Legal · Privacy

Privacy policy.

What we collect, why we collect it, who we share it with, and how to make us forget you. Written in plain language, but still legally complete.

Effective · 2026-05-02 · Version 1.0

The short version

Proxima is a team of AI agents that helps small teams handle the work between meetings — email, calendar, leads, and team knowledge. To do that, we read data from your connected tools (Gmail, Google Calendar, Notion, X, custom HTTP feeds) on your authorization, and we surface drafts in your team Discord for your approval.

This policy is our promise about how that data is treated.

  • We don’t sell your data — not to advertisers, not to data brokers, not to anyone.
  • We don’t train any AI model on the contents of your email, calendar, Notion, or any other connected source. Neither does Anthropic, our LLM provider.
  • We only request the OAuth scopes we use. Each scope is documented below, with the specific user-facing feature that depends on it.
  • Every outbound action requires your approval. We never send email, post, or message anyone on your behalf without an explicit, in-product approval.
  • Delete is real. Open Settings → Danger zone → Delete workspace and your data is destroyed in our backups within 30 days.

The rest of this page is the long version of the same five commitments.

Who we are

For purposes of this policy, “Proxima”, “we”, “our”, and “us” refer to Kade Software Limited, a private limited company.

For any privacy-related question, including data-subject requests, contact privacy.proxima@dterminal.net. For users in the European Economic Area or the United Kingdom, the same address reaches our designated point of contact for GDPR / UK GDPR requests.

Where this policy refers to you, “you” means a user of the Proxima service — either an end user signing in to a workspace, or an administrator setting one up on behalf of a team.

What we collect

We collect three categories of data: account data (who you are), connected-tool data (what we read from your authorized integrations to do the work), and technical data (the bare minimum needed to keep the service working and secure).

Account data

  • Discord identity. When you sign in with Discord, we receive your Discord user ID, username, display name, avatar URL, and email address (if your Discord account has one).
  • Workspace membership. We record which workspaces you belong to and your role in each (owner, member, etc.).
  • Preferences. The voice profile, tone defaults, and anything you choose to tell your agents about how you work.

Connected-tool data

When you authorize Proxima to connect to a tool, we store the OAuth refresh token issued by that tool, encrypted at rest. We then read the data needed for the agent that consumes that tool.

ToolWhat we readWhy
GmailMessage metadata and bodies; thread context.So the email agent can draft a reply that makes sense.
Google CalendarEvents, attendees, free/busy.So the calendar agent can spot conflicts and propose times.
NotionPages, databases, and page content you grant access to.So the knowledge agent can answer questions about your team.
X / TwitterPublic posts matching keywords or accounts you choose.So the lead agent can surface signal.
Custom HTTP / RSSThe exact endpoints you tell us to poll.Bring-your-own feed for the lead agent.
Discord (server)Channel and message metadata in the channels we’re invited to.So we can post approval cards and respond to messages addressed to us.

Technical data

  • Application logs. What the agents tried to do, when, and whether it succeeded — not the content of your email, but the operational metadata.
  • Approval audit log. Every approve / edit / skip you give, with timestamp and the draft that was being approved. This is the record of the agreement between you and your agents.
  • Service IP, user agent, error traces. Standard request-level metadata to keep the service working and to debug problems.

Google Workspace data — extra disclosure

Because Proxima accesses Google Workspace data via OAuth, this section is held to the standard set out in the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request and why

ScopeWhat it lets us doUser-facing feature
gmail.readonlyRead message metadata and bodies.The email agent can read incoming threads to draft replies.
gmail.modifyMove messages between labels, mark read.So the email agent can mark threads as handled.
gmail.sendSend messages from your address — only after you approve.Sending an approved draft.
calendar.readonlyRead events and free/busy.Spotting conflicts; proposing times.
calendar.eventsCreate and modify events — only after you approve.Booking and rescheduling on your behalf.
userinfo.email · openidIdentify which Google account is connected.So we can show you which mailbox each agent is reading.

Limited Use commitment

Proxima’s use of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use your Google Workspace data to provide and improve user-facing features visible in the Proxima product.
  • We do not transfer your Google Workspace data to others except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use your Google Workspace data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read your Google Workspace data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or for Proxima’s internal operations and only with data that has been aggregated and anonymized.
  • We do not use your Google Workspace data to develop, improve, or train generalized AI and/or machine learning models.

How we use what we collect

The data described above is used for the following purposes:

  • To operate the agents. Reading the relevant sources, generating drafts, and routing those drafts into Discord for your approval.
  • To learn from your decisions.When you edit or skip a draft, the next draft is shaped by that feedback. This learning happens within your workspace context and is never used to train any model that touches another customer’s data.
  • To keep an audit trail. So you can always see what the agents did and why, and so you can reverse decisions you disagree with.
  • To keep the service secure. Detecting abuse, investigating incidents, defending against attacks.
  • To meet legal obligations. Complying with valid legal process, tax law, etc.

We do not use your data for advertising, profiling, or any purpose unrelated to running Proxima.

