Privacy Policy

Last updated: June 4, 2026

This Privacy Policy explains how Matan (“Matan”, “we”, “us”, or “our”) collects, uses, stores, and protects information when you use the Matan service, including our WhatsApp assistant, our web application at app.matan.fyi, and any integrations you connect to it (collectively, the “Service”).

Matan is a back-office productivity tool used by employees of a business. It does not interact with that business’s end customers. By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Who we are

Matan provides a personal AI assistant that each employee at a company can reach over WhatsApp and through an in-app web chat. The assistant can act on the third-party integrations the user (or their company administrator) chooses to connect, such as Gmail, Google Calendar, Google Sheets, and others.

For questions about this Policy or your data, contact us at privacy@matan.fyi.

2. Information we collect

We collect the following categories of information:

• Account information. Your name, email address, and the identity details provided by our authentication provider (Auth0) when you sign in.
• Phone number. The phone number you verify in order to reach your assistant over WhatsApp, and the messages you exchange with the assistant.
• Integration data. When you connect a third-party account, we access data from that service on your behalf to fulfil your requests. This includes data accessed through Google APIs — see Section 4.
• Conversation content. The messages, instructions, and files you send to the assistant, and the assistant’s responses.
• Technical and usage data. Logs, timestamps, device and browser information, and diagnostic data generated when you use the Service.

3. How we use information

• To provide, operate, and maintain the Service and its assistant features.
• To carry out the actions you request — for example, reading or searching your email, drafting and sending email on your behalf, reading or creating calendar events, and reading or updating spreadsheets.
• To authenticate you and secure your account.
• To debug, monitor, prevent abuse, and improve reliability of the Service.
• To comply with legal obligations.

We do not use your data to build advertising profiles, and we do not sell your data.

4. Google user data

With your explicit authorization through Google’s OAuth consent screen, the Service requests access to the following Google data, and uses it only as described:

• Gmail (gmail.readonly, gmail.send) — to read and search your messages so the assistant can summarize, find, and reference them when you ask, and to compose and send email on your behalf when you instruct it to.
• Google Calendar — to list your events and free/busy availability, and to create events when you ask the assistant to schedule something.
• Google Sheets — to read spreadsheet values and to append rows or create spreadsheets when you ask.

You grant this access yourself and can revoke it at any time (see Section 9). Connections are established and tokens are held by our integration provider, Nango (see Section 6); Matan does not store your Google password.

Limited Use disclosure

Matan’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve user-facing features that are prominent in the Service’s interface.
• We do not transfer or sell Google user data for advertising, marketing, or any other unrelated purpose.
• We do not use Google user data to train, fine-tune, or develop generalized artificial-intelligence or machine-learning models.
• Humans do not read your Google user data except (a) with your explicit consent for specific messages, (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized.

5. AI processing

The assistant is powered by large-language-model providers. To generate responses and carry out your requests, the relevant content of your conversation and the specific integration data needed for a task may be sent to these providers (currently OpenAI and Anthropic) for processing. These providers act as our sub-processors and are contractually prohibited from using your data to train their models. Consistent with Section 4, Google user data is not used to train any AI/ML models.

6. How we share information

We do not sell your personal data. We share data only with:

• Service providers / sub-processors that operate the Service on our behalf, including: Auth0 (authentication), Nango (third-party integration connections and OAuth token management), our cloud hosting provider (Google Cloud), the WhatsApp Business Platform (Meta) for messaging, and the AI providers named in Section 5.
• The third-party services you connect, only to the extent needed to perform the actions you request.
• Legal and safety recipients, where required by law or to protect the rights, safety, and security of users and the Service.

7. Data retention

We retain account information, conversation history, and integration metadata for as long as your account is active and as needed to provide the Service. Data fetched from a connected service (such as an email or calendar event) is processed to answer your request and is not retained beyond what is necessary to operate the Service and its conversation history. When you delete your account or disconnect an integration, we delete or de-identify the associated data within a reasonable period, except where retention is required by law.

8. Security

We use industry-standard safeguards to protect your data, including encryption in transit (HTTPS/TLS), access controls, and isolation of each user’s data within the system. OAuth tokens are managed by our integration provider rather than stored alongside application data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your choices and rights

• Disconnect an integration. You can disconnect any connected service from the Integrations page in the web app at any time, which revokes the stored connection.
• Revoke Google access directly. You can also review and revoke Matan’s access to your Google account at myaccount.google.com/permissions.
• Access, correction, and deletion. You may request access to, correction of, or deletion of your personal data by emailing privacy@matan.fyi. Depending on your location, you may have additional rights under applicable law (such as the GDPR or Israel’s Protection of Privacy Law).

10. International transfers

Matan operates from Israel and uses service providers that may process data in other countries, including the United States and the European Union. Where data is transferred across borders, we rely on appropriate safeguards as required by applicable law.

11. Children

The Service is a business tool intended for use by adults in a workplace. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, notify you through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact us

For any questions, requests, or complaints regarding this Policy or your data, contact us at privacy@matan.fyi.