Privacy Policy

Effective 8 May 2026 · Axion Arc Dashboard (app.axionarc.com)

1. What this app is

Axion Arc Dashboard is a private founder operations dashboard built and operated by Parikshit Jhajharia (contact: pj@axionarc.com). It is not a public service. Access is limited to its developer's own Google accounts (currently parikshit0120@gmail.com and pj@axionarc.com), enforced through a test-user list on the OAuth consent screen.

2. Data the app accesses

With your explicit consent through Google's OAuth flow, the app reads the following from your Google account:

  • Gmail (read-only): message metadata (subject, from, date, label IDs) and short body previews (first ~1500 characters) for messages received in the last 2 days. Used to classify each message as TODO / URGENT / FYI / IGNORE. The app does not read, write, send, or modify email on your behalf.
  • Google Calendar (read-only): events on your primary calendar within a 7-day forward window. Used to display upcoming events and compute meetings-vs-deep-work hour totals.
  • Basic profile (openid, email, profile): your email address and display name, used to identify which Google account the connection belongs to.

3. How data is stored

  • OAuth refresh tokens are stored encrypted at rest using AES-256-GCM in a Supabase Postgres database, scoped per user via row-level security.
  • Email metadata (subject, from, body preview, classification label, classifier reasoning) is stored in the same database. Classification is intended to be persistent so the dashboard does not re-classify the same message twice.
  • Calendar event data is fetched on demand and not persisted.
  • The database is hosted on Supabase's infrastructure. The app itself runs on Cloudflare Workers.

4. Third parties that process your data

  • Anthropic, Inc. — email subject, sender, and body preview are sent to Anthropic's Claude API for classification. Anthropic's data handling policy applies to that data while in transit and at their servers. The app does not use Anthropic data for training.
  • Supabase, Inc. — database and authentication.
  • Cloudflare, Inc. — hosting and request routing.
  • Google LLC — the source of the data, accessed via Google's public Gmail and Calendar APIs.

5. Data the app does not do

  • It does not sell, rent, license, or otherwise transfer your data to third parties for advertising, marketing, lead generation, or model training.
  • It does not share your data with anyone outside the third-party processors listed in section 4.
  • It does not send email, modify calendar events, or take any action in your Google account.

6. Your rights

You can:

  • Revoke the app's access at any time at myaccount.google.com/connections.
  • Request deletion of all stored data by emailing pj@axionarc.com. All rows associated with your user ID will be deleted within 7 days.
  • Request a copy of stored data by the same email address.

7. Retention

Data is retained until the user account is deleted or the user requests deletion. There is no automated retention limit because the dashboard is intended for ongoing personal use by the developer.

8. Security

All connections are encrypted in transit using TLS 1.2 or higher. Refresh tokens are encrypted at rest. Database access is gated by row-level security policies tying every row to a single user_id and the application uses the Supabase anon key (RLS-enforced) for all reads on behalf of an authenticated user.

9. Changes

If this policy changes, the effective date above will update. Material changes will be communicated to active test users by email before taking effect.

10. Contact

Questions, deletion requests, or any other privacy concern: pj@axionarc.com.