Privacy Policy for Allytic AI Personal Assistant

Last Updated: July 2024

INTRODUCTION

Welcome to Allytic AI Personal Assistant ("we," "our," "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy details how we collect, use, process, and safeguard your information when you use our mobile application (the "Application").

This policy is designed to comply with the requirements of the Google Play Store and major data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws worldwide.

Please read this Privacy Policy carefully. By accessing or using the Application, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with the terms, please do not access the Application.

1. INFORMATION WE COLLECT

We collect information that you provide directly to us, information from third-party services when you grant us permission, information that is automatically collected from your device, and information we generate to provide personalized services.

1.1. Information You Provide Directly

  • Account Information: When you create an account, we collect your name and email address provided through Google Sign-In via Firebase Authentication.
  • User Content: We collect the content of your interactions with the assistant, including:
    • Voice commands (as audio files temporarily processed for transcription)
    • Transcribed text of voice commands
    • Text queries you submit
    • Explicit instructions to remember information
    • Files and documents you choose to upload for analysis
  • Location Information: When you use location-based features, we may collect:
    • Your current location (with explicit permission)
    • Named locations you save (e.g., "home," "office")
    • Location-based reminders and geofence preferences

1.2. Information from Third-Party Services (with Your Consent)

To provide its core functionality, the Application connects with third-party services. We only access this data upon your explicit authorization and solely for the purposes described.

  • Google Services: If you grant permission, our assistant accesses:
    • Gmail: To search, read, send, and draft emails on your behalf
    • Google Calendar: To create, find, and manage events
    • Google Tasks: To create and manage reminders
    • Google Drive: To search, read, create, and organize documents
    • Google Photos: To search and organize your photos and videos
    • Google Contacts: To find and manage your personal and professional contacts
    • Google Maps: For navigation, directions, and location services
  • Spotify: If you connect your Spotify account, we access information necessary to control playback, search music, and manage playlists.
  • Uber: If you connect your Uber account, we access ride-hailing capabilities to request rides on your behalf.
  • Notion: If you connect your Notion account, we access your workspaces to create, search, and manage notes and knowledge bases.
  • Health Data: If you grant permission, we may access:
    • Sleep data from your device's health apps
    • Activity data (steps, calories, exercise)
    • Health metrics you choose to share

The use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not store your emails, calendar events, or other third-party data on our servers; we only access them on-demand to fulfill your requests.

1.3. Information Collected Automatically

  • Device and Usage Information: We collect data about the device you use to access the Application, including:
    • Device model, operating system, unique device identifiers
    • Mobile network information and IP address
    • App usage patterns and feature interactions
    • Performance data, crash reports, and error logs
    • Device fingerprints for security purposes
  • Security Information: For fraud prevention and security monitoring, we collect:
    • Authentication logs and session data
    • Request patterns and suspicious activity indicators
    • Device trust signals and security events

1.4. Permissions-Based Information

We request specific permissions to enable key features. You can manage these permissions in your device settings.

  • Camera Permission: Required solely to control the device's flashlight for features like the "Lumos" command. We do not capture, view, store, or transmit any images or videos.
  • Microphone Permission: Required to capture voice commands for processing. Audio is processed in real-time and not stored permanently.
  • Location Permission: Required for location-based features including navigation, geofenced reminders, and location-aware suggestions. To enable geofenced reminders that function when the app is not in use, we require ACCESS_BACKGROUND_LOCATION permission.
  • Accessibility Service Permission: Used exclusively to detect specific hardware key combinations to launch the assistant. We do not monitor other on-screen activity or data from other applications.

1.5. Information We Generate for Personalization and Context

To provide intelligent and personalized experiences, we generate and store information based on your interactions:

  • Conversation History and Summaries: We retain conversation context and generate summaries for better future interactions.
  • Learned User Preferences: The assistant learns from your interactions, including:
    • Communication preferences and patterns
    • Scheduling preferences and availability
    • Travel preferences and frequently visited locations
    • Music preferences and listening habits
    • Work patterns and productivity insights
  • Explicit Long-Term Memory: Information you explicitly ask us to remember.
  • Behavioral Analytics: Anonymized usage patterns to improve our services.

2. LEGAL BASIS FOR PROCESSING YOUR INFORMATION

We process your data based on the following legal grounds:

  • Your Consent: When you link third-party accounts, grant device permissions, or enable specific features.
  • Contractual Necessity: To provide the services you have requested as part of our agreement with you.
  • Legitimate Interests: For improving the Application, analytics, security monitoring, and fraud prevention, provided these interests don't override your fundamental rights and freedoms.
  • Legal Compliance: When required by applicable laws or regulations.

