Virideon
The Hub API Docs Security About Get a Demo
Legal · Privacy

Privacy Policy

Effective  June 5, 2026 Last updated  June 5, 2026

Virideon Inc. ("Virideon," "we," "us," or "our") provides an organizational intelligence platform that helps organizations connect, search, and reason across their own data sources. This Privacy Policy explains how we collect, use, store, share, and protect information — including data we access from third-party services such as Google Workspace — when you use our website at virideon.ai and the Virideon platform (the "Service").

Questions? Contact us at info@virideon.ai, or by mail at Virideon Inc., 4407 Hillyer St, Fairfax, VA 22032.

Section 01Who this policy applies to, and our role

Virideon serves organizations. In most cases, your employer or another organization (the "Customer") subscribes to the Service and authorizes Virideon to access and process data on its behalf.

  • For data we access at the direction of a Customer (including data from the Customer's connected Google Workspace, Microsoft 365, or other systems), the Customer is the data controller and Virideon acts as a data processor that handles the data only to provide the Service. Our handling of that data is also governed by the agreement between Virideon and the Customer (including any Data Processing Addendum).
  • For information you provide to us directly (for example, when you fill out a form on virideon.ai or correspond with us), Virideon is the controller.

If you have questions about how your organization configures the Service or which data sources it has connected, contact your organization's administrator.

Section 02Information we collect

Account and contact information

Name, email address, organization, role, and similar details you or your organization provide to set up and manage the Service, and information you submit through forms on virideon.ai.

Usage and device information

Log data, IP address, browser and device type, and how you interact with the Service, used to operate, secure, and improve it.

Connected-source data

When your organization connects a data source (such as Google Workspace, Microsoft 365, email, files, or calendar), we access and process the content and metadata from that source that is needed to provide the Service. The Google-specific details are in Section 3.

Section 03Google user data

This section describes how Virideon accesses, uses, stores, and shares data from Google APIs (such as Gmail, Google Drive, Google Calendar, and Google Chat) when your organization connects a Google account or your Google Workspace administrator authorizes the Service.

3.1 What we access

We request only the access needed to provide the features your organization has enabled. Depending on configuration, this may include:

  • Gmail — reading messages and threads to make them searchable and to surface relevant context; sending or drafting messages where you direct the Service to do so.
  • Google Drive — reading files and metadata you or your administrator make available so they can be searched and synthesized.
  • Google Calendar — reading and (where enabled) writing calendar events.
  • Google Chat — reading messages and spaces you or your administrator make available.
  • Basic profile — your name and email address to identify your account.

We request the narrowest scopes necessary for the enabled features and do not request access to data we do not need.

3.2 How we use it

We use Google user data solely to provide and improve the user-facing features of the Service that your organization uses — for example, search across your organization's knowledge, surfacing related information, synthesizing answers from connected sources, and generating briefings. We do not use Google user data for any purpose other than providing these features.

3.3 How we store it

To provide persistent organizational memory and search, Virideon stores and indexes Google user data in our secured systems (including search, vector, and graph databases) for as long as your organization maintains the connection and its subscription. All such data is encrypted in transit and at rest and is logically segregated per Customer. We store this data on behalf of, and under the instructions of, the Customer that authorized access.

3.4 How we share it — and what we never do

We share Google user data only with service providers (subprocessors) that host or operate infrastructure on our behalf under contractual confidentiality and data-protection obligations consistent with this policy. We do not sell Google user data and do not share it with third parties for their own purposes.

Consistent with the Limited Use requirements of the Google API Services User Data Policy, Virideon affirms that information received from Google APIs is not:

  • used or transferred to serve advertising, including retargeted, personalized, or interest-based advertising;
  • used or transferred to determine creditworthiness or for lending purposes;
  • sold or transferred to data brokers, information resellers, or other parties;
  • used to train, fine-tune, or improve generalized or foundation artificial intelligence or machine-learning models (including large language models);
  • read by humans, except (a) with your or your organization's affirmative consent for specific data, (b) for security or abuse investigations, (c) to comply with applicable law, or (d) where the data has been aggregated or anonymized and is used for internal operations in accordance with applicable privacy requirements.

Where the Service uses AI to generate answers or briefings for a Customer, that processing is performed to provide the requested user-facing feature for that Customer and is not used to train generalized models for Virideon or any third party.

3.5 Human access

Virideon personnel do not access your Google user data except as described in the Limited Use affirmation above — namely with consent, for security or support you request, to comply with law, or in aggregated/anonymized form for internal operations. Access is limited to authorized personnel under role-based controls.

3.6 Retention, deletion, and revoking access

Your organization may disconnect a Google data source at any time, and you may revoke Virideon's access from your Google Account's security settings at myaccount.google.com/permissions.

When access is revoked or the Customer's subscription ends, we delete the associated Google user data within 30 days. This includes the raw content retrieved from Google APIs and every processed copy of it stored in our search, vector, and graph databases, along with derived artifacts such as summaries, episodes, and entity records that represent Google user data. Backups containing such data expire within 90 days as part of our standard backup rotation. We retain data only where required by law or the Customer's written agreement, and only for the period required.

3.7 Limited Use statement

Virideon's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Section 04How we use information generally

We use the information we collect to: operate, maintain, secure, and improve the Service; provide support; communicate with you about the Service; authenticate users; and comply with legal obligations.

Section 05Sharing and subprocessors

We share information with:

  • subprocessors that provide hosting, infrastructure, and operational services under data-protection obligations;
  • your organization's administrators, who control the Customer account;
  • authorities or others where required by law or to protect rights and safety.

We do not sell personal information. A current list of subprocessors is available on request at info@virideon.ai.

Section 06Data security

We take reasonable and appropriate measures to protect data in transit and at rest, including encryption, role-based access controls, logical per-Customer segregation, immutable audit logging, and a bring-your-own-LLM model so customer data does not transit shared inference infrastructure. No method of transmission or storage is completely secure, but we work to protect information against unauthorized access, use, alteration, loss, or disclosure. See our Security page for additional detail.

Section 07Data retention

We retain information for as long as needed to provide the Service and as required by the Customer's agreement and applicable law. Connected-source data, including Google user data, is retained and deleted as described in Section 3.6.

Section 08Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. Because Virideon often acts as a processor on behalf of a Customer, requests about Customer-controlled data may need to be directed to your organization; we will assist the Customer in responding.

To exercise rights or ask questions, contact info@virideon.ai. Residents of the EEA/UK and of California and other jurisdictions may have additional rights under applicable law (such as GDPR, UK GDPR, and the CCPA/CPRA).

Section 09International data transfers

We may process and store information in countries other than where you are located. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

Section 10Children

The Service is intended for organizational and business use and is not directed to children under 16. We do not knowingly collect personal information from children.

Section 11Changes to this policy

We may update this Privacy Policy from time to time. If we change how we use Google user data, we will notify users and obtain consent to the updated policy before using Google user data in a new way, as required by the Google API Services User Data Policy. Material changes will be posted on this page with an updated effective date.

Section 12Contact us

Virideon Inc.
4407 Hillyer St
Fairfax, VA 22032
Email: info@virideon.ai