Data Security

This data security policy is an extension of our Privacy Policy to focus on best practices related to personal user information.

1. Data Protection Practices

Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS).
Encryption at Rest: All stored data, including calendar events, emails, and to-do lists, is encrypted using industry-standard AES-256 encryption.
Access Controls: We enforce strict access control policies to ensure only authorized personnel can access sensitive data.
Authentication: We support multi-factor authentication (MFA) to provide an additional layer of security for user accounts.
Secure Cloud Storage: Data is hosted on secure cloud environments, including Google Cloud, Microsoft Azure, and DigitalOcean. These platforms comply with international data protection standards, such as ISO/IEC 27001, ensuring the highest levels of security and operational excellence.
Compliance with Data Policies: Our cloud providers adhere to GDPR, CCPA, and other global data privacy regulations, ensuring that your information is stored and processed in environments designed to meet the strictest compliance requirements.

No Data Sharing: Your data is never sold, shared, or rented to third parties under any circumstances.
Exclusion from LLM Training: Your data is not utilized for the training, development, or improvement of large language models (LLMs). All processing of text or voice input is strictly confined to fulfilling your specific requests.
Commitment to Transparency: You maintain full ownership of your data. We provide clear tools that allow you to export or permanently delete your data at any time.

Secure Storage: Your data is stored on secure servers that comply with international data protection standards.
Personal Data from Connected Accounts: We do not store or retain data obtained by connecting your accounts. Data that we read is only used for processing required tasks.
Access to email, calendar, contacts: While our system reads emails, calendar events or tasks list, we do not store a copy of this data. It is only read during processing, in temporary memory of our software systems.
Retention Policy: Data is retained only as long as necessary to provide our services. Deleted data is permanently removed from our systems.

Monitoring: We continuously monitor our systems for unauthorized access and potential vulnerabilities.
Incident Response: In the event of a security breach, we will notify affected users promptly and take immediate steps to mitigate the issue.

Data Access: You can view, edit, or delete your data at any time through your account dashboard.
Consent Management: You can update your consent preferences for specific features and data usage.
Data Portability: We provide options to export your data in a structured, machine-readable format.

GDPR Compliance: We adhere to the General Data Protection Regulation (GDPR) for users within the European Union.
CCPA Compliance: We comply with the California Consumer Privacy Act (CCPA) for users in California.

Secure APIs: All integrations with calendar, email, and to-do lists use secure APIs with OAuth 2.0 authentication.
Regular Audits: We conduct regular security audits to identify and resolve vulnerabilities.