This data security policy is an extension of our Privacy Policy to focus on best practices related to data we access and process for our users.

Overview

  1. We are committed to protecting your sensitive data, including and not limited to data from calendar events, email information, and tasks
  2. We do not store any email, calendar or tasks data that we get access through Google/Microsoft APIs
  3. All sensitive data is encrypted during transmission and at rest.
  4. Access is restricted to authorized personnel for the purposes you have explicitly consented to.
  5. We do not share your data with third parties without your permission.
  6. You can review, delete, or revoke access to your data at any time.
  7. In case of a security breach, we will notify affected users promptly and take immediate corrective action.

1. Data Collection & Usage

  • Types of data collected: We collect public user profile information: email address, name and phone numbers and encrypt this data at rest.
  • Data identifiers: We store data identifiers from accessed APIs (email IDs, calendar & events IDs, tasks IDs) needed to provide reminders and reference the data when used.
  • Sensitive data: Personal data, calendar data, notes and user provided information that we store is stored in secure environments that use industry-standard encryption.
  • Data usage: data collected is to provide specific functionalities such as event reminders, email summaries, or task management, similar to a real assistant you have besides you.

2. Data Protection Practices

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS).
  • Encryption at Rest: All stored data, that is sensitive data, is encrypted using industry-standard AES-256 encryption.
  • Access Controls: We enforce strict access control policies to ensure only authorized personnel can access sensitive data.
  • Authentication: We support multi-factor authentication (MFA) to provide an additional layer of security for user accounts.
  • Secure Cloud Storage: Data is hosted on secure cloud environments, including Google Cloud, Microsoft Azure, and DigitalOcean. These platforms comply with international data protection standards, such as ISO/IEC 27001, ensuring the highest levels of security and operational excellence.
  • Compliance with Data Policies: Our cloud providers adhere to GDPR, CCPA, and other global data privacy regulations, ensuring that your information is stored and processed in environments designed to meet the strictest compliance requirements.

3. Privacy Practices

  • No Data Sharing: Your data is never sold, shared, or rented to third parties under any circumstances.
  • Exclusion from LLM Training: Your data is not utilized for the training, development, or improvement of large language models (LLMs). All processing of text or voice input is strictly confined to fulfilling your specific requests.
  • Commitment to Transparency: You maintain full ownership of your data. We provide clear tools that allow you to export or permanently delete your data at any time.

4. Data Storage and Retention

  • Secure Storage: Your data is stored on secure servers that comply with international data protection standards.
  • Personal Data from Connected Accounts: We do not store or retain data obtained by connecting your accounts. Data that we read is only used for processing required tasks.
  • Access to email, calendar, contacts: While our system reads emails, calendar events or tasks list, we do not store a copy of this data. It is only read during processing, in temporary memory of our software systems.
  • Retention Policy: Data is retained only as long as necessary to provide our services. Deleted data is permanently removed from our systems.

5. Incident Management

  • Monitoring: We continuously monitor our systems for unauthorized access and potential vulnerabilities.
  • Incident Response: In the event of a security breach, we will notify affected users promptly and take immediate steps to mitigate the issue.

6. User Rights and Control

  • Data Control: Every user can view, edit, or delete it’s own data at any time through your account dashboard.
  • Revoke access: At any time, users can revoke access for calendar, email or tasks. Along with delete data request, this ensures complete data access
  • Consent Management: You can update your consent preferences for specific features and data usage.
  • Data Portability: We provide options to export your data in a structured, machine-readable format.
  • Limited access: Access to sensitive data is limited to authorized personal, with the explicit consent from the user. For any technical purpose, this data is encrypted and not visible in clear.

7. Compliance

  • GDPR Compliance: We adhere to the General Data Protection Regulation (GDPR) for users within the European Union.
  • CCPA Compliance: We comply with the California Consumer Privacy Act (CCPA) for users in California.

8. Security Features

  • Secure APIs: All integrations with calendar, email, and to-do lists use secure APIs with OAuth 2.0 authentication.
  • Regular Audits: We conduct regular security audits to identify and resolve vulnerabilities.

For any questions regarding data protection and privacy, use our contact details from the Privacy Policy