Sume
About Us
Join Beta

On desktop?
Continue on your phone

Scan to join beta via iMessage

Last updated: March 16, 2026

Privacy Policy

This Privacy Policy explains how Sume, Inc. (“Sume,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with the Sume website, authentication flows, messaging experiences, connected integrations, automations, and related services (collectively, the “Services”).

This Privacy Policy does not cover personal information processed by third parties that provide services to you independently of Sume, including your mobile carrier, messaging platform, Google, Apple, or other third-party providers acting under their own privacy policies.

1. Scope

This Privacy Policy applies when you:

  • visit our website or interact with our authentication or verification flows;
  • use Sume through supported messaging channels such as iMessage or compatible delivery providers;
  • connect a Google account or another supported integration;
  • submit prompts, files, images, feedback, or support requests; or
  • use assistant memory, automations, browser-assisted tools, scheduling, or other related features.

2. Personal Information We Collect

Depending on how you use the Services, we may collect the following categories of personal information.

A. Account and identity information

  • name, display name, or nickname;
  • email address;
  • phone number;
  • account identifiers tied to your messaging or connected accounts;
  • Google account identifiers and basic profile information; and
  • onboarding, verification, and account-linking state.

B. Messages, prompts, files, and assistant context

  • message content you send or receive through Sume;
  • prompts, instructions, notes, and saved memory;
  • uploaded or linked files, images, attachments, and contact-card data;
  • message metadata such as chat identifiers, provider identifiers, timestamps, endpoint handles, and delivery state; and
  • workspace state generated to keep conversations, automations, or tasks running over time.

C. Connected integration data

If you connect Google or another supported integration, we may collect and process:

  • the scopes and permissions you granted;
  • encrypted OAuth or similar access credentials;
  • email address and account identifiers associated with the connected account; and
  • content and metadata from the connected service that are necessary to provide the feature you requested, such as Gmail and Calendar data when you explicitly connect Google-enabled functionality.

D. Automation, safety, and operational records

  • task and tool execution history;
  • automation, schedule, and run-history records;
  • browser or sandbox session metadata;
  • moderation, trust, safety, fraud, and abuse review signals;
  • support interactions and bug reports; and
  • audit and troubleshooting records.

E. Device, log, and usage information

  • IP address;
  • browser type, device type, operating system, and language settings;
  • timestamps, request IDs, referrers, and general diagnostic information;
  • cookie and similar technology data on our website; and
  • website and product usage analytics.

F. Communications and feedback

  • communications you send to us by email, support, or other channels; and
  • survey responses, feedback, and beta-program information.

3. Sources of Personal Information

We collect personal information:

  • directly from you;
  • from your devices and browser when you use our website or Services;
  • from messaging or delivery providers when messages are routed through supported channels;
  • from Google or other integrations you choose to connect;
  • from service providers that support hosting, analytics, security, and operations; and
  • from other users or contacts when they lawfully share data with us in connection with using the Services.

4. How We Use Personal Information

We may use personal information to:

  • provide, operate, maintain, and improve the Services;
  • authenticate you and connect your account, phone number, or integrations;
  • generate assistant responses and complete tasks you request;
  • maintain memory, workspace files, automations, schedules, and ongoing context;
  • send onboarding, transactional, security, support, or service communications;
  • process connected-service actions, including Google-linked tasks you authorize;
  • detect, investigate, and prevent fraud, abuse, unauthorized access, and other harmful activity;
  • debug, monitor, and secure the Services;
  • enforce our terms, policies, and contractual rights; and
  • comply with legal obligations and protect the rights, safety, and security of Sume, our users, and third parties.

5. Legal Bases for Processing

Where required by applicable law, we process personal information under one or more of the following legal bases:

  • performance of a contract with you;
  • your consent;
  • our legitimate interests in operating, securing, improving, and supporting the Services; and
  • compliance with legal obligations.

6. How We Disclose Personal Information

We may disclose personal information to:

  • service providers and infrastructure partners that help us host, deliver, secure, observe, or support the Services;
  • AI model providers and processing partners when needed to generate outputs or complete the tasks you request;
  • messaging, communication, and delivery providers when messages are sent or received through those channels;
  • integration providers, such as Google, when you connect an account or trigger an integration-based action;
  • professional advisors, auditors, insurers, and legal counsel;
  • law enforcement, regulators, courts, or other parties when required by law or when reasonably necessary to protect rights, safety, and security;
  • counterparties in an actual or proposed merger, financing, acquisition, restructuring, sale of assets, or bankruptcy transaction; and
  • other parties at your direction or with your consent.

