Third-Party Connector Data
This page describes how StationOne handles data from the third-party services you connect to your account. It supplements the StationOne Privacy Policy.
What Are Third-Party Connectors
StationOne allows you to connect external services — such as email, document storage, calendar, CRM, and other productivity and business tools — to your StationOne account. These connections enable the AI assistant to access and act on data within those services on your behalf.
A full list of available connectors is maintained at https://platform.stationone.ai/apps.
How Connector Access Works
Connections are established using OAuth 2.0 or API key authorization, depending on the service. You initiate the connection, review the permissions being requested, and explicitly grant access. StationOne never accesses a connected service without your authorization.
Once connected, the AI assistant can access and act on data within that service when you direct it to, either through direct instruction or through automated workflows and agents you have configured. All data access occurs within the scope of permissions you have. In the case of some services functionality, your authorization of the connector provides further access restriction options.
What Data We Access
StationOne accesses only the data necessary to fulfill your requests within each connected service. Data is retrieved in response to specific, user-directed requests. StationOne does not perform background scanning, indexing, or passive collection of your connected service data.
How We Use Connector Data
Connected service data is used exclusively to fulfill your requests. When you ask the AI assistant to perform a task involving a connected service, the relevant data is retrieved, processed within that request, and returned to you as part of the AI response.
- No persistent storage of content: The content of your connected service data — emails, documents, files, calendar events, records — is not stored on StationOne servers. It is processed within the active request and not written to any StationOne database.
- No advertising use: Your connected service data is never used for advertising or profiling purposes.
- No selling or trading: We do not sell, rent, or trade your connected service data under any circumstances.
No AI or Machine Learning Training
Your connected service data — including data accessed through Google integrations — is never used to train machine learning models, AI systems, or language models. This prohibition applies to StationOne. Each LLM you configure for use by StationOne have their own settings and controls around using your data for training. These controls are not something StationOne manages, and must be configured by the user in their accounts for those systems.
Human Access to Your Data
StationOne does not review or analyze your connected service data content for business purposes.
Application logs may contain request metadata and, in limited error or retry scenarios, response content. These logs are accessible to authorized engineering staff for troubleshooting and security purposes only.
Conversation history, including data retrieved during a session, is stored locally on your device in the StationOne desktop application. You control deletion of this data by deleting conversations within the app. This data is not stored on StationOne servers.
Data Storage and Protection
Credentials: The only data StationOne retains on its servers from third-party connector authorization is the credential (OAuth token or API key) used to authenticate on your behalf. Credentials are:
- Stored encrypted at rest using PGP symmetric encryption
- Scoped to your individual account and the specific service
- Stored on servers located in the United States
- Never shared with other users
Encryption in transit: All data transmitted between the StationOne desktop application and StationOne servers, and between StationOne servers and APIs, including all third-party connector data, is encrypted in transit using TLS 1.2 or higher.
Local device storage: Conversation history, including data retrieved during a session, is stored locally on your device by the StationOne desktop application. StationOne does not control the security of your local device. Your device’s own security measures, such as disk encryption and screen lock, protect this locally stored data.
Data Retention and Deletion
Connected Service Data Content: Email, file, calendar, and other connected service data retrieved during a session is not stored on StationOne servers. It is processed within the active request only and not written to any StationOne database. There is no server-side retention period because the content is never persisted.
Credentials: All credentials (OAuth tokens and API keys) used to authenticate your connected services are retained for as long as the integration remains active on your account.
- Removing an integration: When you disconnect an integration from your StationOne Connections settings, the stored credential (OAuth token or API key) for that integration is deleted from StationOne systems immediately, in the same transaction as your disconnection action. There is no deferred schedule, soft-delete state, or recovery window. Disconnecting an integration removes the credential from StationOne’s systems but does not revoke the underlying OAuth grant at the third-party provider. See “Revoking Access” below for the additional step required to fully revoke provider-side access.
- Deleting your account: To delete your StationOne account, contact us at privacy@stationone.ai. An operator will process the deletion request. Account deletion is immediate and not reversible from our side once processed.
- When your account is deleted, the following data is purged from StationOne systems immediately, as part of the deletion transaction:
- Your user record and authentication credentials
- All stored OAuth tokens and API keys for third-party connectors
- Workspaces you own and your memberships in workspaces, organizations, and teams
- Your contributions to shared libraries (skills, playbooks, workspaces) and their ratings and install history
- Credit balances, subscription records, quota usage, and activity logs
While tokens and other data are immediately deleted from active systems upon a user or organization revoking access or deleting their data, residual copies of this data may remain in encrypted system backups for up to 7 days before being fully purged.
- The following data is retained after account deletion for the reasons described:
- Billing and invoice records held in our billing provider (Maxio) are retained for the periods required by applicable tax, accounting, and consumer-protection law. These records may include your name, email address, and billing address.
- Application logs containing your user identifier may persist in our logging systems for the period defined by our log retention policy, accessible to authorized engineering staff for troubleshooting and security purposes only.
- Aggregated and anonymized usage analytics may be retained for product-improvement purposes.
- A small number of internal audit records (for example, the identifier of an administrator who approved a workspace publish request) may retain a reference to your former user identifier with no other personal data attached.
- If you require deletion of any retained category above beyond what is legally required, contact privacy@stationone.ai and we will evaluate the request on a case-by-case basis.
Local conversation history: The conversation history stored locally on your device, including any connected service data retrieved during sessions, is retained on your device until you delete those conversations within the StationOne desktop application. StationOne does have access to locally stored data to service user needs, but StationOne employees do not have any access to conversation history stored on your machine.
Requesting deletion: To request deletion of stored credentials or any other data held by StationOne, contact us at:
- Email: privacy@stationone.ai
- Phone: 855-562-4282
- Address: 201 Church Street, Sandpoint, Idaho 83864, United States
Sharing With Third Parties
When you direct the AI assistant to perform a task, your request and the relevant connected service data are sent to your configured AI provider (e.g., Anthropic, OpenAI) to generate the AI response. These requests are proxied through StationOne’s servers and are not persistently stored.
We do not share your connected service data with data brokers, advertisers, analytics vendors, or any party for purposes unrelated to fulfilling your requests.
We may disclose data when required by a valid legal process, to protect legal rights, or to prevent fraud or harm.
Revoking Access
You can revoke StationOne’s access to a connected service at any time by:
- Removing the integration from your StationOne Connections settings
- Revoking access directly through the third-party service’s own account settings
Disconnecting an integration in StationOne deletes the stored credential from our systems but does not automatically revoke the underlying OAuth grant at the third-party provider. The provider’s record of your authorization remains until it expires naturally or you revoke it directly. To fully revoke access at the third-party provider, visit that provider’s connected-apps or security settings, for example, Google Account → Security → Third-party apps with account access. Revoking at the provider invalidates the grant immediately and is the most complete way to ensure StationOne can no longer access that service.
Revoking access stops all future data retrieval. Stored credentials associated with that connection will be removed from StationOne’s systems upon removal of the integration.
Contact
For questions about connector data handling or to request deletion of stored credentials:
- Email: privacy@stationone.ai
- Phone: 855-562-4282
- Address: 201 Church Street, Sandpoint, Idaho 83864, United States
StationOne participates in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and subjects itself to the jurisdiction of the U.S. Federal Trade Commission.
Google Connector Specific Provisions
For Google integrations, the specific data types accessible under each authorized scope are:
| Integration | Scope | Data Accessed |
| Gmail | https://mail.google.com/ | Email message content, labels, and attachments — full read, compose, send, and delete |
| Gmail Settings | https://www.googleapis.com/auth/gmail.settings.basic | Gmail filters and settings |
| Google Drive | https://www.googleapis.com/auth/drive | All Drive file metadata and content — read, create, edit, and delete |
| Google Docs | https://www.googleapis.com/auth/documents | Google Docs content — read, create, edit, and delete |
| Google Sheets | https://www.googleapis.com/auth/spreadsheets | Spreadsheet content — read, create, edit, and delete |
| Google Calendar | https://www.googleapis.com/auth/calendar | Calendar events, attendees, and schedules — full read and write |
| Google Ads | https://www.googleapis.com/auth/adwords | Google Ads account and campaign data |
| Google Analytics | https://www.googleapis.com/auth/analytics.readonly | Analytics reports and data — read only |
Only the scopes you authorize during the OAuth flow are active for your account.
Limited Use of Google User Data
StationOne’s use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use Requirements. Google user data is used only to provide or improve user-facing features that are prominent in the requesting application’s user interface. It is not used for advertising, analytics unrelated to the user’s request, or any secondary purpose.