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

  • Core Service Delivery:
    • Account creation and management
    • Processing voice and text commands
    • Executing actions across connected services
    • Providing personalized responses and recommendations
  • Enhanced Features:
    • Location-based services and navigation
    • Proactive notifications and suggestions
    • Health and wellness insights
    • Smart scheduling and conflict detection
    • Document analysis and knowledge management
  • Service Improvement:
    • Performance monitoring and optimization
    • Feature development and testing
    • User experience enhancement
    • Security and fraud prevention
  • Communication:
    • Responding to support requests
    • Sending important service updates
    • Providing feature announcements (with consent)

4. DISCLOSURE OF YOUR INFORMATION

We do not sell your personal information. We may share your information with trusted third-party service providers who are essential for our operations, categorized as follows:

4.1. Cloud Infrastructure Providers

These providers host our backend services and databases.

  • Microsoft Azure: Primary backend hosting, database storage.
  • Amazon Web Services (AWS): Secondary cloud infrastructure and specialized services.

4.2. Core AI, Search, and Data Service Providers

These providers supply the core intelligence and data for the assistant.

  • Azure OpenAI: For natural language processing and response generation.
  • Amazon Transcribe: For converting your speech to text.
  • Amazon Polly: For converting the assistant's text responses to speech.
  • Amazon Textract: For extracting text from medical documents you upload.
  • Perplexity AI: For performing web searches to answer questions with current information.
  • OpenWeatherMap: For providing weather data and forecasts.

4.3. Connected Third-Party Services

When you explicitly connect your accounts from these services, we exchange data with them to perform actions on your behalf.

  • Google: To interact with Gmail, Calendar, Tasks, Drive, Photos, Contacts, and Maps.
  • Spotify: To control music playback and manage playlists.
  • Uber: To request rides.
  • Notion: To create and manage notes.

4.4. Analytics and Security Providers

These providers help us manage user accounts securely and monitor application performance.

  • Firebase: For user authentication and push notifications.
  • Azure Application Insights: For performance monitoring and error tracking.

4.5. Legal Disclosures

We may disclose your information if required by law, subpoena, or other legal processes, or if we believe in good faith that disclosure is necessary to protect our rights, ensure your safety or the safety of others, investigate fraud, or respond to a government request.

5. DATA RETENTION

We retain personal data only as long as necessary for service provision and legitimate business purposes:

  • Account Data: Retained while your account is active
  • Conversation History: Retained according to your privacy settings (default: 365 days)
  • Learning Data: Retained while beneficial for personalization
  • Security Logs: Retained for up to 2 years for security purposes
  • Analytics Data: Anonymized data may be retained indefinitely

You can request data deletion at any time through our privacy controls or by contacting us.

6. SECURITY OF YOUR INFORMATION

We implement comprehensive security measures:

  • Encryption:
    • In Transit: All data uses TLS 1.2+ encryption.
    • At Rest: Database encryption by cloud providers.
    • Application-Level: Additional encryption for sensitive data using AES-256.
  • Access Controls:
    • Zero Trust Architecture: Every request is verified.
    • Principle of Least Privilege: Minimal necessary permissions.
    • Multi-Factor Authentication: For administrative access.
  • Security Monitoring:
    • Continuous Monitoring: Automated threat detection.
    • Security Headers: Protection against common web attacks.
    • Rate Limiting: Protection against abuse and DDoS attacks.
    • Input Validation: Protection against injection attacks.
  • Secure Storage:
    • Azure Key Vault: For sensitive credentials.
    • Encrypted OAuth Tokens: All third-party access tokens are encrypted.
    • Secure Session Management: JWT tokens with proper expiration.

7. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

8. YOUR DATA PROTECTION RIGHTS

You have significant control over your personal information:

8.1. Universal Rights

  • Right to Access: Request copies of your personal data.
  • Right to Rectification: Correct inaccurate information.
  • Right to Erasure: Request deletion of your data.
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a portable format.
  • Right to Object: Object to our processing of your data.

8.2. Privacy Controls

  • Data Export: Download your complete data archive.
  • Selective Deletion: Choose what data to keep or delete.
  • Privacy Settings: Control notifications and data sharing.
  • Consent Management: Withdraw consent for specific features.

To exercise these rights, visit your privacy settings in the app or contact us at [email protected].

8.3. Regional Rights

GDPR (EU/EEA): Full compliance with all GDPR requirements, including the right to lodge complaints with supervisory authorities.

CCPA (California): Complete transparency about data collection, no sale of personal information, and equal service regardless of privacy choices.

9. CHILDREN'S PRIVACY

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover such collection, we will delete the information immediately.

10. COOKIES AND TRACKING

We use cookies and similar technologies for:

  • Essential Functions: Authentication and session management
  • Performance: Analytics and error tracking
  • Security: Fraud prevention and threat detection

You can manage cookie preferences through your browser settings.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. We will notify you of significant changes through the app or email. Continued use after changes indicates acceptance of the updated policy.

12. CONTACT US

We aim to respond to all privacy requests within 30 days.

This Privacy Policy demonstrates our commitment to transparency and user control. We continuously update our practices to provide the best possible protection for your personal information while delivering exceptional AI assistant services.