← Back to home

Privacy Notice

Last updated: June 20, 2026

Who we are

Conopeum is operated by SO Services, LLC ("Conopeum", "we", "us", "our"). For the personal data we process in connection with the Service, SO Services, LLC acts as the data controller.

Personal data we collect

• Account data — name, email address, login credentials, and workspace membership. Used to create and secure your account.
• Connected Google Workspace data — when you connect a Google account, we receive OAuth tokens (access and refresh) and the Gmail, Google Tasks, and Google Calendar data needed to provide the features you enable: turning inbound emails into tasks, sending replies on your behalf, archiving or trashing the original message, syncing tasks with Google Tasks, and reading your Google Calendar. See the "Google user data" section below for the full disclosure.
• Customer and workspace content — tasks, contacts, comments, custom fields, attachments, and other content you and your workspace members add to Conopeum.
• Support communications — messages you send us, used to respond and troubleshoot.
• Usage and device data — IP address, browser/device type, pages viewed, and error logs. Used for security, fraud prevention, debugging, and product improvement.
• Billing data — collected and processed by Paddle as Merchant of Record. We receive subscription status, plan, and limited transaction metadata; we do not store your full payment card details.

Purposes and legal bases

We process personal data to:

• create accounts and provide the Service (performance of a contract);
• secure the Service, prevent fraud and abuse, and debug issues (legitimate interests);
• communicate with you about your account and respond to support requests (performance of a contract);
• send service updates and, where permitted, occasional product news (legitimate interests or consent);
• comply with our legal obligations (legal obligation).

How we share data

We share personal data only with:

• Service providers and subprocessors — hosting, database, email delivery, error monitoring, analytics, and AI processing providers that act on our instructions.
• Paddle — our Merchant of Record, who handles the sale of subscriptions, payment processing, subscription management, tax compliance, and invoicing.
• Google — for the parts of the Service that interact with Gmail, Google Tasks, and Google Calendar on your behalf, in accordance with the scopes you authorize.
• Professional advisers — legal, accounting, and insurance advisers, where reasonably necessary.
• Authorities — where required by law, court order, or to protect our rights, users, or the public.

We do not sell your personal data.

Google user data

Conopeum's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request and why:

• openid, userinfo.email, userinfo.profile — identify your Google account and display your name and email in Conopeum.
• gmail.readonly — read message metadata and content of emails you choose to bring into Conopeum so we can show the original message alongside the task.
• gmail.send — send replies to those messages from your own Gmail address when you click Reply inside a task.
• gmail.modify — archive a message (remove the INBOX label) or move it to Trash when you click Archive or Trash inside a task. We never permanently delete messages.
• tasks — create, update, and complete Google Tasks that mirror your Conopeum tasks.
• calendar.events — read Google Calendar events so they appear in your Conopeum schedule.

Limited Use commitments. Conopeum will not:

• use Google user data to serve advertising, including retargeting or personalized ads;
• sell, rent, or trade Google user data to data brokers, advertisers, or any third party;
• use Google user data to train, fine-tune, or otherwise develop generalized or third-party AI/ML models. Where AI is used inside Conopeum (for example to draft a task summary), the relevant content is sent to our AI provider only to return a result to you and is not used by that provider to train their models;
• allow humans to read Google user data, except (a) with your explicit consent for a specific message, (b) for security investigations or to comply with applicable law, (c) when the data has been aggregated and anonymized for internal operations, or (d) when strictly necessary for support you have requested.

Storage and retention of Google data. OAuth tokens are stored encrypted at rest and used only to call Google APIs on your behalf. Email content we process to create a task (subject, sender, body excerpt, message ID, thread ID) is stored against that task so you can see the source of the work. Replies you send from Conopeum are mirrored into the task's comment log. You can revoke Conopeum's access at any time from your Google Account permissions page; doing so disables the connected features and we stop receiving new Google data. Stored Google data tied to your account is deleted when you delete your Conopeum account or disconnect the Google account, subject to short-lived backups.

Data retention

We retain personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.

Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent where processing is based on consent. To exercise any of these rights, contact us using the details below. You may also have the right to lodge a complaint with your local data protection authority.

International transfers

We may transfer personal data outside your country, including to the United States. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses or recognized adequacy mechanisms.

Security

We implement appropriate technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and role-based permissions. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you as required by law.

Cookies

We use essential cookies and similar technologies to keep you signed in and to keep the Service working. We may also use a limited set of analytics cookies to understand product usage. You can control cookies through your browser settings.

Children

Conopeum is not directed to children under 16. We do not knowingly collect personal data from children under 16.

Changes to this notice

We may update this Privacy Notice from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email or in-product notice.

Contact

For privacy questions or to exercise your rights, contact SO Services, LLC through the support channels in your Conopeum workspace.