Privacy Policy

1. Collection of Your Information

We collect information from and about you when you use April to help us provide, improve, and protect our services.

Personal Data

We collect the following personal information:

Account Information: Email address, name, and profile picture (from Google OAuth)
Authentication Data: OAuth tokens and refresh tokens for Google services
Contact Information: When you reach out to us for support

Derivative Data

Information automatically collected when you use April:

Usage Analytics: Features used, session duration, command frequency
Technical Data: Device type, browser information, IP address, time zone
Voice Interaction Data: Command transcriptions (audio immediately deleted)
Error Logs: Anonymized technical issues for debugging

3. Google User Data Disclosures

Limited Use Disclosure: April's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

This means we will only use access to read, write, modify, or control Gmail and Google Calendar data to provide the voice assistant features you explicitly request.

Google Data We Access

April only accesses your Google data when you explicitly request it through voice commands. We request the following permissions:

📧 Gmail Scope

Read email messages and metadata
Compose and send email drafts
Modify email labels and organization
Access email attachments when requested

📅 Calendar Scope

Read calendar events and details
Create new calendar events
Update and modify existing events
Access event participants and locations

Data Use Restrictions

We commit to the following restrictions on your Google user data:

🚫 No AI/ML Training: We do not use your Google data to train artificial intelligence or machine learning models
🚫 No Advertising: We do not use your data for advertising purposes or share it with advertising networks
🚫 No Third-Party Sharing: We do not sell, rent, or share your Google data with third parties except as described in this policy
🚫 No Human Review: We do not allow humans to read your emails or calendar data except when necessary for security purposes or with your explicit consent

Your Control Over Google Data

✅ You can revoke April's access anytime at Google Account Settings
✅ Data is only accessed during active voice commands
✅ No permanent storage of your email or calendar content
✅ Immediate deletion of voice audio after processing

2. Use of Your Information

We use the information we collect to provide, maintain, and improve April's services. Here's how we use different types of data:

Primary Uses

🎯

Service Delivery

Process voice commands, manage emails, handle calendar operations

🔐

Account Management

Authenticate users, maintain secure sessions, prevent unauthorized access

🚀

Service Improvement

Enhance voice recognition accuracy, fix bugs, develop new features

💬

Communication

Send service updates, respond to support requests, notify of important changes

Legal Basis for Processing

We process your personal data based on:

Consent: When you authorize Google OAuth access
Contract Performance: To provide the services you've requested
Legitimate Interest: To improve our services and ensure security
Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share your data in limited circumstances essential for service delivery.

Service Providers

We may share data with trusted third-party service providers who assist us in operating our service:

🎤 Voice Processing Services

Speech-to-text conversion providers
Natural language understanding services
Text-to-speech generation services

Voice data is processed in real-time and immediately deleted.

☁️ Cloud Infrastructure

Secure cloud hosting providers (AWS, Google Cloud)
Content delivery networks
Authentication and security services

All providers are bound by strict data processing agreements.

Legal Disclosure

We may disclose your information when required by law or to protect rights and safety:

In response to legal process (court orders, subpoenas)
To protect our rights, property, or safety
To protect the rights, property, or safety of others
In connection with legal investigations

We will notify you of legal requests for your data when legally permitted to do so.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership and provide choices regarding your data.

We Never:

✅ Sell your personal data to third parties
✅ Share your Google data for advertising purposes
✅ Allow unauthorized access to your email or calendar
✅ Use your data for purposes other than providing our service

4. Data Protection and Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

🔒 Encryption

TLS 1.3 encryption for data in transit
AES-256 encryption for data at rest
End-to-end encryption for sensitive operations
Encrypted database storage and backups

🚫 Access Controls

Multi-factor authentication requirements
Role-based access permissions
Regular access reviews and audits
Principle of least privilege enforcement

🛡️ Infrastructure Security

24/7 security monitoring and logging
DDoS protection and traffic filtering
Regular security assessments and penetration testing
Secure cloud hosting with tier-1 providers

Organizational Security

Employee Training: Regular security awareness training for all team members
Background Checks: Security screening for personnel with data access
Incident Response: Comprehensive plan for security incident handling
Data Breach Notification: We will notify affected users within 72 hours of discovery

Data Security Commitments

✅ Voice audio processed in real-time and immediately purged
✅ No long-term storage of email or calendar content
✅ Regular third-party security audits and compliance reviews
✅ Secure data disposal procedures for any retained information

7. Data Retention

We retain personal data only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy.

Retention Periods

We practice data minimization and retain information only as long as necessary:

What We Retain

Account Information: Maintained while your account is active
Usage Analytics: Anonymized data retained for 90 days for service improvement
Support Communications: Retained for 2 years for customer service purposes

What We Don't Store

Voice Audio: Processed in real-time and immediately deleted
Email Content: Accessed only during active sessions, never stored
Calendar Data: Accessed only when requested, never permanently stored

Data Deletion

You can request data deletion at any time:

Account Deletion: All personal data removed within 30 days
Google Access Revocation: Immediately stops all access to your Google data
Selective Deletion: Contact us to delete specific data categories

For data deletion requests, email [email protected]. We may retain certain data if required by law, but it will be anonymized where possible.

5. User Rights and Controls

You have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Your Data Rights

You have comprehensive rights regarding your personal data:

Access Rights

Request copies of your personal data
Learn how we process your information
Receive data in portable formats
Know who we share your data with

Control Rights

Correct inaccurate information
Delete your personal data
Restrict processing activities
Withdraw consent at any time

Managing Google Access

You maintain full control over April's access to your Google account:

Visit Google Account Permissions to manage or revoke access
Remove April's permissions at any time without affecting your Google account
Re-authorize with specific permissions as needed

Exercising Your Rights

To exercise any privacy rights, contact us at [email protected] with your request. We will respond within 30 days and may require identity verification to protect your data.

8. International Data Transfers

April is operated from the United States. When you use our service, your data may be transferred to and processed in countries other than your own.

Data Processing Location

April is operated from the United States. If you access our service from outside the U.S., your data may be transferred to and processed in the United States, where privacy laws may differ from those in your country.

International Privacy Rights

We respect privacy rights globally and comply with applicable data protection laws:

European Union (GDPR): EU residents have enhanced rights including complaint rights with supervisory authorities
United Kingdom: UK residents have similar protections under UK GDPR
Other Jurisdictions: We honor applicable local privacy laws and regulations

Transfer Safeguards

For international data transfers, we implement appropriate safeguards including encryption, access controls, and standard contractual clauses where required by law.

9. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We may update this Privacy Policy to reflect changes in our practices, new features, legal requirements, or user feedback.

Notification of Changes

When we make material changes to this Privacy Policy, we will:

Update the "Last Revised" date at the top of this page
Send email notifications to registered users about significant changes
Display a prominent notice in the April service
For changes affecting Google data use, we may require re-authorization

Your continued use of April after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may discontinue use and delete your account.

10. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Contact Details

General Inquiries

Email: [email protected]
Response Time: Within 2 business days

Rights and Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to contact your local data protection authority or regulatory body.

Privacy Policy Summary

🔒 Key Privacy Commitments:

✅ Data Minimization: We only access your Gmail and Calendar when you explicitly request it
✅ No Permanent Storage: Voice commands are processed in real-time and immediately deleted
✅ No Data Sales: We never sell your data or use it for advertising purposes
✅ Google API Compliance: We strictly adhere to Google's Limited Use requirements
✅ Strong Security: Your data is encrypted and protected with enterprise-grade security
✅ User Control: You maintain full control over permissions and can delete your data anytime
✅ Transparency: We provide clear information about our data practices and your rights