Headway Ops

Privacy Policy

Last updated: May 28, 2026

Headway Ops (“we,” “us”) operates a private internal automation that connects to Google account data on behalf of the account owner. This policy explains what data the application accesses, how it is used, and how it is protected. It applies to the Google OAuth application registered by Headway Ops, used with our self-hosted automation platform.

Who this is for

This is a private, internal tool operated by Headway Ops for its own operators. It is not a public product and is not offered to third parties. The only people who authorize it are the account owner and designated Headway Ops operators.

What data we access

When you authorize the application, it may access, via Google APIs:
  • Gmail — message metadata and content (sender, subject, date, body) from the inboxes you explicitly connect, in order to mirror them into a private internal workspace.
  • Google Calendar — event details (title, time, attendees, meeting links) from the calendars you explicitly connect.

We only access the specific accounts an operator chooses to connect. Accounts are never connected without the owner’s direct action.

How we use it

Accessed data is synced into a private workspace used solely for internal scheduling and operations support — keeping calendars and correspondence visible to the operating team. It is not used for advertising, profiling, or automated decision-making.

What we do not do

  • We do not sell, rent, or trade your data.
  • We do not share your data with third parties, except the infrastructure providers strictly required to run the tool (Google, Airtable, and our self-hosted automation host), each acting as a processor.
  • We do not use the data for any purpose beyond the internal operations described above.

Limited Use disclosure

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, and we do not allow humans to read the data except where necessary for the internal operation of the tool, with the owner’s consent, or as required by law.

Data retention and deletion

Synced data is retained only as long as it is operationally useful and is removed when no longer needed. To revoke access, an operator can disconnect the application at any time from their Google Account security settings (Third-party access), and can request deletion of synced records by contacting us.

Security

Access is governed by least privilege: only connected accounts are read, credentials are stored securely in our self-hosted automation platform, and access is limited to designated Headway Ops operators.

Contact

Questions or deletion requests: [email protected].