Privacy Policy

Last Revised: June 16, 2025



Our Commitment to Your Privacy :

We are strongly committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how April ("we," "our," or "us") collects, uses, and protects your information when you use our voice-first productivity assistant.



----------------------------------------

Our Core Privacy Principles


✅ We only access your data when you explicitly request it

✅ We never sell your data or use it for advertising

✅ We don't train AI models on your personal information

✅ Voice commands are processed and immediately deleted

✅ You maintain complete control over your data

----------------------------------------


1. Collection of Your Information

We collect information from and about you to provide, improve, and protect our services.

Personal Data:

- Email address, name, and profile picture (from Google OAuth)

- OAuth tokens and refresh tokens

- Support contact information

Derivative Data:

- Usage analytics (features used, session duration, etc.)

- Technical data (device, IP, browser)

- Transcriptions of voice commands (audio deleted immediately)

- Anonymized error logs

----------------------------------------

2. Google User Data Disclosures

Limited Use Disclosure:

April’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use.

Google Data We Access:

We only access your data when you request it:

- Gmail: Read messages, compose drafts, modify labels, access attachments

- Calendar: Read/create/modify events, access locations and participants

- Contacts (read-only): Access names/emails for autocomplete

Data Use Restrictions:

🚫 No AI/ML training

🚫 No advertising

🚫 No third-party sharing

🚫 No human review (unless required for support/security with consent)

Your Control:

✅ Revoke access anytime via Google Permissions

✅ Data accessed only during active voice sessions

✅ No permanent storage

✅ Voice audio immediately deleted

----------------------------------------

3. Use of Your Information

We use data to:

🎯 Deliver services: voice commands, email/calendar handling

🔐 Manage accounts: authenticate, secure sessions

🚀 Improve product: fix bugs, refine features

💬 Communicate: support updates, product notices

Legal Basis:

- Consent (e.g., OAuth)

- Contract performance

- Legitimate interest

- Legal obligations

----------------------------------------

4. Data Sharing and Disclosure

We do not sell or trade your data.

We may share with:

Service Providers:

- Voice Processing: STT, NLU, TTS (real-time, no storage)

- Cloud Infrastructure: AWS, Google Cloud, auth/CDN services

Legal Disclosures:

- Required by law

- To protect safety/property

- In legal investigations (with notice if allowed)

Business Transfers:

- In merger/acquisition, with notice and data control options

We Never:

✅ Sell your data

✅ Share with ad networks

✅ Allow unauthorized access

✅ Use data beyond delivering services

----------------------------------------

5. Data Protection and Security

Technical Security:

- TLS 1.3, AES-256 encryption

- End-to-end encryption for sensitive operations

- Role-based access, MFA, least privilege

- Regular audits and penetration tests

Organizational Security:

- Employee training and background checks

- 24/7 security monitoring

- Incident response plans

- 72-hour breach notification window

Security Commitments:

✅ Voice audio deleted after processing

✅ No long-term storage of Gmail/Calendar

✅ Regular third-party audits

✅ Secure deletion protocols

----------------------------------------

6. Data Retention

What We Retain:

- Account data (while account is active)

- Analytics (anonymized, 90 days)

- Support emails (2 years max)

What We Don’t Store:

- Voice audio

- Email content

- Calendar data

Data Deletion:

- Account deletion: all data removed in 30 days

- OAuth revocation: immediate disconnection

- Selective deletion: request via email

To request deletion, email: founders@tryapril.com

Legal exceptions may apply.

----------------------------------------

7. User Rights and Controls

Your Rights:

- Access, correct, delete, restrict processing

- Withdraw consent anytime

- Receive portable data copies

- Know who data is shared with

Managing Google Access:

- Revoke access at Google Account Permissions

- No impact to your Google account

- Reauthorize as needed

To exercise your rights, contact: founders@tryapril.com

We’ll respond within 30 days.

----------------------------------------

8. International Data Transfers

April operates from the United States.

Data may be transferred to the U.S.

Safeguards include:

- Encryption

- Access controls

- SCCs (Standard Contractual Clauses)

- GDPR/UK GDPR compliance for EU and UK users

----------------------------------------

9. Policy Changes

We may update this policy based on:

- Practice changes

- Feature updates

- Regulatory shifts

- User feedback

When We Update:

- Update the “Last Revised” date

- Notify users by email (if significant)

- Prompt for reauthorization if Google scopes are affected

----------------------------------------

10. Contact Information

General Inquiries:

Email: founders@tryapril.com

Response Time: Within 2 business days

Legal Entity:

Company: Cosmoverse, Inc.

Product Name: April

Website: tryapril.com

Complaints:

If unresolved, contact your local data protection authority.