Legal bases (GDPR / UK GDPR)

  • Performance of a contract — running the service you signed up for.
  • Legitimate interests — keeping the service secure, preventing abuse.
  • Consent — for any processing that requires it (e.g. enabling optional integrations). You can withdraw consent at any time from workspace Settings.
  • Legal obligation — where applicable.

Model training

Proxima does not train any AI model on customer data. Not on email content, not on calendar events, not on Notion pages, not on Discord messages, not on lead-source data.

We use Anthropic’s Claude models as our primary LLM. By default, Anthropic does not train its models on data sent through their commercial API; this is documented in their Commercial Terms. If we ever change LLM providers or add a secondary one, this page will be updated before the change takes effect.

We may use aggregated and anonymized telemetry — counts of approvals, latency distributions, error rates — to improve the product. None of this telemetry contains the substantive content of your data.

Who we share with

We share the minimum amount of your data with the minimum number of third parties needed to run the service. The current list:

Sub-processors

Sub-processorWhat they doWhere
Anthropic, PBCLLM inference for the agents.USA
Google Cloud PlatformCompute, managed databases, storage.USA
Cloudflare, Inc.CDN, DDoS protection, WAF.Global
Discord, Inc.Inbound and outbound messages with the bot.USA
Postmark / SendGridTransactional email (notifications about your account).USA

A current list of sub-processors is also kept on our Security page. You can subscribe to changes by emailing privacy.proxima@dterminal.netwith the subject “Subscribe: sub-processors”.

Third parties at your direction

When you choose to connect Proxima to a third-party tool (Gmail, Notion, etc.), we send your data to that tool to execute approved actions. That data is then governed by that third party’s privacy policy.

Legal disclosures

We may disclose your data if compelled to by valid legal process. We do not turn over data voluntarily. When we receive a request, we will attempt to notify you so you can challenge it, unless we’re legally prohibited from doing so or it would create a risk of harm.

Business transfers

If Proxima is acquired or merged, your data may be transferred to the acquiring entity. You will receive at least 30 days’ notice before that happens, and your right to delete your data still applies.

Retention & deletion

We keep your data only as long as we need to run the service, comply with our legal obligations, and resolve any disputes.

What we keep, for how long

  • Account profile — until you delete your account.
  • OAuth refresh tokens — until you disconnect the integration or delete the workspace.
  • Approval audit log — 24 months. After that, we either delete it or anonymize it.
  • Drafts that were never approved — 30 days.
  • Application logs — 90 days.
  • Backups — 30 days, encrypted.

How to delete

  • One workspace — Settings → Danger zone → Delete workspace. Hard-delete in 7 days; gone from backups within 30 days.
  • One integration — Settings → Integrations → Disconnect. Refresh token revoked immediately on both sides.
  • Your account — email privacy.proxima@dterminal.net from the address tied to your Discord identity.

Your rights

Depending on where you live, you have one or more of the following rights regarding your personal data. We honor all of them, regardless of where you live.

  • Access. Get a copy of the data we hold about you.
  • Correction. Fix inaccurate data.
  • Deletion. Have us delete your data, subject to narrow legal-retention exceptions.
  • Portability. Receive your data in a machine- readable format.
  • Restriction. Tell us to pause processing while you challenge it.
  • Objection. Object to processing based on legitimate interests.
  • No automated decision-making.We don’t make decisions about you using only automated processing that produces legal or similarly significant effects.
  • Complaint.Lodge a complaint with your local data protection authority. In the EU, that’s the supervisory authority where you live or work.

To exercise any of these rights, email privacy.proxima@dterminal.net. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

California (CCPA / CPRA)

California residents have the additional right to know what personal information has been collected, the categories of sources, the business purpose, and the categories of third parties with whom it is shared. We do not sell or share personal information for cross-context behavioral advertising. To exercise CCPA rights, email the same address.

How we protect this data

Full detail lives on our Security page. The headline guarantees:

  • Encryption in transit (TLS 1.2+ everywhere) and at rest (AES-256).
  • Per-customer credential isolation. OAuth refresh tokens are encrypted with envelope encryption; they are never visible in application logs.
  • Least-privilege access. Only employees who need it have production access, with MFA and audit logging.
  • Incident response. If we suffer a personal-data breach, we will notify you within 72 hours of becoming aware of it.

International transfers

Our infrastructure is currently hosted in the United States. If you access Proxima from outside the United States, your data will be transferred to and processed in the US.

For transfers from the European Economic Area, the UK, and Switzerland, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by the technical and organizational measures described in our Security page and the Data Processing Agreement.

Children

Proxima is not intended for and is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact privacy.proxima@dterminal.net and we will delete it.

Third-party services & their privacy policies

When you connect Proxima to a third-party tool, your interaction with that tool is also governed by its privacy policy. The major ones:

Changes to this policy

When we change this policy, we’ll update the “effective date” at the top. For changes that materially expand the scope of data collection or sharing, we’ll give you at least 30 days’ notice by email and require you to acknowledge the change in the dashboard before the new terms take effect for you.

A revision history is available on request from privacy.proxima@dterminal.net.

Contact

For any privacy question, including data-subject requests under GDPR, UK GDPR, CCPA, or any other applicable law:

Kade Software Limited
Attn: Privacy
privacy.proxima@dterminal.net

Questions?Get help →