Privacy Policy
Last Revised: June 16, 2025
Our Commitment to Your Privacy :
We are strongly committed to protecting your personal information and your right to privacy.
----------------------------------------
Our Core Privacy Principles
✅ We only access your data when you explicitly request it
✅ We never sell your data or use it for advertising
✅ We don't train AI models on your personal information
✅ Voice commands are processed and immediately deleted
✅ You maintain complete control over your data
----------------------------------------
1. Collection of Your Information
We collect information from and about you to provide, improve, and protect our services.
- Email address, name, and profile picture (from Google OAuth)
- OAuth tokens and refresh tokens
- Usage analytics (features used, session duration, etc.)
- Technical data (device, IP, browser)
- Transcriptions of voice commands (audio deleted immediately)
----------------------------------------
2. Google User Data Disclosures
We only access your data when you request it:
- Gmail: Read messages, compose drafts, modify labels, access attachments
- Calendar: Read/create/modify events, access locations and participants
- Contacts (read-only): Access names/emails for autocomplete
🚫 No human review (unless required for support/security with consent)
✅ Revoke access anytime via Google Permissions
✅ Data accessed only during active voice sessions
✅ Voice audio immediately deleted
----------------------------------------
3. Use of Your Information
🎯 Deliver services: voice commands, email/calendar handling
🔐 Manage accounts: authenticate, secure sessions
🚀 Improve product: fix bugs, refine features
💬 Communicate: support updates, product notices
----------------------------------------
4. Data Sharing and Disclosure
We do not sell or trade your data.
- Voice Processing: STT, NLU, TTS (real-time, no storage)
- Cloud Infrastructure: AWS, Google Cloud, auth/CDN services
- In legal investigations (with notice if allowed)
- In merger/acquisition, with notice and data control options
✅ Use data beyond delivering services
----------------------------------------
5. Data Protection and Security
- End-to-end encryption for sensitive operations
- Role-based access, MFA, least privilege
- Regular audits and penetration tests
- Employee training and background checks
- 72-hour breach notification window
✅ Voice audio deleted after processing
✅ No long-term storage of Gmail/Calendar
----------------------------------------
6. Data Retention
- Account data (while account is active)
- Analytics (anonymized, 90 days)
- Support emails (2 years max)
- Account deletion: all data removed in 30 days
- OAuth revocation: immediate disconnection
- Selective deletion: request via email
To request deletion, email: founders@tryapril.com
----------------------------------------
7. User Rights and Controls
- Access, correct, delete, restrict processing
- Receive portable data copies
- Know who data is shared with
- Revoke access at Google Account Permissions
- No impact to your Google account
To exercise your rights, contact: founders@tryapril.com
----------------------------------------
8. International Data Transfers
April operates from the United States.
Data may be transferred to the U.S.
- SCCs (Standard Contractual Clauses)
- GDPR/UK GDPR compliance for EU and UK users
----------------------------------------
9. Policy Changes
We may update this policy based on:
- Update the “Last Revised” date
- Notify users by email (if significant)
- Prompt for reauthorization if Google scopes are affected
----------------------------------------
10. Contact Information
Response Time: Within 2 business days
If unresolved, contact your local data protection authority.