Privacy Policy

Last updated: June 24, 2026

Ziti runs the missions you define across the tools you connect. To do that, you grant Ziti access to those tools. This policy explains what we access, how we use it, and the controls you have.

What we access

Ziti only accesses the data needed to run the missions you create. When you connect a tool over OAuth, you approve the specific scopes that mission requires — for example, reading email, reading a spreadsheet, or posting a message. We request the narrowest scopes that let the mission work, and never more.

The data we may access on your behalf includes:

  • Connected-tool data — the records, files, messages, and metadata a mission reads or writes in the tools you connect (such as your CRM, email, calendar, files, accounting, and chat).
  • Account data — your name, email, and workspace details, used to operate your account.
  • Usage data — logs of mission runs, including which steps executed and their results, used to show you what happened and to operate and improve the service.

Google user data — Limited Use

When you connect a Google account, Ziti may access the following, with your authorization, solely to operate the missions you create:

  • Gmail — read your messages and threads; create and modify drafts and labels; and send email on your behalf, when a mission you configure requires it.
  • Google Calendar — read your events and create or edit events you direct Ziti to manage.
  • Google Sheets — read and write the contents of spreadsheets you direct Ziti to use.
  • Google Drive — read the names and basic metadata of your spreadsheets so you can find a sheet by name. Ziti does not access the contents of your other Drive files.

Ziti’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements.

  • We use Google user data only to provide and improve the features you ask Ziti to perform.
  • We do not sell Google user data, and we do not use it for advertising.
  • We do not transfer Google user data to others except as needed to provide the service, comply with law, or as part of a merger or acquisition, and only with appropriate safeguards.
  • We do not allow humans to read Google user data unless you give explicit consent for specific data, it is necessary for security purposes (such as investigating abuse) or to comply with applicable law, or the data is aggregated and anonymized.

How we use data

We use the data above to execute your missions, show you their results, operate and secure the service, provide support, and meet legal obligations. We do not sell your data, and we do not use the contents of your connected tools for advertising.

Approvals and control

Ziti shows you the plan before a mission runs, and any action that writes to a connected tool waits for your approval. You can review what each mission did, revoke a tool’s access at any time, and disconnect tools from your settings or from the provider directly.

Storage and retention

We store data on reputable cloud infrastructure and retain it only as long as needed to operate your account and the missions you run, or as required by law. When you delete a mission or your account, we delete the associated data within a reasonable period, except where we must retain limited records for legal or security reasons.

Security

We encrypt data in transit and at rest, scope access to the minimum required, and follow least-privilege practices for the credentials you grant. No system is perfectly secure, but we work to protect your data and to respond quickly to issues. To report a vulnerability, contact us.

Subprocessors

We rely on third-party providers to host and operate the service (for example, cloud hosting and the connector infrastructure that powers integrations). These providers process data on our behalf under agreements that require appropriate protection. Where the content of a mission is processed by AI model providers to produce the output you requested, this happens under API terms that prohibit those providers from using your data to train their models.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. To make a request, contact us.

Changes

We may update this policy as the service evolves. We will revise the “last updated” date above and, for material changes, provide additional notice.

Contact

Questions about this policy? Contact us.