Privacy Policy

Last updated: 7 July 2026 · Effective: 7 July 2026

Contents

  1. Who we are
  2. Data we collect
  3. Google user data
  4. How we use data
  5. AI processing
  6. Sharing & subprocessors
  7. Storage & security
  8. Retention & deletion
  9. Your rights
  10. International transfers
  11. Cookies
  12. Children
  13. Changes to this policy
  14. Contact

1. Who we are

This Privacy Policy describes how Blue Horizon Ventures ("Everest", "we", "us", or "our") collects, uses, stores, and shares information when you use the Everest application, website, APIs, integrations, and related services (the "Service"), accessible at everest.ag and app.everest.ag.

Everest is operated from Newark, Delaware, USA. For data protection purposes, the data controller is Blue Horizon Ventures, contactable at privacy@everest.ag.

2. Data we collect

2.1 Account information

2.2 Connected-service data

When you authorise Everest to access third-party services on your behalf — such as Google, Slack, GitHub, or others — we receive data from those services through their official APIs. The specific data depends on the scopes you grant; see Section 3 for Google in detail.

2.3 Conversation and usage data

3. Google user data

If you connect a Google account, Everest accesses Google user data only with your explicit OAuth consent and only for the scopes you grant. Everest's Google access is focused on one job: scheduling — checking availability, resolving the people you mention by name, and managing calendar events on your instruction. The current scope set, and what each is used for, is:

ScopeWhat we do with it
openid, userinfo.email, userinfo.profileIdentify you and link your Google identity to your Everest account
calendar.eventsRead events on your calendars to answer scheduling questions, and create, update, or cancel events on your instruction
calendar.freebusyCheck when you — or a colleague whose calendar is visible to you — are free or busy before proposing or booking a time
calendar.calendarlist.readonlyList the calendars you subscribe to, so your schedule view covers all of them
calendar.calendars.readonlyRead calendar properties (names, time zones) needed to display and schedule correctly
calendar.settings.readonlyRead your calendar settings (e.g. timezone) so events are booked at the right local time
directory.readonlyLook up colleagues in your organisation's Google Workspace directory when you mention them by name (e.g. "is Sam free at 3pm?"), so you don't have to paste an email address
contacts.readonlyLook up people in your saved contacts by name for the same purpose
contacts.other.readonlyLook up people in your "Other contacts" (contacts Google saves automatically from your interactions) by name for the same purpose

Scopes we no longer request. Before July 2026, Everest requested broader Google scopes (including Gmail, Drive, Docs, Sheets, Tasks, Google Analytics, and Google Ads). We no longer request any of these. If you granted them previously, you can narrow your grant by disconnecting and reconnecting Google in Everest, or revoke access entirely at any time (see below). Data previously obtained under those scopes is retained only as part of your conversation history and derived notes, per the retention schedule, and you can delete it at any time.

Limited Use Policy compliance. Everest's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we use Google user data only to provide and improve user-facing features that are prominent in the Everest experience; we do not use it for advertising; we do not sell it; we do not use it to train generalised AI models; and we do not allow humans to read it except as required for security, abuse prevention, or compliance with law, or with your explicit consent.

You can revoke Everest's access to your Google account at any time from Everest's Apps page or via your Google Account permissions page. Revocation takes effect immediately for new requests; cached data is deleted per the retention schedule.

4. How we use data

We do not use your data, including Google user data, to train, fine-tune, or evaluate generalised AI models. We do not sell your personal data. We do not use it for targeted advertising.

5. AI processing

Everest is an AI-driven product. To answer your messages and execute tasks, we send relevant context (your messages, calendar entries, contact lookups, etc.) to large-language-model (LLM) providers acting as our subprocessors. These providers process the data on our instruction under contractual data-protection terms and do not retain or train on it beyond the period needed to return a response (typically 30 days, or zero retention where the provider offers it).

We currently use the following LLM providers: Anthropic (Claude), OpenAI, and Google (Gemini). The list may change; the current set is reflected in Section 6.

Because LLM outputs are probabilistic, Everest may occasionally make mistakes. You remain responsible for reviewing material actions Everest is about to take on your behalf, and for the consequences of actions you authorise.

6. Sharing & subprocessors

We share data only with subprocessors who help us operate the Service, and only as needed for them to perform their function. Each is bound by a data processing agreement that restricts their use of your data to providing services to us.

SubprocessorPurposeRegion
OVHHosting (servers, network)EU (France)
SupabaseDatabase, authenticationEU
AnthropicLLM inference (Claude)US
OpenAILLM inference (GPT)US
GoogleLLM inference (Gemini)US/EU
ComposioThird-party OAuth connection management (deprecating)US
NangoThird-party OAuth connection managementSelf-hosted (EU)
Telegram, Meta (WhatsApp), DiscordMessage delivery via official channel APIs (only if you connect those channels)Various

We do not share your data with advertisers, data brokers, or for marketing purposes.

We may disclose data when legally required (e.g. valid subpoena, court order), to enforce our Terms of Service, or to protect the rights, safety, or property of Everest, our users, or others. Where lawful, we will notify you of any government request for your data before disclosing it.

7. Storage & security

Account data and conversation history are stored on infrastructure operated by Supabase in the European Union. OAuth refresh tokens for connected services are stored encrypted at rest. Backups are encrypted in transit and at rest.

We use industry-standard administrative, technical, and physical safeguards designed to protect your data against unauthorised access, disclosure, alteration, and destruction. No system can be perfectly secure; in the event of a personal data breach, we will notify affected users and competent authorities within the timeframes required by applicable law.

8. Retention & deletion

You can delete your Everest account at any time from your account settings or by emailing privacy@everest.ag. Deletion removes your data from our active systems within 30 days and from backups within 90 days.

9. Your rights

Subject to applicable law (including the EU General Data Protection Regulation where it applies to you), you have the right to:

To exercise any of these rights, email privacy@everest.ag. We respond within 30 days of receipt.

10. International transfers

We are a US-based company and some of our subprocessors are located in the United States, while our primary data storage is in the European Union. Where we transfer personal data of EEA or UK users outside those regions, we rely on the European Commission's Standard Contractual Clauses (SCCs), the EU–US Data Privacy Framework for subprocessors certified under it, and supplementary measures where required.

11. Cookies and similar technologies

The Everest dashboard uses a small number of strictly necessary cookies for authentication and session management. On the public Everest website, we also offer optional Google Analytics cookies to understand aggregate landing-page traffic. We load Google Analytics only after you allow analytics in the cookie banner, and we do not use third-party advertising cookies.

If you decline analytics, Everest stores that preference in your browser and does not load Google Analytics. You can later change your preference by clearing site data for everest.ag in your browser.

12. Children

Everest is not directed at children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact privacy@everest.ag and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide additional notice — for example, by emailing the address associated with your account or by displaying a prominent notice in the Service — at least 14 days before the change takes effect.

14. Contact

For privacy questions, data subject requests, or any concern about this policy, contact:

Blue Horizon Ventures
Newark, Delaware, USA
Email: privacy@everest.ag