Babots.ai is an AI companion platform where you can build, teach, and grow personalized AI companions. Connect your own API keys, keep your data private, and evolve your companions through five stages from Spark to Symbiote.
Loading...
This page explains exactly how Babots AI handles data from connected services like Google. Designed for transparency — for our users and for Google's OAuth verification reviewers.
Babots AI operates a strict zero-copy data model for all connected service integrations. User data from Google APIs is fetched in real-time, processed in server memory, and never written to any database, file, cache, or persistent storage. This is not a policy — it is an architectural constraint enforced at the code level.
User asks their AI companion a question like "What's on my calendar today?" or the companion proactively checks based on autonomy settings.
Babots server makes a live API call to Google using the user's encrypted OAuth token. The token is decrypted in-memory only for the duration of the request.
API response is processed in server memory to generate a natural language summary. The raw API data exists only in the request handler's memory scope.
The AI companion delivers a formatted response to the user. At this point, the raw Google API data has already been garbage-collected from memory.
A tamper-evident audit log entry records: what data type was accessed, which API endpoint was called, how many records were returned, and confirms data_persisted = false.
All scopes are read-only. Babots AI never requests write access to Google services unless a user explicitly upgrades their autonomy level (which is disabled by default).
calendar.readonlyView upcoming calendar events so your AI companion can provide contextual reminders and scheduling awareness. Events are fetched in real-time and never stored.
gmail.readonlyView email metadata (subject, sender, date) so your AI companion can summarize your inbox. Email content is processed in-memory and immediately discarded.
tasks.readonlyView your task lists so your AI companion can help you stay organized. Task data is fetched on-demand and never persisted.
contacts.readonlyView contact names and emails so your AI companion can help you find and reference people. Contact data is never stored in our database.
youtube.readonlyView your YouTube subscriptions and watch history so your AI companion can recommend content aligned with your interests. Viewing data is processed in real-time only.
Every data access creates an immutable audit entry linked in a SHA-256 hash chain. Each entry's hash is computed from the previous entry's hash plus the current entry's metadata, forming a blockchain-like chain that proves no entries have been deleted or modified.
If any entry is deleted or modified, re-computing the chain produces different hashes — instantly detectable.
Users can verify their audit chain integrity and download a complete data access receipt (JSON) at any time from their Integrations settings page. The receipt includes every data access, the hash proof for each entry, and a zero-copy policy declaration — all independently verifiable.
Users connect Google from the Integrations page via standard OAuth 2.0. Disconnecting revokes the token at Google's revocation endpoint and deletes the encrypted token from our database. No further API calls are possible after disconnection.
Level 1 (Read-Only): Companion can view data when you ask. Level 2 (Drafting): Companion can prepare actions for your approval. Level 3 (Autonomous): Companion can act independently within boundaries. Default is Level 1.
Users can view every data access their companion made, verify the hash chain integrity with one click, and download a complete audit receipt as a JSON document for independent verification.
Babots AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: