Agent Helm ("we", "us", "our") is a software service that lets you deploy personal AI agents connected to your tools — Gmail, Google Calendar, GitHub, and others — via Telegram. We operate at agenthelm.mom. Contact: hello@agenthelm.mom
| Data | Why we need it | How it's stored |
|---|---|---|
| Gmail OAuth token (access + refresh token) |
Your agent reads and drafts emails on your behalf. Without this token, it can't access Gmail. | Encrypted at rest (AES-256-GCM). Never logged in plaintext. |
| Google Calendar OAuth token | Your agent reads and creates calendar events on your behalf. | Encrypted at rest (AES-256-GCM). Never logged in plaintext. |
| Telegram user ID and chat ID | To route messages between you and your agent, and to send you system notifications. | Stored in our database. Not encrypted (not sensitive on its own). |
| Telegram bot token | This is your agent's identity on Telegram — it's how your bot sends and receives messages. | Encrypted at rest (AES-256-GCM). Never logged in plaintext. |
| LLM API key (MiniMax, OpenAI, Anthropic) |
Your agent uses this key to call the language model you've configured. | Encrypted at rest (AES-256-GCM). Never logged in plaintext. |
| Email address | To send your invite code and occasional product updates if you sign up for the mailing list. | Stored in our database. Not shared with third parties for marketing. |
| Agent activity logs (tool calls, approvals, errors) |
To show you what your agent did, power the approval queue, and debug issues. | Stored in our database. Retained for 90 days, then deleted. |
| Usage analytics (PostHog events) |
To understand how the product is used so we can improve it. No personally identifiable data in event properties. | Processed by PostHog. See PostHog's privacy policy. |
We do not read the content of your emails or calendar events beyond what is necessary to execute a specific action your agent has been asked to perform. We do not store email or calendar content in our database — that data passes through our proxy and is returned directly to your agent.
We do not sell your data. We do not share your data with advertisers. Ever.
| Service | What they receive | Their privacy policy |
|---|---|---|
| Fly.io | Hosts your agent's runtime. They see encrypted traffic and machine usage metrics. | fly.io/legal/privacy-policy |
| OAuth tokens are issued by Google. Your Gmail and Calendar data lives on Google's servers. | policies.google.com/privacy | |
| Telegram | All agent messages pass through Telegram's infrastructure. | telegram.org/privacy |
| PostHog | Anonymous product analytics events (no email, no name, no message content). | posthog.com/privacy |
| MiniMax / OpenAI / Anthropic | Your LLM provider receives the messages your agent processes. Subject to their own terms. | Varies by provider. |
Agent Helm's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We request only the scopes necessary for your agent to function. Specifically:
| Scope | Why |
|---|---|
gmail.readonly, gmail.compose | Read and draft emails. We do not request gmail.send during beta. |
calendar.readonly, calendar.events | Read and create calendar events. |
OAuth tokens are refreshed automatically and retained as long as your account is active. Agent activity logs are retained for 90 days and then permanently deleted. If you delete your account, all data associated with it is deleted within 30 days.
You can ask us to export or delete all data we hold about you at any time. Email hello@agenthelm.mom with the subject line "Data request" and we'll respond within 5 business days.
You can revoke Gmail and Calendar access at any time from your Google account permissions page. Revoking access will stop your agent from functioning until you reconnect.
All sensitive credentials (OAuth tokens, API keys, bot tokens) are encrypted at rest using AES-256-GCM with keys derived via Argon2id. Connections to our API are TLS-only. We do not log sensitive values in plaintext anywhere in our system.
If you discover a security issue, please email hello@agenthelm.mom. We'll respond within 24 hours.
Agent Helm is in closed beta. The product, infrastructure, and this policy may change as we grow. We will notify active users of any material changes to how we handle their data before those changes take effect.
Questions about this policy: hello@agenthelm.mom
We are a small team. We read every email. We respond to most of them.