Privacy Policy
How we collect, use, store, share, and protect your data — including data we read from Google (Drive and Gmail) when you choose to connect those services to Globus.
Last updated: 11 July 2026 · Effective: 11 July 2026
1. Who we are
This site (buildwithsumit.com) is owned and operated by Sumit Ghosh through Globussoft Technologies Pvt. Ltd., an Indian private limited company registered in India, operating from Dubai, Bangalore and Bhilai. In this policy, “we”, “us”, and “Build With Sumit” mean the same operator.
Questions about this policy or your data: sumit@globussoft.com.
2. What we collect
From you directly:
- Email address — when you join the mailing list, subscribe to The Automation Founders, or contact us.
- Name, phone, country — when you complete the members onboarding form.
- Payment information — handled entirely by Stripe; we receive only the customer ID and subscription status. We never see your card.
- GitHub username — if you request access to private members repositories.
- Forum posts, Globus chat messages, uploaded Obsidian vault content — content you choose to submit while using the members area.
Automatically:
- IP address and user agent — for rate limiting and abuse prevention; never sold or shared.
- Session cookie — a single signed cookie (
bws_member) that proves you are logged in. No third-party trackers, no analytics cookies, no advertising pixels.
From Google (only if you connect Google Drive or Gmail to Globus):
- Your Google account email and profile (
openid,userinfo.email,userinfo.profile) — so we can label the connection and prove ownership. - Google Drive — read (
drive.readonly) — read-only access to recent Google Docs,.md, and.txtfiles in your Drive (default: modified within the last 180 days, capped at 30 files per sync, capped at 1.5 MB per file), used to build your Globus vault. We never modify or delete your existing Drive files. - Google Drive — app files (
drive.file) — permission to create and edit only the specific files Globus generates for you (for example, documents or spreadsheets it produces at your request). This scope grants access solely to files the app itself creates; it cannot see, change, or delete any other file in your Drive. - Gmail — read & organize (
gmail.modify) — read messages matching your configured query (default: starred messages from the last 30 days, capped at 50 messages per sync, body capped at 5,000 characters per message) and, when you ask Globus to, organize your inbox on your behalf: apply or remove labels, mark messages read/unread, and archive or move messages (for example, filing newsletters or rescuing wrongly-flagged business mail from Spam). We never permanently delete your email. - Gmail — send (
gmail.send) — send or forward email from your account only when you explicitly instruct Globus to (for example, forwarding a message or sending a reply you have reviewed). Drafts are shown for your approval; nothing is sent automatically.
3. How we use Google user data (Limited Use)
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- We use Google user data only to provide and improve Globus, your private AI assistant — specifically, to (a) inject your selected Drive and Gmail content into the context window of your personal Globus chats so the model can answer questions grounded in your own material, (b) organize your Gmail inbox (labels, read state, archiving) when you ask it to, and (c) create documents in your Drive or send email from your account at your explicit request.
- We do not transfer Google user data to third parties except (a) to provide or improve Globus, (b) for security purposes such as investigating abuse, or (c) to comply with applicable law.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read your Google user data unless (a) we have your explicit consent for specific messages, (b) it is necessary for security (e.g. investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and used for internal operations.
4. How we store and secure your data
- Encryption in transit: the entire site is served over HTTPS (TLS).
- Encryption at rest for OAuth tokens: your Google refresh token and current access token are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) using a master key held only in our server’s database config. They are never logged in plaintext.
- Per-member isolation: every database query that reads or writes a member’s Globus data is scoped by the member’s authenticated email; cross-member access is not possible through the application interface.
- Hosting: data is stored on a managed Linux server in a commercial datacentre, with access restricted to the operator.
- Payments: handled entirely by Stripe; we never receive or store card details.
- Email delivery: transactional email (one-time login codes, lead notifications) is sent through SendGrid (Twilio).
- AI inference: messages you send to Globus, together with the relevant portion of your vault context, are transmitted to Anthropic to generate responses. Per Anthropic’s API terms, those inputs and outputs are not used to train Anthropic’s models and are retained only as needed to provide the service.
5. Who we share data with
We share the minimum data necessary with the following processors, solely to operate the service:
- Stripe — payments and subscription lifecycle.
- SendGrid — transactional email delivery.
- Anthropic — AI inference (Globus chat).
- ElevenLabs — voice synthesis and orchestration for the Globus voice surface, if you choose to use it.
- Apify — only for the Reels Analyzer feature, which scrapes publicly available Instagram content (not your private data).
- GitHub — only your supplied GitHub username, used to invite you to private members repositories you have requested access to.
- Google — only if you connect a Google account, and only to read the scopes you authorized.
We do not sell your personal data. We do not share your data with advertisers. We may disclose data if required by law or to investigate abuse.
6. Data retention
- Mailing-list email: kept while your subscription is active; deleted on request.
- Members account: kept while your subscription is active. On cancellation, we retain billing-related records as required by law and delete the rest within 90 days.
- Google OAuth tokens and synced content: deleted immediately when you click Disconnect on the Connect data sources page, or when you delete your account.
- Globus chat logs: kept for the lifetime of your account so you can review past conversations; deleted on account closure or on written request.
- Server logs (IP, user agent, request paths): retained for up to 30 days for security and debugging, then rotated out.
7. Your rights and how to exercise them
You can, at any time:
- Disconnect a Google account from your Connect data sources page. This revokes our refresh token at Google and deletes any cached content from that account on our side.
- Revoke our access directly at Google at https://myaccount.google.com/permissions.
- Request a copy or deletion of your data by emailing sumit@globussoft.com from the address associated with your account. We will respond within 30 days.
- Object, restrict, or correct processing of your data — same email address.
- Unsubscribe from marketing email through the link in any newsletter.
Depending on where you live, you may have additional rights under the EU’s GDPR, the UK GDPR, India’s DPDP Act 2023, or the California CCPA. We honour the same baseline of rights for every user worldwide.
8. Children
This service is intended for business users aged 18 or older. We do not knowingly collect data from anyone under 18; if you believe we have, contact us and we will delete it.
9. International transfers
Our servers and processors are located in India, the United States, and the European Union. By using Build With Sumit you consent to your data being processed in any of these locations under the safeguards described in this policy.
10. Changes to this policy
We will update this page when our practices change. Material changes will be announced on the members area at least 7 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.
11. Contact
Sumit Ghosh · Globussoft Technologies Pvt. Ltd. · sumit@globussoft.com