Privacy Policy
Last updated: July 9, 2026 · Control. Alt. Delete. LLC
Tempo uses the accounts you choose to connect to organize your work, surface a prioritized queue, answer your questions, and prepare drafts for your review. We do not sell personal information or use it for advertising. Google data is used only to provide and improve the user-facing features you request. The service providers listed below process connected content under their applicable terms and account settings.
1. Who operates Tempo
Control. Alt. Delete. LLC operates Tempo. In this policy, “Tempo,” “we,” and “us” refer to Control. Alt. Delete. LLC and the Tempo service. Questions, privacy requests, and account-deletion requests can be sent to help@kineticapps.io.
2. Information we collect
Account and sign-in information
When you sign in with Google, Tempo receives your basic Google profile information, such as your name, email address, and profile image. This sign-in step does not by itself grant Tempo access to Gmail or Google Calendar. When you use Sign in with Apple, Tempo receives an Apple user identifier and, when you choose to share them, your name and verified email address or Apple's private relay address. If you use phone sign-in, we process your phone number and one-time-code delivery information.
Google data you separately choose to connect
Connecting Google as a source is a separate, affirmative OAuth step. Tempo currently requests and uses only these Google capabilities:
-
Gmail: the
gmail.modifyscope to read messages and related metadata, prepare and send replies or drafts you approve, send a daily briefing you have enabled, and apply Gmail label changes when you explicitly archive mail in Tempo. -
Google Calendar:
calendar.eventsto read event details and submit an RSVP response you explicitly choose in Tempo, pluscalendar.calendarlist.readonlyto read your calendar list and let you choose which calendars appear in Tempo.
Tempo does not currently request Google Contacts, Drive, Docs, Tasks, or directory scopes for the connected-Google workflow.
Other sources you choose to connect
- Slack: messages and workspace-user information the connected Slack account can access, plus an explicit Slack reply when you approve one.
- Notion: pages and databases you share with the Tempo integration.
- Granola: meeting notes, summaries, attendees, and action items available through the API key you provide.
Information you create in Tempo
We store your settings, feedback, edits, chats with Tempo, drafts, connected-agent settings, issue reports, searches, and the actions, people, topics, preferences, and other derived records Tempo builds for you. We also keep limited operational records such as sync status, model usage, delivery status, security events, push notification tokens, and feature-usage events linked to your account and needed to operate, personalize, troubleshoot, and improve the service.
App, device, dictation, and support information
Tempo receives ordinary app and service metadata such as an internal account identifier, app version, device platform, notification token, current screen path, timestamps, sync state, feature interactions, and error details. We do not request precise or coarse device location.
When you start dictation, the iOS app asks for microphone and speech recognition access and requires Apple's on-device recognition to turn your speech into editable text. Tempo receives the text you choose to use, but does not upload or store the dictation audio. Tempo does not listen or record in the background.
An in-app issue report includes the description you enter and limited app, device, and screen-path diagnostics. Tempo can capture the visible app screen to help explain the issue; you see that screenshot and can remove it before sending. A submitted screenshot may contain visible connected content, so review it carefully.
3. How Tempo uses information
Tempo uses connected data and the records it derives to:
- sync, index, search, and show the work streams you connect;
- identify potential actions, rank them with deterministic scoring, and group related people and topics;
- prepare drafts, summaries, briefings, search results, and answers to your questions;
- learn preferences from feedback and edits so the service works better for you;
- secure, troubleshoot, maintain, and measure the user-facing service; and
- comply with law and enforce our terms.
4. Sending, archiving, Calendar responses, and briefings
Tempo does not silently send replies, archive mail, or answer calendar invitations. Sending a reply or draft, archiving a Gmail item, and submitting a Calendar RSVP each require an affirmative action or approval from you in Tempo.
A daily briefing is different: if you enable scheduled briefings and choose a time, Tempo may automatically send that briefing to you from your connected Gmail account on that schedule. You can disable the schedule. A one-time test briefing is sent only when you request it.
5. Storage, AI processing, and sharing
Tempo shares personal information only as needed to provide the service, at your direction, for security, or when legally required. Current service providers that may process connected content include:
- Vercel, which hosts Tempo’s public web application and receives ordinary web-request metadata.
- Convex, which hosts Tempo’s backend, live application database, authentication components, and scheduled jobs.
-
OpenRouter, which routes relevant prompts and content
to configured model ids and downstream inference providers. Tempo
currently uses the
openai/gpt-oss-120bmodel family for many high-volume tasks and Google Gemini models for selected complex tasks. A model-family name does not by itself identify the downstream company that processed a routed request. - Voyage AI, which receives text needed to create embeddings for semantic search and retrieval.
- Twilio, if you use phone sign-in, to deliver the one-time SMS code.
