Privacy Policy — V Workforce

Effective 2026-06-02 · Operator: AID Japan, Niseko, Japan · contact: caesarniseko@gmail.com

V Workforce ("we", "the Service") is an AI-assistant platform that delivers AI workers (V, Iris, Nova, Maya, Alex, Ken, Sherly) to small businesses through messaging surfaces (WhatsApp, LINE, web). This page explains what we collect, why, and your rights.

1. What we collect

• Identifiers: your messaging-platform user id (e.g. WhatsApp phone number, LINE userId). We hash these (SHA-256, first 12 hex chars) before any logging or analytics — raw ids never leave the dispatcher.
• Message content: the text + attachments you send. Used to route to the relevant AI persona and produce a reply. We do not sell or share message content with third parties for advertising.
• Connected-account data: when you authorise our Google integration (Iris's Gmail/Calendar features), we store an OAuth refresh token at file mode 600 on our servers, scoped to the minimum required Google API scopes (see §2 Google User Data below).
• Receipt images: when you upload a receipt to Alex (accounting persona), the image is sent to Anthropic Claude vision for OCR. The image is not retained by V Workforce after parsing.

2. Google User Data — Limited Use compliance

When you connect your Google account to V Workforce (via the in-chat "🔌 Connect Gmail" button), we request the following OAuth scopes by default:

• https://www.googleapis.com/auth/gmail.send — to send meeting invites, calendar invitations, reply drafts, and follow-up emails on your behalf, in response to an explicit user action you take in chat.
• https://www.googleapis.com/auth/calendar.events — to create calendar events and send invitations to external attendees you name when you schedule a meeting.
• https://www.googleapis.com/auth/userinfo.email — to identify which Google account you connected (for our internal session linking only).

The following scope is available only as a separate, optional opt-in via the in-chat "🔓 Enable full inbox" button, which routes to a distinct OAuth consent flow:

• https://www.googleapis.com/auth/gmail.readonly — to read message metadata (senders, subjects, labels) and message bodies on demand, for inbox digests, summaries, content search, and context-aware replies. Default users never grant this scope. Granting it is a deliberate per-user choice; you can revoke it at any time at myaccount.google.com/permissions.

Limited Use disclosure. V Workforce's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use your Google user data to provide and improve the user-facing features described above (inbox digest, send-on-your-behalf, schedule-on-your-behalf).
• We do not transfer your Google user data to third parties except as necessary to provide and improve those features, or to comply with applicable law, or as part of a merger, acquisition, or sale of assets (in which case we will continue to enforce these protections).
• We do not use your Google user data to serve advertising, including retargeting, personalised, or interest-based advertising.
• We do not allow humans to read your Google user data unless we have obtained your affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations (and even then, only with data that is aggregated and anonymised).

You can revoke V Workforce's access to your Google account at any time at myaccount.google.com/permissions.

3. Third-party processors

We rely on the following processors to operate the Service:

• Meta Platforms (WhatsApp Cloud API): messaging delivery
• LINE Corporation (Messaging API): messaging delivery
• Anthropic (Claude API): natural language + vision processing
• Stripe: payment processing for paid persona subscriptions
• Google: Gmail + Calendar API (only when you have explicitly connected your Google account)

4. How long we retain data

• Hashed-user audit logs: 30 days, then auto-purged
• Session state (your active persona, conversation context): cleared on disconnect or 30-day idle
• OAuth tokens: until you revoke at myaccount.google.com/permissions or message cancel in chat
• Stripe billing records: per Stripe's retention policy (typically 7 years for tax)

5. Your rights

You can:

• Revoke Google access at any time via myaccount.google.com/permissions
• Cancel a paid persona via the Manage subscription link in chat → instant Stripe portal
• Request data deletion by emailing caesarniseko@gmail.com — we'll purge within 30 days
• Disable WhatsApp / LINE delivery by blocking the bot's number / unfollowing the official account

6. Security

All session and token files use Unix mode 600 (owner read/write only). Outbound HTTP is restricted via host-allowlist (SSRF lock) to our explicit processor list. Webhook payloads from Meta and LINE are signature-verified (HMAC-SHA256 against the channel secret) before any processing.

7. Changes

If we materially change this policy, we'll notify you in the chat surface where you interact with us before the change takes effect.

8. Contact

caesarniseko@gmail.com · AID Japan, Niseko, Hokkaido, Japan