AI & Data Processing Policy

Last updated: March 22, 2026

Effective: March 22, 2026 · Last Updated: March 22, 2026

This policy explains how Bestia Technologies Inc. ("Bestia", "we") uses artificial intelligence to process your data within WhatsDone, what safeguards are in place, and your rights regarding AI-driven decisions.

1. How AI Processes Your Data

1.1 What we process

WhatsDone uses AI to process the following data from your connected Google Workspace account:

  • Email content: Subject lines, message bodies, sender/recipient information, and thread context
  • Calendar data: Event titles, times, attendees, and descriptions
  • Contact information: Names and email addresses from your Google Contacts

1.2 What AI does with your data

  • Email classification: Categorises emails using the Eisenhower Matrix (DO, DECIDE, DELEGATE, ARCHIVE) based on urgency, importance, and context
  • Action item extraction: Identifies tasks, deadlines, commitments, and follow-ups embedded in email conversations
  • Intelligence briefs: Generates daily and weekly summaries of key communications, decisions, and outstanding items
  • Reply drafting: Creates suggested email responses based on context and your communication patterns
  • Pattern recognition: Identifies recurring themes, bottlenecks, and workflow patterns across your communications
  • Scheduling intelligence: Detects scheduling conflicts, suggests meeting times, and identifies calendar gaps

1.3 How processing works

Your data is sent to Anthropic's Claude API via encrypted API calls. The AI model processes your data and returns structured results (classifications, extracted actions, summaries). The processing is stateless from Anthropic's perspective — they do not retain your input data after processing is complete.

2. Human-in-the-Loop Guarantee

No AI output results in action without your explicit approval. This is a non-negotiable design principle.

  • Review before action: Every AI-generated suggestion (task creation, calendar event, reply draft, email classification) is presented to you for review before any action is taken.
  • Approve, edit, or dismiss: You can approve a suggestion as-is, edit it before approving, or dismiss it entirely. All three actions provide feedback that improves future suggestions for your organisation.
  • No autonomous actions: WhatsDone will never send an email, create a calendar event, modify a task, or take any external action without your explicit confirmation.
  • Bulk actions require confirmation: Even when processing multiple suggestions at once, each action type requires explicit confirmation.

3. AI Model and Provider

  • Provider: Anthropic (Claude API)
  • Data retention: Anthropic's commercial API terms state that they do not use customer inputs or outputs to train their models. Input data is not retained after processing.
  • No fine-tuning on your data: We do not fine-tune or train general-purpose AI models using your data. Your data does not improve the AI for other customers.
  • Organisation-specific learning: Your feedback (approvals, dismissals, edits) is stored in your organisation's private knowledge base to improve suggestion quality for your team only. This learning is not shared across organisations.

4. Data Isolation

  • Organisation boundaries: Data from different organisations is strictly isolated. One organisation's data is never used to inform suggestions for another.
  • Team member boundaries: Within an organisation, individual email content is private by default. Team-wide views show aggregated activity (e.g., number of actions extracted) without exposing individual email content unless explicitly shared.
  • No cross-customer learning: We do not aggregate data across customers to build shared models, datasets, or benchmarks.

5. Transparency

  • Confidence indicators: AI suggestions include confidence levels so you can assess reliability at a glance.
  • Source attribution: Every extracted action item links back to the source email, so you can verify context.
  • Classification reasoning: Email classifications include brief explanations of why the AI categorised an email in a particular way.
  • Audit trail: All AI-generated suggestions and your responses (approve, edit, dismiss) are logged and available in your activity history.

6. Bias and Fairness

We are committed to identifying and mitigating bias in our AI systems:

  • Regular audits: We periodically review AI outputs for patterns of bias related to sender identity, language, or communication style.
  • Feedback loops: Your dismissals and edits help us identify cases where the AI may be making incorrect or biased assessments.
  • Diverse testing: We test our AI processing across diverse email corpora, communication styles, industries, and languages.
  • Reporting: If you identify potential bias in AI outputs, please report it to ai-ethics@bestia.ai.

7. AI Incident Response

In the event of an AI-related incident (e.g., systematic misclassification, data leakage through AI outputs, or unintended model behaviour):

  • We will disable the affected AI feature within 4 hours of confirmed detection.
  • We will notify affected users within 24 hours with a description of the incident and its scope.
  • We will publish a post-incident report within 7 days detailing root cause, impact, and remediation steps.
  • We will not re-enable the affected feature until the root cause has been identified and fixed.

8. Your Rights Regarding AI Processing

  • Opt out of specific features: You can disable individual AI features (e.g., reply drafting, calendar suggestions) while continuing to use others.
  • Request explanation: You can request an explanation of how the AI reached a specific classification or suggestion.
  • Object to automated processing: Under applicable data protection laws (including UK GDPR Article 22), you have the right to object to solely automated decision-making. WhatsDone's human-in-the-loop design means no decision is fully automated.
  • Data deletion: You can request deletion of all AI-processed data and organisation-specific learning at any time.

9. Changes to This Policy

We will notify you of material changes to this policy at least 30 days in advance. Changes that expand AI processing scope or reduce safeguards will require your affirmative consent before taking effect.

10. Contact

Show the world how it’s done.

Join the waitlist. Be first in line when early access opens.

Join Waitlist