This Privacy Policy explains how our AI assistant bot (“we,” “our,” or “us”) collects, uses, and shares personal data to help users with digital tasks. By using our services, you agree to the collection and use of information in accordance with this policy.

Introduction and Purpose

Our AI assistant bot is designed to assist users with various digital tasks. This policy is intended to inform you about how we collect, process, and protect your personal data, as well as your rights regarding this information.

Types of Data Collected

Read more about our Data Security practices (includes videos)

We may collect the following types of data:

  • Personal Information: Name, email address, phone number, and other contact details. This is the only data we store, encrypted in rest and in transit in order to connect back to you.
  • Data Identifiers: Calendar, events, tasks identifiers (not names, not descriptions), are used and stored to be referenced when original data is needed.
  • Interaction Data: Chat and voice interactions with the AI assistant, usage patterns, task-related data, and feedback. We do not store a copy of the data we access by connecting your accounts
  • Device Information: IP address, browser type, operating system, device type, and location (if enabled).
  • Cookies: Cookies and tracking technologies used to enhance the user experience and remember preferences.

Purpose of Data Collection

The data we collect is used to:

  • Provide personalized services and responses from the AI assistant, using own data analysis models
  • Improve the accuracy and functionality of the AI bot. We don’t store it, but run various A/B tests with the data.
  • Analyze usage patterns to enhance user experience.
  • Provide customer support and troubleshoot issues.
  • Comply with legal obligations.

The data we collect will never be used for the following purposes:

  • Training, developing, or enhancing any large language models (LLMs), artificial intelligence (AI), or machine learning (ML) systems.
  • Sharing, selling, or deriving financial benefits from providing your data to third parties.

Connecting your Google Account:

  • We utilize the Google Workspace API to analyze your data. However, this data is never used for training, developing, or enhancing any large language models (LLMs), artificial intelligence (AI), or machine learning (ML) systems.
  • No copies of your data are stored. Your data is processed solely for the purpose of assisting with specific tasks within the assistant’s functionality and only during active data processing pipelines.

Legal Basis for Data Processing

We process your data based on the following legal grounds:

  • Consent: We may process your personal data when you have given your explicit consent.
  • Legitimate Interests: To provide, improve, and support our services.
  • Compliance with Legal Obligations: To fulfill regulatory or legal requirements.

Data Storage and Retention

Your data is securely stored on our servers or on third-party services that comply with data protection regulations. We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. After this period, your data will be deleted or anonymized.

Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. However, we may share data with the following:

  • Service Providers: Trusted third-party vendors that help us with hosting, analytics, or processing tasks.
  • Legal Requirements: If required by law or to protect our legal rights, we may share your data with government agencies or regulators.
  • Business Transfers: In case of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.

Read more about our Data Security practices.

User Rights

Under data protection laws, you have the following rights over your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to any inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data.
  • Right to Restrict Processing: Ask us to suspend processing of your personal data.
  • Right to Data Portability: Request your data in a machine-readable format to transfer to another service.
  • Right to Object: Object to our processing of your personal data, including for marketing purposes.
  • Right to Withdraw Consent: Withdraw your consent at any time, where applicable.

Data Security

This data security policy is an extension of our Privacy Policy to focus on best practices related to data we access and process for our users.

Overview

  1. We are committed to protecting your sensitive data, including and not limited to data from calendar events, email information, and tasks
  2. All sensitive data is encrypted during transmission and at rest.
  3. Access is restricted to authorized personnel for the purposes you have explicitly consented to.
  4. We do not share your data with third parties without your permission.
  5. You can review, delete, or revoke access to your data at any time.
  6. In case of a security breach, we will notify affected users promptly and take immediate corrective action.

1. Data Collection & Usage

  • Types of data collected: We collect public user profile information: email address, name and phone numbers and encrypt this data at rest.
  • Data identifiers: We store data identifiers from accessed APIs (email IDs, calendar & events IDs, tasks IDs) needed to provide reminders and reference the data when used.
  • Sensitive data: Personal data, calendar data, notes and user provided information that we store is stored in secure environments that use industry-standard encryption.
  • Data usage: data collected is to provide specific functionalities such as event reminders, email summaries, or task management, similar to a real assistant you have besides you.

2. Data Protection Practices

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS).
  • Encryption at Rest: All stored data, that is sensitive data, is encrypted using industry-standard AES-256 encryption.
  • Access Controls: We enforce strict access control policies to ensure only authorized personnel can access sensitive data.
  • Authentication: We support multi-factor authentication (MFA) to provide an additional layer of security for user accounts.
  • Secure Cloud Storage: Data is hosted on secure cloud environments, including Google Cloud, Microsoft Azure, and DigitalOcean. These platforms comply with international data protection standards, such as ISO/IEC 27001, ensuring the highest levels of security and operational excellence.
  • Compliance with Data Policies: Our cloud providers adhere to GDPR, CCPA, and other global data privacy regulations, ensuring that your information is stored and processed in environments designed to meet the strictest compliance requirements.

3. Privacy Practices

  • No Data Sharing: Your data is never sold, shared, or rented to third parties under any circumstances.
  • Exclusion from LLM Training: Your data is not utilized for the training, development, or improvement of large language models (LLMs). All processing of text or voice input is strictly confined to fulfilling your specific requests.
  • Commitment to Transparency: You maintain full ownership of your data. We provide clear tools that allow you to export or permanently delete your data at any time.

4. Data Storage and Retention

  • Secure Storage: Your data is stored on secure servers that comply with international data protection standards.
  • Personal Data from Connected Accounts: We do not store or retain data obtained by connecting your accounts. Data that we read is only used for processing required tasks.
  • Access to email, calendar, contacts: While our system reads emails, calendar events or tasks list, we do not store a copy of this data. It is only read during processing, in temporary memory of our software systems.
  • Retention Policy: Data is retained only as long as necessary to provide our services. Deleted data is permanently removed from our systems.

5. Incident Management

  • Monitoring: We continuously monitor our systems for unauthorized access and potential vulnerabilities.
  • Incident Response: In the event of a security breach, we will notify affected users promptly and take immediate steps to mitigate the issue.

6. User Rights and Control

  • Data Control: Every user can view, edit, or delete it’s own data at any time through your account dashboard.
  • Revoke access: At any time, users can revoke access for calendar, email or tasks. Along with delete data request, this ensures complete data access
  • Consent Management: You can update your consent preferences for specific features and data usage.
  • Data Portability: We provide options to export your data in a structured, machine-readable format.
  • Limited access: Access to sensitive data is limited to authorized personal, with the explicit consent from the user. For any technical purpose, this data is encrypted and not visible in clear.

7. Compliance

  • GDPR Compliance: We adhere to the General Data Protection Regulation (GDPR) for users within the European Union.
  • CCPA Compliance: We comply with the California Consumer Privacy Act (CCPA) for users in California.

8. Security Features

  • Secure APIs: All integrations with calendar, email, and to-do lists use secure APIs with OAuth 2.0 authentication.
  • Regular Audits: We conduct regular security audits to identify and resolve vulnerabilities.