1. What ANCI is
ANCI is a scheduling agent platform built on six years of production scheduling infrastructure (originally TEAMCAL AI, used by 128 enterprises across 90 countries since 2020). Each ANCI agent operates within your Google Workspace or Microsoft 365 environment to coordinate meetings on behalf of your team.
Specific agents include:
- Zara — executive scheduling across teams
- Ray — recruiting and interview loop coordination
- Kai — sales meeting coordination
- Mia — dedicated scheduling for a single executive
- Ben — M&A and enterprise deal coordination
- Finn — legal calendar and matter management
- Tess — healthcare patient coordination
- Luna — academic scheduling
- Max — internal operations and meeting cadence
- Nova — event and conference coordination
All agents share the same security model and OAuth permission structure documented below. You approve the integration once at the workspace level; individual agents activate based on your subscription.
2. What Zara needs from your workspace
ANCI requests OAuth permissions through your provider's standard consent flow. The exact scopes depend on whether you use Google Workspace or Microsoft 365.
Google Workspace
- profile, email— basic identity for the connecting user
- calendar.events— read and write calendar events
- calendar.settings.readonly— read calendar timezone and working-hour settings
- calendar.calendars.readonly— enumerate available calendars
- calendar.freebusy— check availability for scheduling
- directory.readonly— read organizational directory for internal scheduling
- drive.file— access only files Zara creates or files explicitly shared with the agent
Microsoft 365
- openid, profile, offline_access— sign-in and session refresh
- User.Read, User.Read.All— read directory for internal scheduling
- Calendars.Read, Calendars.ReadWrite— read and write calendar events
- Calendars.ReadWrite.Shared— manage delegated and shared calendars
- MailboxSettings.Read, MailboxSettings.ReadWrite— read and update timezone, working hours, automatic replies
- OnlineMeetings.ReadWrite— create and manage Teams meeting links
Why these scopes: Calendar read/write is required for the agent to schedule. Directory read enables internal team scheduling (without it, agents can only schedule with people whose calendars are explicitly shared). Online meeting scopes generate Teams or Meet links automatically. ANCI does not request mail-read or full-drive scopes.
3. What Zara does not access
The following are explicitly outside the requested permission set:
- Email content. ANCI does not read inbox messages. Scheduling correspondence is handled through the agent's own scheduling channels, not by parsing user inboxes.
- Files in Drive or OneDrive beyond scheduling attachments the user explicitly shares with the agent. The Google
drive.file scope grants access only to files the agent itself creates, or files explicitly shared with it.
- Admin operations. ANCI cannot modify users, groups, settings, or permissions in your workspace. The agent operates with user-equivalent permissions, not admin permissions.
- Data from other tenants. ANCI agents are scoped to your workspace. They cannot read data from other companies' deployments.
- Passwords or credentials. Authentication is OAuth-based. ANCI never sees, stores, or transmits user passwords.
4. Where the data goes
ANCI processes scheduling data through dedicated infrastructure with the following characteristics:
| Aspect | Detail |
|---|
| Hosting |
Amazon Web Services (AWS), US-East primary region. EU data residency option available for European customers on request. |
| Encryption at rest |
AES-256 encryption for all stored data. Encryption keys managed via AWS KMS. |
| Encryption in transit |
TLS 1.3 for all client-to-server and server-to-server communication. OAuth tokens transmitted only over TLS. |
| Sub-processors |
AWS (hosting and storage), Stripe (subscription billing), Anthropic (Claude API for natural language understanding). Full sub-processor list available at security@meetanci.com. |
| Data retention |
Active calendar and scheduling data retained for the duration of the subscription. Audit logs retained for 12 months. On termination, all customer data deleted within 30 days unless a longer retention period is contractually required. |
5. Compliance posture
| Framework | Status |
|---|
| SOC 2 Type II |
Audit in progress. Type II report available Q4 2026. Type I report available on request under NDA. |
| GDPR |
Compliant data handling for EU customers. DPA available for immediate download (no sign-in required) at our Security page. Custom DPA negotiation supported. |
| HIPAA |
BAA available for HIPAA-covered entities. Relevant primarily for Tess (healthcare scheduling) deployments. |
| Pre-audit security questionnaire |
44-question pre-filled questionnaire (SIG Lite / CAIQ format) available for immediate download at our Security page. No sign-in or NDA required. |
| Penetration testing |
Annual third-party penetration tests. Most recent report summary available under NDA. |
If your security review process requires SOC 2 Type II to proceed: Type II report is on track for Q4 2026. In the interim, our pre-filled vendor security questionnaire (44 questions, SIG Lite / CAIQ format), DPA, and Data Retention Policy are available for immediate download at our
Security page. Type I report, penetration test summary, and a scheduled security call available on request. Most enterprise security teams find this sufficient to move forward with a deployment pilot.
6. How to approve access
The buyer (your colleague setting up ANCI) will send you a consent link directly. The link initiates the OAuth flow at either Google or Microsoft, depending on your workspace.
Google Workspace admins
- The buyer sends you a consent link from
accounts.google.com.
- Open the link. You'll be asked to sign in with your Google Workspace admin account.
- Google's consent screen displays the exact permissions ANCI is requesting (the same scopes listed in section 2).
- Review the permission set. If your organization requires domain-wide delegation for shared calendar access, check the "Grant access to all users in your organization" option.
- Click Allow.
- Notify your colleague that consent has been granted. They can proceed with ANCI setup.
Microsoft 365 admins
- The buyer sends you a tenant admin consent link from
login.microsoftonline.com.
- Open the link. You'll be asked to sign in with your Microsoft 365 Global Administrator or Application Administrator account.
- Microsoft's admin consent screen displays the exact permissions ANCI is requesting (the same scopes listed in section 2).
- Review the permission set. For organization-wide deployment, select Consent on behalf of your organization.
- Click Accept.
- Notify your colleague that consent has been granted. They can proceed with ANCI setup.
Time required: Most admins complete the approval in under 10 minutes. If you need to review the security posture more carefully first, request a security call before approving — email
security@meetanci.com and we'll schedule a 30-minute conversation.
7. How to revoke access
Access can be revoked at any time, from your standard workspace admin console. Revocation is immediate.
Google Workspace
- Open Google Workspace Admin Console.
- Go to Security → API Controls → App access control.
- Find ANCI in the list of authorized apps.
- Click Revoke access.
Microsoft 365
- Open Microsoft 365 Admin Center.
- Go to Enterprise Applications.
- Find ANCI in the list of authorized apps.
- Click Delete or revoke consent through the application's properties.
What happens when access is revoked: ANCI immediately loses the ability to schedule or read calendar data. Existing calendar events created by Zara remain on your team's calendars (they're standard calendar events, not ANCI-owned objects). ANCI does not retain copies of your calendar data outside what's required for active scheduling operations. On revocation, all retained data is deleted within 30 days per our data retention policy.