Legal

Privacy policy

This policy explains how the Management Layer service processes data when people use the dashboard, connected integrations, and GPT Actions exposed through the Management Layer API.

Last updated

April 1, 2026Current operator policy baseline.

Interfaces

Web + APICovers the dashboard, REST API, GPT Actions, and configured connectors.

Security baseline

HTTPS + TOTPAdmin web login uses TOTP; protected API requests require a bearer token.

What we collect

Management Layer processes only the data needed to answer requests, operate integrations, and keep an auditable management trail.

Prompts and action inputs sent from ChatGPT when a user invokes the Management Layer API.
Identifiers and request metadata needed to authenticate, route, and audit actions such as requested_by, provider names, and timestamps.
Operational business data returned by the service, including project status, staff reports, risk flags, drafted messages, and integration health.
Integration data exchanged with connected third-party systems such as Zoho Mail, Zoho Cliq, Zoho People, and Zoho Projects when those connections are configured.

How we use data

Operational data is used to serve management workflows rather than for unrelated consumer profiling.

Answer management questions and produce briefings, summaries, and risk views.
Execute requested workflows such as command intake, report ingestion, message drafting, and approved message sending.
Maintain auditability, diagnose issues, and monitor service health and abuse.

Third-party sharing

Management Layer exchanges data with configured business systems only when necessary for the requested workflow.

Connected systemsZoho services and other future integrations may receive data when the operator enables those connectors and a request requires them.

Hosting and infrastructureHosting, storage, logging, and reverse-proxy providers may process limited data in order to run, secure, and debug the service.

Data is shared with connected third-party services only when needed to fulfill a user-requested action or maintain an enabled integration.
Infrastructure providers may process data strictly to host, secure, and operate the service.
We may disclose information when required by law or to protect the service, users, or the public from fraud, abuse, or security threats.

Retention and security

The service keeps operational records so that workflow outcomes and flagged events remain reviewable.

RetentionData may be stored in application databases, integration state, and audit logs for operational continuity, review, and debugging.

SecurityRequests are transmitted over HTTPS. The management dashboard requires administrator login with TOTP, while protected API endpoints require a bearer token before the API accepts the request.

User controls

Users and administrators still control whether actions run and which systems are connected.

Users can avoid sending a specific request by not invoking an action in ChatGPT.
Workspace administrators can disable or restrict actions and connected domains in managed ChatGPT environments.
Operators can rotate API credentials, disconnect integrations, and remove or update connected systems as part of ongoing administration.

Contact

Privacy requests are currently handled directly by the operator of this deployment.

How to reach usIf you need to ask about data handling, deletion, or integration access, contact the operator or administrator who provided access to this Management Layer deployment.