Privacy

Privacy policy

Last updated: 15 June 2026.

Commandology is the customer-facing name for AI assistant services operated by Newbury Oak Limited. This policy explains how we handle personal data for visitors, prospects, beta customers and users of Commandology services in the UK.

Who we are

The data controller is Newbury Oak Limited, 83 Phoenix Street, Sutton in Ashfield, Nottinghamshire, NG17 4HL.

For Privacy or business queries, please email info@NewburyOak.com and for Customer Support please contact info@Commandology.com.

What we collect

Depending on how you use Commandology, we may collect:

• business contact details, such as your name, business name, email address and role;
• information you give us during sign-up, onboarding, support or beta testing;
• messages, calls, transcripts, notes and task history needed to provide the assistant service;
• business information needed to configure your assistant, such as services, opening hours, policies, pricing rules and customer-handling preferences;
• provider connection details, connection status and access tokens where you choose to connect accounts such as Google email, calendar or Drive;
• technical and operational logs needed for security, troubleshooting and service reliability.

How we use data

We use personal data to provide, configure, secure, support and improve Commandology. This includes onboarding customers, operating the assistant, preparing drafts or task outputs, handling support, maintaining audit records and meeting legal or security obligations.

Google user data

If you choose to connect a Google account, Commandology will request only the Google access needed for the features you enable. You can use Commandology without connecting a Google account, but some email, calendar and file features will not work unless you approve the relevant access.

The first planned Google connections are Gmail, Google Calendar and limited Google Drive file access. Depending on what you choose to connect, Commandology may access, use and store:

• Gmail data needed to support customer email work, such as messages, threads, labels, drafts, recipients, subjects, timestamps, attachments where relevant, and actions needed to draft, send, organise or follow up email you have approved;
• Google Calendar data needed for scheduling work, such as calendar events, event times, attendees, locations, descriptions, availability and event changes needed to book, update, remind or reschedule appointments;
• Google Drive file data limited to files Commandology creates, files you explicitly open with Commandology, or files you explicitly share with Commandology, such as working documents, notes, quote drafts, customer files and related metadata;
• basic Google account information shown during sign-in or consent, such as your email address and profile information, so we can connect the correct account.

Commandology uses Google user data only to provide and improve the user-facing assistant features you have enabled, such as preparing or sending email, managing calendar events, creating or organising working files, remembering agreed business rules, and showing connection status inside Commandology.

Commandology's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data. We do not use Google user data for advertising, retargeting, personalised advertising, credit scoring, lending decisions, surveillance or resale. We do not transfer Google user data to advertising platforms, data brokers or information resellers.

We do not use Google user data to train general-purpose AI models. Where AI model providers are used to provide the assistant service, Google user data is sent only as needed to perform the specific user-facing task you requested or approved, such as drafting a reply or summarising a customer message.

We do not allow humans to read Google user data unless you have asked us to help with a specific issue, it is necessary to provide support, investigate abuse or security issues, maintain service reliability, comply with law, or protect the service. People who may need access are limited to authorised Newbury Oak Limited operators or approved service providers who are bound to protect the data and use it only for the permitted purpose.

Access and control

We do not ask for passwords. Where possible, access is granted through provider-approved connection flows such as OAuth. You can choose which supported services to connect and you can choose not to connect a service.

You can revoke Google access at any time from your Google Account permissions. You can also contact us at info@commandology.com to ask us to remove Commandology-side connection records and delete, disable or make unusable stored Google OAuth tokens. Removing access may stop connected email, calendar or file features from working.

Sharing

We share data only where needed to provide the service, operate infrastructure, process communications, comply with law or protect the service. Providers may include hosting, email, AI model, voice, logging and integration providers. We do not sell customer data.

Where a service provider processes Google user data for us, it may only do so to provide the Commandology service, maintain security, support the service, comply with law or complete another purpose allowed by this policy and Google's rules.

Security

We use reasonable technical and organisational measures to protect personal data and Google user data. These include secure connection flows, encrypted transport where supported, restricted operator access, separate client deployments or records, operational logging, and controls intended to prevent raw OAuth tokens from appearing in public pages, support messages or routine logs.

OAuth tokens and provider credentials are treated as sensitive secrets. They are stored only where needed to operate connected features, access is limited, and they are deleted, disabled or made unusable when no longer needed.

Retention

We keep data only for as long as needed for service delivery, support, audit, legal, security and operational purposes.

Google OAuth tokens and provider connection records are kept while the connection is active and are deleted, disabled or made unusable when you revoke access, ask us to remove the connection, offboard from the service, or when the connection is no longer needed.

Task history, messages, transcripts, notes, drafts, calendar-related records, file records and audit logs may be kept while your Commandology service is active so the assistant can remember agreed business context, avoid asking the same questions repeatedly, support troubleshooting and maintain a reliable record of work. After offboarding, we delete or anonymise service records when they are no longer needed for legal, security, accounting, dispute, backup or audit purposes.

You can ask us to access, correct or delete personal data by emailing info@NewburyOak.com. Some records may need to be retained where required for legal, security, accounting, dispute resolution or legitimate operational reasons.

Your rights

UK data protection law may give you rights to access, correct, delete, restrict, object to use of, or request a copy of your personal data. To make a request, email info@NewburyOak.com.

Beta status

Commandology is preparing for an early UK beta. This policy may be updated as the service, provider connections and production controls are finalised.