, our authentication provider (Clerk) gives us your name, email address, and a unique account identifier.
  • What you tell Donna. The outcomes you’re working toward, the notes and brain dumps you write, and your messages and voice conversations with the coach.
  • Connected services. If you choose to connect a service (such as Google Calendar), we access the specific data described below to provide the feature you connected it for.
  • Usage information. Basic, privacy-respecting information about how the app performs and is used, so we can keep it working.

Google user data

If you connect your Google Calendar, Donna requests the Google Calendar scope (https://www.googleapis.com/auth/calendar), which is read and write access. We use it for exactly two things:

  • Reading your day. We read your calendar events (their titles, times, and attendees) and your free/busy availability so Donna can show you the shape of your day and find realistic windows to focus.
  • Writing back your work. We create and update events on your calendar — for the focused work sessions you schedule with Donna, and for edits or moves you make through the app. This is why read-only access is not sufficient.

How it’s stored. Your Google authorization token is held in encrypted storage by our authentication provider (Clerk). The calendar data we read is kept as a normalized, minimal copy in our database (Supabase) only so the app can render your day quickly. We do not copy your entire calendar history.

How long we keep it. We retain your token and the derived calendar data for as long as the connection is active. When you disconnect Google Calendar or delete your account, the token is revoked and the derived calendar data is deleted.

What we never do. We never sell your Google data. We never use it for advertising. We never use it to train generative AI or machine-learning models. We do not share it with third parties except the infrastructure providers needed to run the feature (listed below).

Donna’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How we use your information

  • To provide the coaching experience and the features you use.
  • To understand your goals and context over time so the coaching adapts to you.
  • To keep the service secure, reliable, and working.
  • To respond to you when you contact us.

To power the coaching, your text and voice content is processed by the AI providers listed below. It is used to generate Donna’s responses to you — not to train their models.

Who we share information with

We share data only with the service providers (“sub-processors”) we use to operate Donna, each limited to its purpose:

  • OpenAI. Large-language-model processing for coaching, planning, and text understanding.
  • ElevenLabs. Voice conversation (the spoken coaching agent).
  • Composio. Connections to third-party tools you choose to link.
  • Clerk. Authentication and encrypted storage of your connected-account tokens.
  • Supabase. Application database and file storage.
  • Vercel. Application hosting and infrastructure.

We do not sell your personal information, and we do not use it for third-party advertising.

How long we keep your information

We keep your information for as long as your account is active. When you delete your account, we delete your personal data and revoke connected tokens, except where we are required to retain limited records by law.

Security

We protect your data with encryption in transit and at rest, access controls, and reputable infrastructure providers. No system is perfectly secure, but we work to keep your information safe and to notify you if something material happens.

Your choices

  • Disconnect a service. You can disconnect Google Calendar at any time from the app’s settings; this revokes our access and removes the derived calendar data.
  • Access, export, or delete. You can request a copy of your data or ask us to delete your account by emailing privacy@meetdonna.xyz.
  • Revoke Google access directly. You can also remove Donna’s access from your Google Account permissions.

Children

Donna is not directed to children under 13, and we do not knowingly collect their data.

Changes to this policy

We may update this policy as the product evolves. We’ll change the effective date above, and for material changes we’ll give you notice.

Contact

Questions about privacy or your data? Email privacy@meetdonna.xyz.