Privacy Policy

Last Revised: June 16, 2025

Our Commitment to Your Privacy

We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how April ("we," "our," or "us") collects, uses, and protects your information when you use our voice-first productivity assistant.

Our Core Privacy Principles:

Table of Contents

1. Collection of Your Information

We collect information from and about you when you use April to help us provide, improve, and protect our services.

Personal Data

We collect the following personal information:

Derivative Data

Information automatically collected when you use April:

3. Google User Data Disclosures

Limited Use Disclosure: April's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

This means we will only use access to read, write, modify, or control Gmail and Google Calendar data to provide the voice assistant features you explicitly request.

Google Data We Access

April only accesses your Google data when you explicitly request it through voice commands. We request the following permissions:

📧 Gmail Scope

  • Read email messages and metadata
  • Compose and send email drafts
  • Modify email labels and organization
  • Access email attachments when requested

📅 Calendar Scope

  • Read calendar events and details
  • Create new calendar events
  • Update and modify existing events
  • Access event participants and locations

Data Use Restrictions

We commit to the following restrictions on your Google user data:

Your Control Over Google Data

2. Use of Your Information

We use the information we collect to provide, maintain, and improve April's services. Here's how we use different types of data:

Primary Uses

🎯
Service Delivery

Process voice commands, manage emails, handle calendar operations

🔐
Account Management

Authenticate users, maintain secure sessions, prevent unauthorized access

🚀
Service Improvement

Enhance voice recognition accuracy, fix bugs, develop new features

💬
Communication

Send service updates, respond to support requests, notify of important changes

Legal Basis for Processing

We process your personal data based on:

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share your data in limited circumstances essential for service delivery.

Service Providers

We may share data with trusted third-party service providers who assist us in operating our service:

🎤 Voice Processing Services

  • Speech-to-text conversion providers
  • Natural language understanding services
  • Text-to-speech generation services

Voice data is processed in real-time and immediately deleted.

☁️ Cloud Infrastructure

  • Secure cloud hosting providers (AWS, Google Cloud)
  • Content delivery networks
  • Authentication and security services

All providers are bound by strict data processing agreements.

Legal Disclosure

We may disclose your information when required by law or to protect rights and safety:

We will notify you of legal requests for your data when legally permitted to do so.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership and provide choices regarding your data.

We Never:

  • ✅ Sell your personal data to third parties
  • ✅ Share your Google data for advertising purposes
  • ✅ Allow unauthorized access to your email or calendar
  • ✅ Use your data for purposes other than providing our service

4. Data Protection and Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

🔒 Encryption

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive operations
  • Encrypted database storage and backups

🚫 Access Controls

  • Multi-factor authentication requirements
  • Role-based access permissions
  • Regular access reviews and audits
  • Principle of least privilege enforcement

🛡️ Infrastructure Security

  • 24/7 security monitoring and logging
  • DDoS protection and traffic filtering
  • Regular security assessments and penetration testing
  • Secure cloud hosting with tier-1 providers

Organizational Security

Data Security Commitments

7. Data Retention

We retain personal data only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy.

Retention Periods

We practice data minimization and retain information only as long as necessary:

What We Retain

  • Account Information: Maintained while your account is active
  • Usage Analytics: Anonymized data retained for 90 days for service improvement
  • Support Communications: Retained for 2 years for customer service purposes

What We Don't Store

  • Voice Audio: Processed in real-time and immediately deleted
  • Email Content: Accessed only during active sessions, never stored
  • Calendar Data: Accessed only when requested, never permanently stored

Data Deletion

You can request data deletion at any time:

For data deletion requests, email [email protected]. We may retain certain data if required by law, but it will be anonymized where possible.

5. User Rights and Controls

You have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Your Data Rights

You have comprehensive rights regarding your personal data:

Access Rights

  • Request copies of your personal data
  • Learn how we process your information
  • Receive data in portable formats
  • Know who we share your data with

Control Rights

  • Correct inaccurate information
  • Delete your personal data
  • Restrict processing activities
  • Withdraw consent at any time

Managing Google Access

You maintain full control over April's access to your Google account:

Exercising Your Rights

To exercise any privacy rights, contact us at [email protected] with your request. We will respond within 30 days and may require identity verification to protect your data.

8. International Data Transfers

April is operated from the United States. When you use our service, your data may be transferred to and processed in countries other than your own.

Data Processing Location

April is operated from the United States. If you access our service from outside the U.S., your data may be transferred to and processed in the United States, where privacy laws may differ from those in your country.

International Privacy Rights

We respect privacy rights globally and comply with applicable data protection laws:

Transfer Safeguards

For international data transfers, we implement appropriate safeguards including encryption, access controls, and standard contractual clauses where required by law.

9. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We may update this Privacy Policy to reflect changes in our practices, new features, legal requirements, or user feedback.

Notification of Changes

When we make material changes to this Privacy Policy, we will:

Your continued use of April after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may discontinue use and delete your account.

10. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Contact Details

General Inquiries

Email: [email protected]
Response Time: Within 2 business days

Company Information

Legal Entity: Cosmoverse, Inc.
Service Name: April
Website: tryapril.com

Rights and Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to contact your local data protection authority or regulatory body.

Privacy Policy Summary

🔒 Key Privacy Commitments:

  • Data Minimization: We only access your Gmail and Calendar when you explicitly request it
  • No Permanent Storage: Voice commands are processed in real-time and immediately deleted
  • No Data Sales: We never sell your data or use it for advertising purposes
  • Google API Compliance: We strictly adhere to Google's Limited Use requirements
  • Strong Security: Your data is encrypted and protected with enterprise-grade security
  • User Control: You maintain full control over permissions and can delete your data anytime
  • Transparency: We provide clear information about our data practices and your rights