Obvious Privacy Policy
Last Updated: February 2, 2026
Obvious ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect your information when you use our collaborative workspace platform.
Obvious is a mixed-surface collaboration platform that enables users to work seamlessly across documents, spreadsheets, presentations, and raw data within shared project workspaces. Our platform integrates with various third-party services to provide enhanced functionality, AI-powered features, and comprehensive data processing capabilities.
Information We Collect
Personal Information
Account Information: Name, email address, username, and profile information
Authentication Data: Login credentials, session tokens, and authentication records
Usage Data: How you interact with our platform, features used, and activity patterns
Communication Data: Messages, comments, and collaborative content within the platform
Content and Project Data
Workspace Content: Documents, spreadsheets, presentations, images, and other artifacts you create or upload
Project Data: File metadata, version history, sharing settings, and collaboration records
Generated Content: AI-assisted content, analysis results, and system-generated insights
Technical Information
Device Information: Browser type, operating system, device identifiers
Log Data: IP addresses, access times, error logs, and system performance data
Analytics Data: Feature usage, performance metrics, and aggregated usage statistics
How We Use Your Information
Core Platform Functions
Provide and maintain the Obvious platform and its features
Enable real-time collaboration and multi-user editing capabilities
Process and store your workspace content and project data
Facilitate AI-assisted content generation and data analysis
Service Enhancement
Improve platform performance, reliability, and user experience
Develop new features and capabilities based on usage patterns
Provide customer support and respond to user inquiries
Ensure platform security and prevent unauthorized access
Communication
Send transactional emails related to your account and platform usage
Notify you of important platform updates or security information
Respond to your requests, questions, and feedback
Google API Services Data Usage
Obvious integrates with Google API Services to enhance collaboration and productivity within our platform. This section describes how we access, use, store, share, and protect Google user data in compliance with the Google API Services User Data Policy.
Data Accessed from Google Services
When you connect your Google account to Obvious, we may access the following types of Google user data, depending on the specific integrations you enable:
Google Calendar:
Calendar events (title, description, date, time, location, attendees)
Calendar metadata (calendar names, IDs, settings)
Event creation, modification, and deletion capabilities
Gmail:
Email messages (subject, body, sender, recipients, timestamps)
Email metadata (folders, labels, read/unread status)
Draft creation and management
Email sending capabilities
Google Drive
File metadata (names, types, sizes, modification dates)
File content for documents, spreadsheets, and presentations
Folder structure and sharing permissions
How We Use Google User Data
We use Google user data exclusively to provide and enhance the functionality you request within the Obvious platform:
Calendar Integration:
Display your calendar events within Obvious workspaces
Create, update, and delete calendar events from within Obvious
Analyze scheduling patterns to suggest optimal meeting times
Sync calendar data with project timelines and task management features
Email Integration:
Access and display email messages within Obvious projects
Send emails directly from the Obvious platform
Create and manage email drafts
Thread email conversations with project context
Extract actionable items from email content using AI assistance
AI-Powered Features:
Process Google user data through our AI models (listed in Third-Party Data Processors section) to provide:
Email summarization and key point extraction
Calendar event suggestions and scheduling optimization
Automated task creation from email content
Meeting notes and action item generation
Important Limitations:
We only access Google data that you explicitly authorize through OAuth consent screens
We never access Google data without your explicit permission
You can revoke access at any time through your Google Account settings
Sharing of Google User Data
With Third-Party AI Processors:
When you use AI-powered features on Google user data, we may share limited, contextually relevant portions of that data with our AI service providers (Anthropic, OpenAI, Google Gemini, AWS Bedrock) solely to:
Generate summaries, insights, or content based on your requests
Perform natural language processing and analysis
Provide intelligent suggestions and automation
Important Safeguards:
Only the minimum necessary data is shared to fulfill your specific request
AI processors are contractually prohibited from using your data to train their models
Data is processed ephemerally and not retained by AI providers beyond the immediate request
All transmissions are encrypted in transit
With Other Third Parties:
We do not sell, rent, or share your Google user data with third parties for their own marketing or commercial purposes. Google user data is shared only as described above or as required by law.
Storage and Protection of Google User Data
Storage Practices:
Google user data is stored in our secure AWS infrastructure with encryption at rest
Calendar and email data are cached temporarily (up to 24 hours) to improve performance
Long-term storage occurs only for data you explicitly save to Obvious projects
We maintain logical separation between different users' Google data
Security Measures:
All access to Google user data requires authentication and authorization
Data transmission uses TLS 1.2+ encryption
Access logs are maintained for security monitoring and audit purposes
Regular security assessments and penetration testing
Role-based access controls limit employee access to Google user data
Data Minimization:
We request only the minimum Google API scopes necessary for functionality
We fetch only the specific data needed for your requested operations
Cached data is automatically purged according to retention schedules
Retention and Deletion of Google User Data
Retention Periods:
Cached Data: Automatically deleted after 24-48 hours
Project-Saved Data: Retained as long as you maintain it in your Obvious projects
Deleted Projects: Google user data within deleted projects is permanently removed within 30 days
Account Deletion: All Google user data is deleted within 30 days of account closure
User-Initiated Deletion:
You can delete your Google user data from Obvious at any time by:
Disconnecting Google Integration: Go to Settings → Integrations → Google → Disconnect
This immediately revokes Obvious's access to your Google account
Cached data is purged within 24 hours
Deleting Specific Projects: Delete projects containing Google data
Deleting Your Account: Request full account deletion at compliance@obvious.ai
All data, including Google user data, is permanently deleted within 30 days
Revoking Access:
You can revoke Obvious's access to your Google account at any time through:
Google Account Permissions Page
Obvious Settings → Integrations → Google → Disconnect
Once access is revoked, we can no longer access your Google data, and all cached data is deleted within 24 hours.
Compliance with Google API Services User Data Policy
Obvious's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
We use Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface
We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger or acquisition (with user notice)
We do not use Google user data for serving advertisements
We do not allow humans to read Google user data unless:
We have your explicit consent for specific data
It is necessary for security purposes (e.g., investigating abuse)
It is required to comply with applicable law
The data has been aggregated and anonymized
Data Processing Architecture
Obvious operates through a distributed architecture that processes data across multiple components:
Internal Processing
Artifact Management System: Manages documents, workbooks, presentations, and files
Real-Time Collaboration Engine: Handles concurrent editing and version control
Data Processing Engine: Performs SQL queries, JavaScript transformations, and Python analysis
AI Orchestration Layer: Coordinates AI-powered features and content generation
Data Storage
Platform Database: Stores user accounts, project metadata, and application state
File Storage & CDN: Hosts user uploads, generated artifacts, and static assets
Caching Layer: Temporarily stores frequently accessed data for performance optimization
Third-Party Data Processors (Subprocessors)
Anthropic (Claude Models)
Purpose: Advanced language models for AI-powered features and conversational AI
Data Processed: User prompts, artifact content, project context for content generation
Privacy Policy: anthropic.com/legal/privacy
OpenAI (GPT Models)
Purpose: Generative models for text generation, summarization, and analysis
Data Processed: User prompts and content for AI assistance
Privacy Policy: openai.com/policies/privacy-policy
Google Gemini (Images)
Purpose: Image generation and analysis
Data Processed: Image generation prompts and image content for analysis
Privacy Policy: policies.google.com/privacy
Microsoft Azure (PDF Processing)
Purpose: PDF document processing and analysis
Data Processed: PDF documents and extracted content
Privacy Policy: privacy.microsoft.com/privacystatement
AWS Bedrock & AWS Translate
Purpose: Managed service for foundation models and neural machine translation
Data Processed: AI model requests, responses, and text content for translation
Privacy Policy: aws.amazon.com/privacy
Infrastructure and Hosting Services
Data Security and Protection
Security Measures
Encryption in Transit: All data transmission uses TLS/HTTPS encryption
Encryption at Rest: Sensitive data stored with industry-standard encryption
Access Controls: Role-based permissions and authentication systems
Data Isolation: Project data isolated between different user sessions
Regular Security Audits: Ongoing security assessments and vulnerability testing
Data Processing Principles
Minimal Data Exposure: Only necessary data sent to third-party processors
Ephemeral Processing: No persistent storage of user data in vendor systems (except as disclosed)
Context Isolation: User data processed separately and securely
Purpose Limitation: Data used only for specified, legitimate purposes
Incident Response
We maintain comprehensive incident response procedures to address any potential data breaches or security issues promptly and transparently.
Your Rights and Choices
Access and Control
Data Access: Request copies of your personal information and platform content
Data Correction: Update or correct inaccurate personal information
Data Deletion: Request deletion of your account and associated data (including Google user data)
Data Portability: Export your workspace content and project data
Privacy Settings
Sharing Controls: Manage who can access your projects and workspaces
Collaboration Settings: Control real-time editing and commenting permissions
Notification Preferences: Customize email and platform notifications
Integration Management: Connect or disconnect third-party services (including Google)
Opt-Out Options
Analytics: Opt out of non-essential analytics and usage tracking
AI Features: Disable AI-powered features and content generation
Marketing Communications: Unsubscribe from promotional emails
Data Retention
Active Data
Account Information: Retained while your account is active
Workspace Content: Retained according to your workspace settings and usage
Activity Logs: Retained for operational purposes and security monitoring (typically 90 days)
Google User Data: Cached temporarily (24-48 hours) or retained in projects you create
Deleted Data
Account Deletion: Personal information and all user data (including Google user data) deleted within 30 days of account closure
Content Deletion: Workspace content permanently deleted according to retention policies
Backup Data: Removed from backup systems within 90 days
Google Integration Disconnection: Cached Google data purged within 24 hours
International Data Transfers
Obvious and our third-party processors may transfer and process data internationally. We ensure appropriate safeguards are in place for international transfers, including:
Adequacy Decisions: Transfers to countries with adequate data protection laws
Standard Contractual Clauses: EU-approved contractual protections for data transfers
Processor Agreements: Binding agreements with all third-party processors
Children's Privacy
Obvious is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify users of material changes through:
Email Notifications: Direct notification to your registered email address
Platform Announcements: In-app notifications and announcements
Website Updates: Updated policy posted on our website with revision date
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at compliance@obvious.ai
For specific requests regarding your personal information, Google user data, or to exercise your privacy rights, please contact us directly using the email above.