S6S.ai
Free Audit

Privacy Policy

Last updated: February 25, 2026

1. Overview

S6S.ai ("S6S", "we", "us") is a workflow automation platform. This policy describes how we collect, use, store, and protect your information when you use our website and services at s6s.ai.

2. Information We Collect

2.1 Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile picture from Google. When you sign up via email/password, we collect your email and an encrypted password hash. We also store your authentication provider (Google, GitHub, or email) and a unique account identifier.

2.2 Workflow Data

We store the workflows you create, their configuration, execution logs, and run history so you can monitor, debug, and manage your automations.

2.3 Third-Party Credentials

When you connect external services (Google Sheets, Google Drive, Slack, Discord, Telegram, etc.), we store the OAuth tokens or API keys needed to execute your workflows. All credentials are encrypted using AES-256-GCM at rest.

2.4 AI Chat Data

When you use the AI chat builder, we store your chat sessions and messages to provide conversation history and improve the quality of workflow generation. This data is used to learn from accepted and rejected workflows, improving future AI suggestions.

You can opt out of contributing your chat data to platform improvements in your account settings. Opting out does not affect your ability to use the chat builder.

2.5 Usage Data

We collect basic usage telemetry such as API request counts, workflow execution metrics, and error logs to operate and improve the service. We do not use third-party analytics or tracking scripts on authenticated pages.

3. Google OAuth & Google API Data

S6S.ai uses Google OAuth for two purposes: authentication (sign-in) and service integration (connecting Google services to your workflows).

3.1 Google Sign-In Scopes

When you sign in with Google, we request the following scopes:

  • openid — Verify your identity
  • email — Receive your email address to create your account
  • profile — Receive your name and profile picture for your account

We do not access any other Google data during sign-in.

3.2 Google Service Integration Scopes

When you explicitly connect a Google service to use in your workflows, we request only the scopes necessary for that service. You must grant these permissions separately from sign-in:

  • https://www.googleapis.com/auth/spreadsheets — Read and write to Google Sheets files referenced by your workflows
  • https://www.googleapis.com/auth/drive.file — Access only the specific Google Drive files your workflows reference

S6S.ai only accesses the specific files and data your workflows reference. We never browse, index, or scan your Google Drive or other Google data beyond what your workflows explicitly require.

3.3 How We Use Google Data

  • Google sign-in data (name, email, picture) is used solely to create and identify your S6S account.
  • Google Sheets data is read/written only when a workflow step explicitly targets a specific spreadsheet.
  • Google Drive data is accessed only when a workflow step explicitly references a specific file.
  • We do not use Google data for advertising, profiling, or any purpose unrelated to executing your workflows.
  • We do not sell, rent, or share Google user data with any third party.

3.4 Google API Services User Data Policy Compliance

Limited Use Disclosure

S6S.ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the S6S.ai workflow automation service as described in this policy.
  • We do not transfer Google user data to third parties except as necessary to provide the service (e.g., executing a workflow step that writes to Google Sheets), with your explicit consent, or as required by law.
  • We do not use Google user data for advertising or to serve ads.
  • We do not allow humans to read Google user data unless: (a) you provide explicit consent, (b) it is necessary for security purposes (investigating abuse), or (c) it is required to comply with applicable law.

3.5 Revoking Google Access

You can revoke S6S.ai's access to your Google data at any time by:

  • Removing the Google credential connection in your S6S account settings (this deletes stored tokens immediately)
  • Visiting your Google Account Permissions page and removing S6S.ai

When access is revoked, we delete all stored Google OAuth tokens for your account within 24 hours.

4. How We Use Your Information

We use collected information to:

  • Provide and operate the S6S.ai service
  • Execute workflows on your behalf using your connected credentials
  • Authenticate your identity and secure your account
  • Store chat sessions and workflow generation history for your convenience
  • Improve workflow generation quality using anonymized, aggregated interaction data (with your consent)
  • Monitor service health, fix bugs, and improve performance
  • Communicate important service updates

5. Cookies

S6S.ai uses a minimal number of cookies, all essential for the service to function:

CookiePurposeDurationType
s6s_sessionAuthentication session30 daysEssential
oauth_stateCSRF protection during Google/GitHub OAuth10 minutesEssential
oauth_fromRedirect destination after OAuth sign-in10 minutesEssential

All cookies are HTTP-only, Secure (HTTPS only), and use SameSite=Lax. We do not use any advertising, tracking, or analytics cookies.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

  • To execute your workflows: When a workflow step calls a third-party API (e.g., sending a Slack message), the data you configured is sent to that service as directed by you.
  • AI providers (BYOLLM): If you use your own LLM API key, your chat messages are sent to your configured AI provider (OpenAI, Anthropic, etc.) to generate workflows. S6S does not store API keys sent to these providers.
  • Legal requirements: We may disclose data if required by law, regulation, or legal process.

7. Data Security

  • All third-party credentials are encrypted at rest using AES-256-GCM
  • Sessions use HTTP-only, Secure, SameSite cookies
  • All data is transmitted over HTTPS (TLS 1.2+)
  • API keys are hashed with SHA-256 at rest
  • Security headers enforced: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
  • Secrets are redacted from execution outputs and logs
  • Access to production systems is restricted to authorized personnel

8. Data Retention

  • Account data: Retained for as long as your account is active. Deleted upon account deletion.
  • Workflow data: Retained for as long as the workflow exists. Run history retention depends on your plan (7 days free, 90 days Pro, 1 year Enterprise).
  • Google OAuth tokens: Deleted immediately when you revoke the credential connection, or within 24 hours of revoking via Google Account settings.
  • Chat sessions: Retained for as long as your account is active. You can delete individual sessions at any time.
  • AI interaction data: Anonymized interaction metadata (prompt type, accept/reject, latency) may be retained for service improvement. This never includes your credentials, personal data, or workflow content unless you opt in.

9. Your Rights

You have the right to:

  • Access and export your workflow data and account information
  • Delete your account and all associated data
  • Delete individual workflows, chat sessions, and credentials at any time
  • Revoke third-party service connections (tokens are deleted immediately)
  • Opt out of contributing AI interaction data for platform improvement
  • Opt out of non-essential communications
  • Request a copy of all data we hold about you

To exercise any of these rights, contact us at [email protected] or use the controls in your account settings.

10. Children's Privacy

S6S.ai is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the platform. Continued use of S6S.ai after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy, your data, or how we handle Google user data, contact us at:

Email: [email protected]

Privacy Policy — S6S.ai | S6S.ai