Sign up

Privacy Policy – this+that Assistant

Last updated: June 9, 2026

This and That Technologies, Inc. (“this+that,” “we,” “us,” or “our”) uses technology to analyze communications, identify issues to address and assist teams in addressing them efficiently and effectively. This Privacy Policy describes how This and That processes personal information that we collect through our website located at https://assistant.thisandthat.chat/ and our mobile application (collectively, the “Service”), as well as through social media, marketing activities and other activities described in this Privacy Policy.

Personal information we collect

Information you provide to us

Personal information you may provide to us through the Service or otherwise includes:

  • Email, messaging, calendar, and related data from sources you connect, which may include Google Workspace (Gmail, Calendar, Chat, Drive, People), Microsoft 365 (Outlook, Teams, Calendar), Slack, Telegram, and the Meta family (Instagram, Facebook Messenger, WhatsApp), among others. We access these services through the standard authorization flow each provider supports (typically OAuth) and act on your behalf as you instruct.
  • Contact data, such as your first and last name, email address, billing and mailing addresses, and phone number.
  • Profile data, such as the username and password that you may set to establish an account on the Service and any other information that you add to your account profile.
  • Communications data based on our exchanges with you relating to customer support, feedback, and bug reporting, including when you contact us through the Service, social media, or otherwise.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Survey data, including information you may share when completing a survey about your experience using the application.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic data collection

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area, when you installed, removed, or updated the application, and how frequently you used the application.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

Cookies and similar technologies

Some of the automatic collection described above is facilitated by cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites may include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.

Data about others

We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. You may also choose to enter friends’ personal information as part of the Service when you have a conversation with them, and add or modify names of other conversation participants. Please do not refer someone to us, share their contact details with us, or enter their information on the Service unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations

We may use your personal information to:

  • provide and operate the Service and our business;
  • establish and maintain your user profile on the Service;
  • enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development

We use aggregated operational telemetry (for example, service uptime, aggregate request volumes, error rates) to analyze and improve the Service. This telemetry does not contain Customer Data or personal information.

We do not use Customer Data or personal information, including in pseudonymised, anonymised, or aggregated form, to train, fine-tune, or otherwise improve any machine learning or generative AI model, whether our own or that of any third party. This restriction is contractual and is set out in our Terms of Service and Data Processing Addendum. Our sub-processors that process Customer Data, including AI model providers, are bound by the same restriction.

We may use your data and any feedback you provide inside the Service (for example, marking an extracted task as a hit or a miss) to personalize results within your customer account (called a “Team” in the product interface, including for Teams of one), including for other authorized users (called “Members”) on the same Team. Personalization derived from your data and feedback is not shared with any other customer, and we do not use it to train, fine-tune, or improve any shared or global model that serves other customers.

We do not share aggregated, de-identified, or anonymised data derived from personal information with third parties for those third parties’ own purposes.

Marketing

We and our service providers may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.

Service improvement and analytics

We may use your personal information to:

  • analyze your usage of the Service, improve the Service, and improve the rest of our business;
  • help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service; and
  • develop new products and services.

Compliance and protection

We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  • Functionality. To enhance the performance and functionality of our services.
  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance and protection purposes.

To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will delete it, or, where deletion is not immediately possible (for example, because the data is stored in backup archives), we will securely store and isolate it from further processing until deletion is possible. Backup copies are deleted in the ordinary course within ninety (90) days. We do not retain anonymised or de-identified personal information for indefinite reuse.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Service providers and sub-processors

Third parties that provide services on our behalf or help us operate the Service or our business. The current list of sub-processors that process Customer Data is published at thisandthat.chat/subprocessors. Each sub-processor is bound by a written agreement that includes data protection terms at least as protective as our Data Processing Addendum, including a prohibition on training models on Customer Data.

Other users

Other users of the Service, where you choose to share certain information with such users, such as other participants in the conversation.

Linked third-party services

If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

Professional advisors

Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others

Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees

We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in This and That, financing of This and That, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of This and That as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Your choices

Access or update your information

If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of marketing communications

You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies and similar technologies

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Do Not Track

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information

We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Delete your account and associated Personal Data

You can delete your account from the Account page. If you delete your account, we will delete the Personal Data associated with your account.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Google Calendar, Gmail and Google Workspace

this+that’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google APIs may be analyzed by generative AI systems to provide the Service, but is not transferred to the creator of the generative AI system to train or update their models. We do not use Google API data to train, fine-tune, or improve any generalized AI or ML model that serves other users or customers. We may use Google API data, including any feedback you provide inside the Service on AI-generated suggestions, to personalize results within your customer account, including for other authorized users on the same account, consistent with the Google API Services User Data Policy.

Security

We employ technical, organizational, and physical safeguards designed to protect the personal information we collect via the Service. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States, and our sub-processors process Customer Data primarily in the United States. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to the United States or another country that has not been the subject of an adequacy decision, the transfer is governed by the Standard Contractual Clauses and (for UK data) the UK International Data Transfer Addendum, as set out in our Data Processing Addendum.

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. For changes that materially reduce the protections of personal information described here, we will provide at least thirty (30) days’ advance notice by email to the address on the affected account, by in-product notice, or by posting an updated version on our website with a revised effective date. If a customer objects to a material change, the customer may exercise the termination rights described in our Terms of Service and Data Processing Addendum. Continued use of the Service after the effective date of a change constitutes acceptance of the change. Non-material changes (for example, clarifications, formatting, or updates to reflect new features that do not reduce protections) take effect on posting.

How to contact us

This and That Technologies, Inc. P.O. Box 1034 Millerton NY 12546

Changelog

  • June 9, 2026. Removed reservation of rights to use anonymised data indefinitely and to share aggregated data with third parties. Added contractual no-training commitment cross-referenced to the Terms of Service and DPA. Added an in-account personalization disclosure: your data and feedback may personalize results within your customer account (called a “Team” in the product, with “Members” on it; including for other Members on the same Team), are never shared with other customers, and are never used to train shared models. Updated the international transfer section to point to the DPA (SCCs and UK Addendum). Replaced unilateral change provisions with a thirty-day notice and objection process. Added a sub-processor cross-reference. Rewrote the Google API section so in-account personalization (including across authorized users on the same account) is permitted (consistent with Google API Services User Data Policy), while training of generalized models that serve other users remains prohibited.