Privacy and security
This is the practical summary. For the full policy, see Privacy & terms on the main site.
Security in practice
Section titled “Security in practice”Colleague is designed around a conservative default: it can work from your messages and instructions, you can share specific material when that helps and personal account connections stay optional.
In everyday use, that means:
- Least access by default. Share a single document, folder, calendar or email thread with the agent instead of connecting a full personal account.
- Explicit approvals. New Telegram groups and people must be approved before they can talk to your agent.
- Protect your accounts. Use two-factor authentication on Telegram and on any personal Google, Microsoft, Dropbox or GitHub accounts you connect.
- Sensitive actions stay visible. Tasks like sending messages, changing files or acting through connected accounts should be requested deliberately.
- External content is source material. Emails, documents, web pages and messages can guide a task, but they should not override what the agent is allowed to do.
- You can remove access. Stop sharing files, disconnect services, revoke provider access or request deletion.
What’s safe to share
Section titled “What’s safe to share”Colleague is intended for lower-risk academic and administrative work:
- Grant applications, fellowship drafts, protocols, abstracts, cover letters and response-to-reviewer drafts.
- Manuscript drafting, structure and editing.
- Meeting prep, project planning, email drafting and routine admin.
- Public, de-identified or low-risk materials you’re allowed to share.
What not to share
Section titled “What not to share”If you share something out of scope by accident, tell the team as soon as possible so it can be deleted or isolated.
If you shared something by mistake
Section titled “If you shared something by mistake”If you accidentally share something that should not be in Colleague:
- Stop the task.
- Remove access where you can, such as unsharing the file or calendar.
- Contact the team with enough detail to identify the material.
- Do not paste more sensitive details into chat while asking for help.
What Colleague may store
Section titled “What Colleague may store”To run the assistant, Colleague may store messages sent to the Colleague bot, messages in approved Telegram groups where the bot is present, task context, useful memory, configuration, connected-service tokens or metadata, workspace files you create or share and technical logs for support and security.
Colleague does not have access to your wider Telegram account or chats outside the bot and any approved groups where the bot is present.
The aim is to keep what’s useful for the assistant to work well, not to copy or retain every connected file or account.
Where data goes
Section titled “Where data goes”- Processed within Colleague infrastructure.
- Sent to your AI model provider when a task needs model inference.
- Sent to connected services only where you’ve explicitly connected or shared them.
When a task needs the model, Colleague sends the message plus relevant context and excerpts for that task, not your whole drive, inbox or document library.
The model provider is not a connector: it receives the relevant task context Colleague sends for model processing, but it does not get independent access to your Google, Dropbox, OneDrive or GitHub accounts.
Your controls
Section titled “Your controls”- Stop sharing a Google document, folder or calendar with the agent’s email.
- Remove files from Dropbox
Apps/Colleague/. - Disconnect services in the dashboard.
- Revoke access in Google, Microsoft, Dropbox or Telegram settings.
- Ask the team to delete or isolate something shared by mistake.