- Expo and Apple Push Notification service, if you enable mobile notifications, to deliver a device notification about your briefing. Tempo sends generic briefing-ready copy rather than names, topics, message text, or Calendar details in that notification.
- GitHub, which may receive issue-report text and work metadata when a report enters Tempo’s controlled engineering workflow. An optional screenshot remains in Convex storage unless an authorized operator or tool retrieves it.
We use these providers to deliver Tempo’s user-facing features. Their handling of connected content is governed by their applicable terms, data-processing agreements, downstream-provider policies, and the account or request settings we configure. Those settings and providers may change as we improve the service; we will keep this disclosure current with material changes.
Optional external agents
Tempo lets you optionally authorize an external agent or MCP client. When you do, that agent can use its Tempo access token to read your Tempo world, including source content behind it, work on tasks you explicitly hand off, and submit suggestions for your review. Tempo’s external-agent interface cannot send messages, archive mail, edit your source data, or delete your data. The external agent and its operator may have their own privacy terms. Do not authorize an agent you do not recognize; you can revoke its access from Account → Agent access.
We may also disclose information if you ask us to, to investigate abuse or security incidents, to protect rights and safety, to comply with a valid legal obligation, or in connection with a corporate transaction. We do not sell personal information or share it for cross-context behavioral advertising.
International processing
Tempo and its service providers may process information in the United States and other countries where they operate. Those countries may have different data-protection laws from where you live. Where applicable, we use contractual or other legally recognized safeguards for these transfers.
6. Google API Services User Data Policy
Tempo’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google user data is used only to provide or improve the user-facing Tempo features described in this policy. It is not used for advertising, sold, or used to determine creditworthiness. Humans do not read Google user data unless you give explicit permission for support, access is necessary for security or abuse investigation, or access is required by law. Transfers are limited to service providers necessary to provide the requested features, a third party you direct us to share with, security or legal needs, or a corporate transaction subject to applicable notice requirements.
7. Your controls
- Disconnecting a source stops future access by revoking or removing its stored credential. For supported source types, Tempo also removes source-linked imports and workflow records. Because information derived across multiple sources may remain, disconnecting a source is not a substitute for a full reset.
- Reset Tempo data is the in-product fresh-start control. It is designed to delete Tempo’s live per-user application records, including connected-source credentials, imported messages, Calendar records, actions, drafts, chat history, topics, people, learned preferences, settings, and agent-access tokens. It preserves the login identity and Convex Auth records so the same Tempo login stays active. Uploaded issue-report files referenced by your reports are included in this self-service reset.
- Signing out ends your active session. It does not disconnect sources, reset Tempo data, or delete your account.
- Deleting your Tempo account is available in Account → Data controls → Delete account. Tempo first attempts to revoke connected Google access and Sign in with Apple credentials, then removes sign-in methods and ends every active session immediately. A server-owned, resumable process deletes the remaining Tempo data in bounded batches. There is no recovery grace period for self-service account deletion, and the deletion tombstone is removed when the purge completes. If the revocation step cannot safely finish, Tempo leaves the account and data intact and asks you to try again.
- You can also revoke Google access from your Google Account’s third-party connections page. Revocation stops future API access but does not itself delete information already stored in Tempo; use Reset Tempo data or Delete account for that.
8. Privacy rights and requests
Depending on where you live, you may have rights to request access to, correction of, portability of, or deletion of personal information; to object to or restrict certain processing; and to appeal a decision on a privacy request. Tempo does not discriminate against you for exercising an applicable privacy right. You may use the controls above or email help@kineticapps.io.
We may need to verify that you control the relevant Tempo account before fulfilling a request. If an authorized agent submits a request, we may also verify the agent's authority and confirm the request with you. You may contact the data-protection authority where you live if you remain concerned about our response.
9. Retention
Tempo currently retains connected-source and derived data while your account remains active so the service can preserve search, history, memory, and preferences. We do not currently apply a fixed maximum retention period to an active account. We delete live application data when the applicable reset, disconnect, or account-deletion process completes, subject to the distinctions above.
Limited residual copies may remain temporarily in managed backups, security records, or processor logs until their ordinary rotation, and we may retain records when required for security, fraud prevention, dispute resolution, or law. We will not use retained information for a new purpose.
10. Security
OAuth tokens and API keys are kept server-side and are not delivered to the browser. Tempo uses HTTPS for data in transit, user-scoped data access, revocable source and agent credentials, and explicit approval gates for source mutations. No service can guarantee perfect security. See our Security page to report a concern.
11. Children
Tempo is a work-productivity service and is not directed to children under 13. If you believe a child has provided personal information, contact us so we can investigate and delete it as appropriate.
12. Changes to this policy
We may update this policy as Tempo changes. We will update the date at the top and provide additional notice in the service when a change is material.