7. Google Data and Connected Account Data

If you connect Google, we use Google account data and Google Workspace data only to provide, maintain, secure, and improve the Google-connected features you request.

In particular:

  • we use Google account information to authenticate you, maintain the connection, and understand which permissions you granted;
  • we use Gmail and Calendar data only to provide the assistant workflows, actions, summaries, automations, and related features you request or enable;
  • we do not sell Google user data; and
  • we do not use Google user data for advertising or cross-context behavioral profiling.

Sume's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you disconnect Google access or revoke permissions with Google, some features of the Services may stop working.

8. Cookies, Analytics, and Similar Technologies

We and our service providers may use cookies, local storage, analytics tools, and similar technologies on our website to:

  • keep you signed in or maintain session state;
  • remember preferences;
  • understand how the website is used;
  • diagnose bugs and performance issues; and
  • improve the security and usability of the Services.

Our current or recent website analytics stack may include providers such as Vercel Analytics and PostHog. These providers receive technical and usage information as described in their own privacy documentation.

You can usually control cookies through your browser settings. Blocking some cookies may affect website functionality.

9. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with law, resolve disputes, and enforce our agreements.

Retention periods vary by data type. In the current Sume runtime:

  • short-lived authentication state stored for Google OAuth and delegated auth handoff flows is typically retained for about 10 minutes and then expires or is consumed;
  • certain operational logs, including message history, webhook event history, tool execution logs, outbound delivery attempts, and cron-job run records, are commonly retained for about 30 days by default, although settings may be adjusted for operational or legal reasons;
  • browser-session and executor-session records are generally retained until they expire, are cleared, or are no longer needed operationally;
  • onboarding state, account-linking records, encrypted OAuth credentials, safety records, and durable workspace or memory data may persist until they are deleted, reset, no longer needed, or your account is closed; and
  • backups and legal-hold copies may be retained for longer where necessary.

If you request deletion, we will take reasonable steps to delete or de-identify applicable data, subject to legal, security, fraud-prevention, operational, and backup limitations.

10. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. These may include encryption of sensitive credentials in transit and at rest, authentication controls, access controls, logging, and abuse monitoring.

No system is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

We and our service providers may process personal information in countries other than the one where you live. These countries may have data protection laws that differ from those in your jurisdiction.

Where required by law, we use appropriate safeguards for international data transfers.

12. Your Choices and Rights

Depending on your location, you may have rights to:

  • access personal information we hold about you;
  • correct inaccurate personal information;
  • delete personal information;
  • receive a portable copy of certain personal information;
  • object to or restrict certain processing; and
  • withdraw consent where processing is based on consent.

You may also:

  • revoke connected account permissions, such as Google access, through the relevant provider;
  • control cookies through your browser settings; and
  • opt out of marketing communications by following the instructions in those messages.

To exercise privacy rights, contact us at support@sumelabs.com. We may need to verify your identity before fulfilling your request.

13. U.S. State Privacy Disclosures

If you are a resident of California or another U.S. state with applicable privacy rights, this section provides additional disclosures.

We may collect, use, and disclose the categories of personal information listed in Section 2 for the purposes listed in Section 4 and with the recipients listed in Section 6.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. privacy laws.

We do not knowingly process sensitive personal information for purposes of inferring characteristics about you beyond what is necessary to provide the Services you request, maintain security, or comply with law.

You may have the right to appeal a denial of your privacy request where required by law. To do so, reply to our response or contact us again with “appeal” in the subject line.

14. Do Not Track

Because there is not yet a consistent industry standard for responding to browser-based “Do Not Track” signals, our website may not respond to those signals in all circumstances.

15. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13. If you believe a child under 13 has provided us personal information, contact us and we will take appropriate steps.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version, update the “Last updated” date, and provide additional notice where required by law.

17. Contact Us

If you have questions or requests about this Privacy Policy or our privacy practices, contact us at support@sumelabs.com.