Accrete Knowledge Engine Privacy Notice

Last Updated 01/16/26

This section supplements our main Privacy Notice and describes how Accrete, Inc. (“Accrete”, “we”, or “us”) accesses, uses, stores, and shares your data when you choose to connect your systems to the Accrete Knowledge Engine (“AKE”) application. You, as the customer, control which systems and scopes AKE can access; if you don’t grant a scope, AKE cannot access data from that system. You may choose read-only, read/write, or have no access on a per-system basis. 

This section may be updated periodically. You will be notified of significant changes that may negatively affect you. Continued use signifies your acknowledgment of the modified content.

Accrete uses Okta for authentication. See Okta's Privacy Notice for details on Okta’s data practices. 

  1. Data We Collect 

Service Data & Account Data

Data associated with your account to manage your account and your use of AKE, including but not limited to your name, email, contact details, organization affiliation, billing information, IP address, device identifiers, data usage logs and other usage data (such as feature clicks, navigation paths, session replays), authentication tokens, integration credentials, queries history, support communications, cookies and similar technologies. 

Customer Content Data

AKE enables you to connect various third-party services, such as Google, DocuSign, Jira, ServiceNow, Slack, and other similar platforms (collectively, “Systems”). Any data accessed from or stored in these Systems through AKE is considered your “Customer Content.” You control which Systems and data are connected and are responsible for ensuring you have all necessary legal bases, consents, and permissions to share that data with AKE. We process Customer Content solely on your behalf and in accordance with your documented instructions, in our role as your processor/service provider. You, as the controller/business, are responsible for ensuring that any data you choose to connect to AKE is collected and disclosed lawfully, and that such data is accurate, complete, and kept up to date.  

Prohibited Data

AKE is intended to process ordinary business information and is not designed to receive or handle: 

  • Protected health information (“PHI”) under HIPAA 
  • Payment card data (PCI DSS), including full card numbers or CVV codes
  • Government-issued identification numbers (Social Security numbers, driver’s license numbers, passport numbers)
  • Biometric identifiers or information
  • Other sensitive personal data under applicable laws and regulations 

You are responsible for ensuring Prohibited Data is not submitted, uploaded, connected or otherwise made available to AKE. Accrete is not responsible if such data is shared with AKE. 

Systems That You Choose to Connect with AKE

The Customer Content that AKE accesses from Systems depends on which Systems you choose to connect and the permissions you grant. You control which Systems and data fields are connected to AKE at all times. If you choose to connect a System, AKE may access any data in that System, including but not limited to the following categories of personal data:

  • Username
  • Name
  • Email
  • Data in Cloud drive and documents
  • Calendar and events
  • Contacts and organization directory
  • Analytics and usage data
  • Other data exposed by the Systems you authorize  

  1. How We Use Your Data

We use your data to provide, maintain, and improve AKE, including to: 

  • Authenticate and manage your account
  • Deliver core services (summaries, calendar invites, analytics, insights)
  • Process billing and payments
  • Respond to support and billing requests
  • Operate and secure AKE
  • Debug, identify and repair errors within AKE
  • Perform audits and other compliance activities
  • Comply with legal obligations

We do not sell your data or share it with third parties for cross-context behavioral advertising, nor do we use it to create or enrich advertising profiles about you, in accordance with applicable laws. 

  1. How We Access Your Data

When you connect AKE to a System, such as Google Workspace, AKE uses secure connection methods like OAuth 2.0 or a private access key that you provide. Before you approve the connection, you will see a screen that clearly explains what information AKE is requesting and you can choose which permissions to grant. AKE only uses the information necessary to perform the specific actions you have authorized (for example, reading or sending emails), and you can disable this access at any time in your settings. 

All connection data, including any tokens or keys, is stored in encrypted form both in transit and at rest. In some cases, AKE also uses its own secure integration tooling to connect to other Systems using the same careful security measures.

  1. How We Store and Retain Your Data

We store your data to provide the AKE services, fulfill contractual obligations, improve our products, and comply with legal requirements. 

Storage & Protection

  • OAuth tokens/APIs and configuration necessary to maintain your authorized connection are stored in secure systems with access controls and encryption in transit and at rest. 
  • Where AKE needs to persist content (e.g., documents, emails, tasks, events, derived summaries, or embeddings) to provide ongoing functionality, the data is stored in our cloud infrastructure under technical and organizational safeguards. 

