Privacy Policy
Last updated: April 8, 2026
1. Scope
This Privacy Policy explains how CozyOffice collects, uses, stores, and protects personal information when you use our website, applications, and related services (collectively, the "Services").
2. Personal Information Collection Statement
This Personal Information Collection Statement is provided in accordance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) ("PDPO"). It explains our purposes of collection, whether data provision is obligatory, classes of transferees, and your rights of access and correction.
- Purpose of collection: Your personal data is collected for account registration and management, provision of AI-powered productivity features, payment handling, customer support, service security, compliance, and related operational purposes.
- Mandatory vs voluntary provision: Unless otherwise specified, provision of requested personal data is voluntary. However, if you do not provide data marked as required, we may be unable to provide or continue to provide relevant Services.
- Classes of transferees: Personal data may be transferred or disclosed to our cloud infrastructure, payment, analytics, communications, professional advisers, auditors, and other service providers (whether in or outside Hong Kong) on a need-to-know basis and subject to appropriate safeguards.
- Types of personal data collected: Contact and account details, connected service data you authorize, usage and device logs, support communications, and billing metadata.
- Rights of access and correction: Under the PDPO, you have the right to request access to and correction of your personal data. Requests may be made by contacting us through the contact details in this Policy.
3. Information We Collect
We may collect the following categories of information:
- Account and contact data: Name, email address, and login identifiers.
- Connected service data: With your authorization, data from Gmail, Google Calendar, and specific files from Google Drive, Google Docs, and Google Sheets that you manually select and share with our Services, required to perform automation tasks.
- Usage and device data: Log events, feature usage, IP address, browser type, device identifiers, and cookie-related data.
- Support and interaction content: Messages, feedback, and content submitted during interactions with AI assistants.
- Payment data: Subscription and transaction metadata (plan, amount, status). Full payment card details are processed by third-party payment processors and are not stored in full by us.
4. How We Use Information
We use information to:
- Provide, maintain, and improve the Services.
- Run AI-powered workflows you authorize (for example, email drafting, scheduling, and document processing).
- Manage accounts, authentication, and security controls.
- Process payments, invoices, receipts, and operational notices.
- Respond to support requests and prevent abuse, fraud, or policy violations.
- Perform analytics to improve quality, reliability, and user experience.
5. AI Processing and Third-Party Services
To deliver core functionality, we may use trusted third-party providers (such as infrastructure, payment, analytics, communication tools, and AI model providers including Z.AI and GLM models). We share only the data necessary for those purposes and require reasonable safeguards. You understand that AI-generated content may contain inaccuracies and should be reviewed before use.
We do not use Google user data obtained through Google Workspace APIs to train, fine-tune, or improve any AI or machine learning models. Google user data is used only to provide user-requested features within the Services.
6. Google API Limited Use Policy
CozyOffice's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements. We do not use Google user data to serve ads and do not sell it to third parties.
7. Information Sharing and Disclosure
We do not sell personal information. We share information only when:
- You provide consent or direct us to do so.
- It is necessary with service providers that support our operations.
- Required by law, court order, or valid governmental request.
- Needed to protect rights, safety, property, or platform integrity.
- In connection with a lawful business transaction (for example, merger, acquisition, or asset transfer).
8. International Data Transfers
Because our infrastructure and providers may operate in different jurisdictions, your information may be transferred to and processed outside your country. We apply reasonable safeguards consistent with applicable laws.
9. Retention Policy
In line with Data Protection Principle 2 under the PDPO, we follow a shortest-retention approach: we keep personal data only for the minimum time reasonably needed for each purpose (such as operating your account and the Services), and we aim not to hold it longer than necessary once that purpose ends. Where tax, accounting, or other laws set a minimum retention period, we keep only what those laws require and only for that period.
When data is no longer needed, we delete or anonymize it. You may request account deletion or removal of eligible data through account settings or by contacting us. You may revoke Google permissions at any time in your Google security settings.
10. Data Security
We implement industry-standard technical and organizational measures, such as encrypted transmission, access controls, and auditing, to reduce risks of unauthorized access, disclosure, alteration, or loss. No method of transmission or storage is completely secure.
11. Your Rights
Depending on applicable law, you may have rights to access, correct, delete, restrict, object, or request portability of your data, and to withdraw consent. If the PDPO applies, you may make a data access request and data correction request regarding your personal data. You may contact us to exercise these rights.
12. Children's Privacy
The Services are not directed to children below the age required by applicable law. We do not knowingly collect personal information from children; if discovered, we will take reasonable steps to delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide notice through the Services, email, or other reasonable means. Continued use of the Services after an update means you accept the revised Policy.
14. Contact Us
If you have questions about this Privacy Policy or would like to exercise privacy rights, contact: general@cozyoffice.ai