Privacy Policy

Last updated: 27 June 2026

Lisa ("the Service") is operated by GRABO LLC ("we", "us"), Suite 9E, Eastern Commerce Center, 6000 South Eastern Avenue, Las Vegas, NV 89119, USA. This policy explains what data the Service collects, how it is used, and your choices. Questions: support@grabo.cc.

1. What we collect

Account information. When you sign in with Google, Apple or Microsoft we receive your name, email address, a stable account identifier and (where provided) profile picture, via OpenID Connect (openid email profile). If you create an account with email and a password, we store your email and a salted password hash.
Tasks and content you create. The tasks, notes, files, contacts and reference details you add to the Service.
Connected Google data (only if you choose to connect it). With your explicit consent, the Service requests access to:
- Google Calendar (calendar.events) — to read your events and, at your request, create or update events (e.g. book a confirmed meeting or reminder).
- Google Contacts (contacts.readonly) — read-only, to recognise the people you ask Lisa to reach and seed your assistant's address book.
These are the only Google data scopes we request. You can use the Service without connecting any Google data.

2. How we use it

We use your data solely to provide the Service to you: to organize your tasks, let your AI assistant reason over your information, and — only if you connect it — show you relevant calendar context and act on calendar/contacts on your behalf. We do not sell your data, and we do not use it for advertising.

3. Google API Services — Limited Use

Lisa's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Google user data only to provide and improve user-facing features of the Service; we do not transfer or sell it; we do not use it for advertising; we do not use it to train generalized AI/ML models; and humans do not read it except with your explicit consent, for security/abuse/legal reasons, or where the data is aggregated and anonymized.

4. AI processing

To power the assistant, relevant task content and the data you connect may be sent to our AI model providers (e.g. Anthropic, OpenAI) strictly to generate responses for you. These providers process the data on our behalf and do not use it to train their models on your data under our API terms.

5. Sharing

We do not sell or rent your data. We share it only with the infrastructure and AI providers that operate the Service on our behalf (e.g. our cloud host and the AI model providers in §4), and only as needed to run the Service or where required by law. Google user data is never shared for advertising.

6. Storage, retention & security

Your data is stored on our servers. OAuth access and refresh tokens are encrypted at rest, and access is restricted to the Service operating on your behalf. We retain your data for as long as your account is active. When you disconnect Google, the stored Google tokens are revoked and deleted immediately; calendar/contacts data is fetched on demand and not retained beyond what is needed to serve your active tasks. When you delete your account, we delete your account data within 30 days.

7. Your choices

Disconnect Google anytime in Settings → Your Google account. We revoke and delete the stored tokens. You can also remove access at myaccount.google.com/permissions.
Delete your account / data. Email support@grabo.cc and we will delete your account and associated data within 30 days.

8. Changes

We may update this policy; material changes will be reflected by the "Last updated" date above.