Retention

  • We retain Customer Content as long as your account is active or as required by law.
  • If you disconnect your Systems from AKE, you can request us to delete your Customer Content. 
  • Upon termination, we delete or anonymize your Customer Content within a reasonable timeframe, subject to legal holds and backup requirements.

Large Language Models

AKE may use large language model (LLM) services (for example, OpenAI or Anthropic) to generate summaries, insights, and recommendations based on your queries. Each LLM provider maintains its own data handling and retention practices, which may differ from AKE’s retention periods.

  1. How We Share Your Data

We do not sell your data and do not permit third parties to use it for advertising or marketing. We share your data only in these limited circumstances:

  • Within your organization: Outputs and insights may be visible to authorized users if shared.
  • Service providers: Third-party vendors (e.g., cloud hosting, LLM, monitoring, security, CRM, billing, or analytics providers) that process your data on our behalf to deliver our services under contractual confidentiality obligations. 
  • Legal obligations: We may disclose data if required by law, subpoena, or legal process, or to protect the rights, property, or safety of Accrete, our users, or the public. 
  • Business transfers: Your data may be transferred in connection with a merger, acquisition, reorganization, or asset sale, subject to continued protections. 
  1. Your Choices and Controls

You have the following controls over AKE’s access to your Customer Content: 

  • Scopes: Grant or deny scopes during OAuth or API setup or revoke them at any time in your System's account security settings.
  • Disconnect: You can disconnect AKE through your System’s security dashboard or the AKE interface. Once disconnected, Accrete cannot access your Customer Content. 
  • Organizational controls: Your administrator may restrict scopes, enforce data-retention policies, or disable the integration entirely.
  1. Children’s Privacy

We do not knowingly collect personal data from children under 13 without parental consent. If you believe we have done so, alert us immediately. For information about COPPA protections, see the FTC's guidance.

  1. Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and monitoring. However, no system is 100% secure, and we cannot guarantee absolute protection.  

  1. International Data Transfers

We may transfer and store your data in the United States or other jurisdictions. Where required by law, we implement safeguards such as Standard Contractual Clauses (SCCs) with supplementary technical measures (e.g., encryption, restricted access) to ensure adequate protection.

  1. Regional Privacy Rights

To exercise your rights, you must provide sufficient information for us to verify your identity and clearly describe your request so that we can evaluate and respond to it. If we are unable to verify your identity with the information you provide, we may ask you for additional details.

  1. European Economic Area (EEA), Switzerland & United Kingdom (UK)

To the extent we receive or process personal data about an individual located in the EEA, Switzerland, or the UK, the GDPR (EU) 2016/679, UK GDPR, or Swiss Federal Act on Data Protection (FADP) may apply.

Legal basis: We process your personal data under:

  • Contract – to provide AKE services you requested
  • Legitimate Interest – security, fraud prevention, service improvement (subject to balancing test)
  • Consent – for non-essential features (cookies, analytics, …)
  • Legal Obligation – to comply with law and respond to authorities 

Your Rights: Subject to certain exceptions, you have the following rights:

  • Access, rectification, erasure, restriction, portability
  • Object to processing and withdraw consent
  • Request human review of automated decisions
  • Lodge a complaint with your data protection authority

For complaints, contact us at the address below. If you are dissatisfied with the outcome of the complaint or the way in which the complaint was handled, you may lodge a complaint with your data authority based on your region: 

  1. California

To the extent we receive or process personal data about an individual who is a resident of California, and if the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the ‘CCPA’) applies, the following additional principles and disclosures may apply.

Sale/ Sharing: We do not sell your personal data or share it for targeted or cross-context behavioral advertising.

Your Rights: Subject to certain exceptions, you have the following data protection rights:

  • Access, deletion, correction, non-discrimination
  • Know what personal data is collected, why, and with whom it is shared

Authorized Agents: Only you or a person registered with the California Secretary of State that you authorize may make a request.

Frequency: We respond to no more than two access requests per individual per 12-month period.

Complaints: Contact us at the address below. If you are dissatisfied with the outcome of the complaint or the way in which the complaint was handled, you may lodge a complaint with the California Attorney General.

  1. Contact Us

For questions about AKE’s data practices or to exercise your privacy rights, you can contact us at:  

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept