Privacy Policy

This privacy notice for Maatru Inc., doing business as Mother.Tech ("Company," "we," "us," "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our website at mother.tech, the Skeleton service at skeleton.mother.tech, or any website of ours that links to this privacy notice, as well as when you engage with us in other related ways, including any sales, marketing, or events (collectively, the "Services").

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at legal@mother.tech.

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names
• phone numbers
• email addresses
• mailing addresses
• usernames
• passwords
• contact preferences
• contact or authentication data
• billing addresses
• communications data based on our exchanges with you, including when you contact us through the Services, communicate with us and the Services via chat features, or otherwise communicate with us

Sensitive Information. We do not process sensitive information through the Services.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information you authorize us to access from Google

In Short:When you connect a Google account to Skeleton, you explicitly authorize us — through Google's OAuth consent flow — to access specific data from your Google account on your behalf. We access this data solely to provide the features you have enabled and we do not use it for advertising or to train artificial intelligence models.

The data we access depends on which Google connectors you choose to enable from inside Skeleton:

• Gmail (scope: https://www.googleapis.com/auth/gmail.readonly). Read-only access to your email messages, threads, labels, and attachments. We use this data to enable you and AI agents acting on your behalf to search, read, and reference your email through Skeleton. We do not send, draft, reply to, archive, label, or otherwise modify your email.
• Google Calendar (scope: https://www.googleapis.com/auth/calendar). Read and write access to your calendars and events. We use this data to enable you and AI agents acting on your behalf to view your schedule, create or update events, respond to invitations, and find available meeting times — only when you explicitly request these actions through Skeleton.
• Google Drive (scope: https://www.googleapis.com/auth/drive.file). Per-file access limited to files that you specifically open, create, or pick with Skeleton through Google's file picker. We cannot see or access any other files in your Drive.

Skeleton does not auto-sync Google data. Each read or write of Google data happens only when you, or an AI agent acting on your behalf, explicitly requests it and the request is approved through Skeleton's in-product approval flow. See Section 5 ("Google User Data and Limited Use") for additional disclosures, including how to revoke Skeleton's access to your Google account.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes:

• Log and Usage Data.Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data.We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You may be able to disable your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
• Chat Data. We may use chat technologies that employ cookies and software code to operate the chat features that you can use to communicate with us through the Services. Our chat technology providers may access and use information about webpages visited on our website, your IP address, your general geographic information (e.g., city/state), and other personal information you share through online chats for the purposes described in this privacy notice.

2. How do we process your information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, for marketing and advertising, in connection with business transactions, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To provide the Services, including to facilitate account creation and authentication and otherwise manage user accounts. For example, we may process your information so you can create and log in to your account, as well as keep your account in working order.
• To provide Google-integrated features in Skeleton. When you connect a Google account to Skeleton, we process your Google user data (Gmail, Google Calendar, and Google Drive data, as described in Section 1) solely to deliver the user-facing features you have explicitly enabled — for example, searching and reading your email, viewing and managing your calendar, and opening Drive files you have picked. We do not use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models; we do not use Google user data to serve advertising; and we do not sell or transfer Google user data to third parties except as described in Section 3.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
• To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "What Are Your Privacy Choices?" below.
• To deliver targeted advertising to you. We and our third-party advertising partners may use cookies and other technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Services, our communications and other online services over time, and use that information to serve online ads and personalized content that we or they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. We do not use Google user data for advertising of any kind.
• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
• To identify usage trends and for other analytics purposes. We may process information about how you use our Services to better understand how they are being used and for other analytics purposes so we can improve them. Analytics and product telemetry do not include the contents of Google user data.
• To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.
• Compliance and protection purposes.For example, we may use your personal information to: comply with applicable laws, lawful requests, and legal process; protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims); audit our internal processes for compliance with legal and contractual requirements or our internal policies; enforce the terms and conditions that govern the Services; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
• Data sharing in the context of corporate events. For example, we may share certain personal information in the context of actual or prospective corporate events.

3. When and with whom do we share your personal information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

• Affiliates.
• Service providers. Third parties that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, online chat functionality providers, customer support, email delivery, marketing, consumer research and website analytics).
• Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.
• Partners. Third parties with whom we partner, including parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition of all or a portion of our business, bankruptcy, or other business transaction involving another company and other counterparties and their advisors.
• When we use Google Analytics and other analytics providers. We may share your information with Google Analytics and other analytics providers to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

Google user data is handled differently. Notwithstanding the categories above, we do not sell, rent, trade, or transfer Google user data obtained through Google APIs (Gmail, Google Calendar, Google Drive) to any third party for advertising, marketing, or any other purpose. The only circumstances in which Google user data may be transmitted outside of Skeleton are:

• to a subprocessor strictly necessary to provide or improve the user-facing Skeleton features you have enabled (for example, our cloud hosting and database providers that store your encrypted data), under written confidentiality and data-protection terms;
• to the artificial intelligence model provider you have explicitly selected inside Skeleton, only at the moment you (or an AI agent acting on your behalf) invoke a feature that requires it, and only for the contents of that specific request;
• to comply with applicable law or valid legal process; or
• as part of a merger, acquisition, sale of assets, or similar transaction, in which case the acquirer will be bound by this notice or a successor providing equivalent protections.

We do not use Google user data to develop, improve, train, or evaluate generalized artificial intelligence or machine learning models.

4. Do we use cookies and other tracking technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
• Chat technologies. We may use chat technologies that employ cookies and software code to operate the chat features that you can use to communicate with us through the Services.

For information concerning your choices with respect to the use of tracking technologies, see the Your Privacy Choices section, below.

5. Google user data and limited use

In Short:Skeleton's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not sell Google user data, do not allow humans to read it (except in narrowly defined circumstances), and do not use it to train artificial intelligence models.

Skeleton's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve user-facing features that are prominent in Skeleton's user interface. The Gmail, Google Calendar, and Google Drive features are individually optional, visible, and controllable from your Skeleton dashboard.
• We do not transfer Google user data to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets.
• We do not use Google user data, or data derived from Google user data, to serve advertising, including personalized, retargeted, or interest-based advertising.
• We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, are doing so for security purposes such as investigating abuse, to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized.
• We do not use Google user data to develop, improve, train, or evaluate generalized artificial intelligence or machine learning models. When you invoke a feature in Skeleton that requires an AI model, Google user data relevant to that request is routed to the AI model provider you have explicitly selected, only for the duration of that request.

Revoking Skeleton's access to your Google account

You can revoke Skeleton's access to your Google account at any time, by either of the following methods:

• From inside Skeleton, by disconnecting the Gmail, Google Calendar, or Google Drive connector on the Connections page.
• From your Google Account at myaccount.google.com/permissions.

Revoking access immediately invalidates the tokens we hold for your account. We delete the corresponding OAuth tokens from our active systems on disconnect. See Section 6 for how cached Google user data and derived data are handled following disconnect or account termination.

6. How long do we keep your information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will take steps designed to securely store your personal information and isolate it from any further processing until deletion is possible.

Google user data specifically: We retain Google user data (including cached email messages, calendar events, file content, and embeddings derived from any of the foregoing) only for as long as you keep the corresponding Google connector active in Skeleton, or as needed to provide the user-facing feature you requested. When you disconnect a Google connector or terminate your Skeleton account, we delete the associated Google user data, OAuth tokens, and any derived embeddings from our active systems within 30 days, except where retention is required by law or where the data has been retained in backup archives, in which case we will isolate it from further processing until deletion is possible.

7. How do we keep your information safe?

We employ technical, organizational and physical safeguards designed to protect the personal information we collect. Google OAuth tokens are encrypted at rest using a per-record data-encryption key, which is itself encrypted using a server-held key-encryption key, and Google user data stored in Skeleton's database is access-controlled per-user. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

8. What are your privacy choices?

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional emails at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the email marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account. If you receive text messages from us, you may opt out of further text messages by replying STOP to our message.

Account Information: If you have an account with us and would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Google connections: You can disconnect Skeleton from your Google account at any time. See Section 5 for instructions and Section 6 for how the corresponding data is handled.

Cookies and other technologies: Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Please note that if you set your browser to disable cookies, the Services may not work properly.

Advertising choices: You may be able to limit use of your information for interest-based advertising through your browser settings, privacy browsers/plug-ins, platform settings (for example, Google and Facebook), and ad industry tools such as the Network Advertising Initiative and the Digital Advertising Alliance (optout.aboutads.info). We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

If you have questions or comments about your privacy rights, you may email us at legal@mother.tech.

9. Controls for do-not-track features

Some web browsers may be configured to send Do-Not-Track ("DNT") signals to the online services that you visit. We do not currently respond to DNT signals. To find out more about "Do Not Track," please visit allaboutdnt.com.

10. Do we make updates to this notice?

We may update this privacy notice from time to time. If we make material changes to this privacy notice, we will notify you by updating the date of this privacy notice and posting it on the Services or other appropriate means. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

11. Children

The Services are not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Services from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

12. International data transfers

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

13. Other sites and services

The Services may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

14. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at legal@mother.tech or contact us by post at:

Maatru Inc.
223 Bedford Ave, #200
Brooklyn, NY 11211
United States