Privacy Policy

1. Introduction

Delta Surge Technologies, Inc. ("Delta Surge," "we," "us," or "our") is committed to maintaining the highest standards of data privacy and security. This policy outlines our practices regarding the collection, processing, and protection of personal data through our website (deltasurge.net), our AI-driven governance platforms, and our integration with Google APIs and other third-party services.

2. Google API Services — User Data Policy

Our application integrates with Google APIs (including Gmail, Google Drive, Google Sheets, Google Calendar, and related Google Workspace services). Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 Data Accessed from Google

When you authorize our application to connect to your Google account, we may access the following types of Google user data depending on the scopes you grant:

• Gmail: Email metadata (sender, recipient, subject, timestamps) and message content, used solely to facilitate automated workflows such as monitoring for approvals, scheduling, or document routing.
• Google Drive: File metadata and document contents (where explicitly granted), used to create, read, update, or share business documents on your behalf.
• Google Sheets: Spreadsheet data, used to populate, update, and maintain business tracking spreadsheets (e.g., grant pipelines, sales pipelines, financial trackers).
• Google Calendar: Calendar event data, used to schedule meetings, set reminders, and manage deadlines.
• Google Workspace (Admin): Organizational user and group metadata (where enterprise integration is enabled), used for employee lifecycle management workflows.

We access only the data necessary to provide the specific features you have authorized.

2.2 Data Usage

We use Google user data solely to:

• Provide and improve the features of the Delta Surge platform that you have explicitly requested
• Automate business workflows (e.g., employee onboarding/offboarding, document management, grant tracking)
• Generate reports and analytics for your organization's internal use
• Fulfill obligations under your service agreement with Delta Surge

We do not use Google user data to serve advertisements. We do not allow humans to read your Google user data unless you explicitly request support assistance, it is necessary for security purposes, or we are required to do so by law.

2.3 Data Sharing

We do not sell, rent, or share Google user data with third parties except in the following limited circumstances:

• Service Providers: We may share data with vetted third-party vendors who assist us in providing our services (e.g., cloud hosting providers, infrastructure providers). These vendors are contractually bound to use the data only as directed by Delta Surge and in compliance with applicable privacy laws.
• Legal Requirements: We may disclose data if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred as part of that transaction, subject to the same privacy protections.

We do not share Google user data with any third party for their own independent use or marketing purposes.

2.4 Data Storage & Protection

We implement industry-standard security measures to protect Google user data, including:

• Encryption in Transit: All data transmitted between your Google account and our platform uses TLS 1.2 or higher encryption.
• Encryption at Rest: Stored data is encrypted using AES-256 or equivalent standards.
• Access Controls: Access to Google user data is limited to authorized Delta Surge personnel on a need-to-know basis. All access is logged and audited.
• Infrastructure Security: Our systems are hosted on FedRAMP-authorized or equivalent cloud infrastructure with regular vulnerability assessments and penetration testing.
• Credential Security: OAuth 2.0 tokens are stored securely and are never exposed in logs or error messages.

2.5 Data Retention & Deletion

• Retention: We retain Google user data only for as long as necessary to provide the services you have requested or as required by law. Default retention is 12 months from the date of last use, unless you have an active service agreement requiring longer retention.
• Deletion: You may request deletion of your Google user data at any time by contacting us at privacy@deltasurgetechnologies.com. Upon verified request, we will delete your data within 30 days, except where retention is required by law or ongoing service obligations.
• Token Revocation: You may revoke Delta Surge's access to your Google account at any time through your Google Account Security Settings. Revocation of access will not affect data already collected prior to revocation; to request deletion of that data, contact us separately.

3. AI and Automated Processing

As an AI-first company, we adhere to 2026 AI Transparency Frameworks.

• Athens AI: Processes metadata from your SaaS ecosystem to automate workflows. We do not use client-specific data to train global AI models without explicit, de-identified consent.
• Automated Decision-Making: Our tools facilitate automated onboarding/offboarding. Users retain the right to human intervention in any automated employment-related decisions.

4. Information Collection & Integration

We collect information through:

• Direct Interaction: Identity details provided during account setup (name, email address, company information, billing details).
• System Integration: API-based metadata from connected SaaS platforms and identity providers, including Google Workspace, Microsoft 365, Slack, and others you explicitly connect.
• Usage Data: Log data, IP addresses, browser type, and platform usage metrics for security, troubleshooting, and service improvement.
• Communications: Emails, support tickets, and messages you send to us.

5. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing activities
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@deltasurgetechnologies.com.

6. Contact Information

For Google API-related privacy questions or data deletion requests, include "Google Data Request" in your subject line.