Privacy Policy

Introduction

At alfred_ (operated by Knowledge Butler, Inc., "we", "us", "our"), your privacy is fundamental to how we build our platform. This policy explains exactly what data we collect, how we use it, who we share it with, and how you can control it.

We believe in complete transparency. This document describes our actual practices, not aspirational statements, but what our software actually does.

Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign up via Google or Microsoft OAuth, we receive your email and profile name from those services. Passwords are hashed and managed by our authentication provider.

Payment Information

Payment processing is handled entirely by our third-party payment processor. We do not collect, store, or have access to your full credit card number, CVV, or billing address.

Email Data (When Connected)

When you connect Gmail or Outlook, we access:

• • Email subjects, sender/recipient addresses, and preview snippets
• • Email body content (when generating draft responses)
• • Thread IDs and message metadata
• • Unread status and timestamps

We use this data to analyze priority, extract action items, detect follow-ups, and generate draft responses. Email content is processed by third-party AI services.

Calendar Data (When Connected)

When you connect Google Calendar or Outlook Calendar, we access:

• • Event titles, start/end times, and locations
• • Attendee names, emails, and response status
• • Organizer information
• • Virtual meeting URLs

Calendar events are cached in our database (typically a 28-day window) to provide schedule analysis and reduce API calls.

Contact Data

We access your Google Contacts or Microsoft contacts to enable recipient autocomplete. We store email addresses, display names, and contact frequency scores.

Tasks, Notes, and User-Created Content

We store all tasks you create (manually or auto-extracted from emails), notes, kanban boards, and whiteboard content in our database.

OAuth Tokens

When you connect email or calendar accounts, we store OAuth access tokens and refresh tokens in our database. These tokens allow us to access your accounts on your behalf. We never see or store your actual passwords.

Cookies and Local Storage

alfred_ uses cookies and browser storage technologies to operate and improve the Service:

• • Authentication: We use localStorage and sessionStorage to maintain your login session.
• • Usage tracking: We use cookies and local storage to track feature usage and preferences.
• • Analytics: Third-party analytics services set cookies to help us understand how users interact with alfred_.
• • Communication tracking: We use cookies to track interactions with our communications.

You can clear cookies and local storage through your browser settings at any time.

Do Not Track: alfred_ does not currently respond to "Do Not Track" (DNT) browser signals.

AI Processing

alfred_'s AI capabilities are powered by third-party AI services. When generating email drafts, analyzing your schedule, or creating daily briefings, we send relevant data to these services:

• • Email subjects, snippets, and body content (for draft generation)
• • Calendar event summaries
• • Task metadata

Important: We do not use your data to train or fine-tune AI models. Your data is processed for inference only. Our AI providers are contractually prohibited from using your data for model training.

Analytics and Usage Tracking

We use third-party analytics services to understand how people use alfred_. These services collect page views, feature usage, session duration, and device information. Analytics data is used solely to improve alfred_ and is not sold to third parties.

How We Use Your Information

• • Analyze your email to identify priority messages and extract action items
• • Generate draft email responses for your review and approval
• • Analyze your calendar to calculate available focus time and identify conflicts
• • Create and sync tasks across your devices
• • Generate daily briefings summarizing what needs your attention
• • Track recipient interactions for better autocomplete suggestions
• • Provide customer support
• • Improve alfred_ based on usage patterns
• • Process payments and manage subscriptions

Actions Require Your Approval

alfred_ never takes actions without your explicit approval.

• • Email drafts are generated but never sent automatically
• • Tasks are extracted and suggested but you confirm which ones to add
• • Calendar time blocks are suggested but you approve before they're created
• • All actions in your Daily Brief require one-click confirmation

Information Sharing and Disclosure

We do not sell your personal information. We share data only with:

Service Providers

• • Cloud infrastructure: Database hosting, authentication, and server-side processing
• • AI services: Third-party AI processing for email drafts and analysis (inference only)
• • Analytics services: Product analytics and usage tracking
• • Payment processing: Subscription billing and payment handling

Other Circumstances

• • When required by law or legal process
• • To protect our rights, safety, or the safety of our users
• • In connection with a merger, acquisition, or sale of assets (with notice)

Data Security

• • All data encrypted in transit using TLS 1.2+
• • Data encrypted at rest in our database
• • OAuth tokens stored securely (we never see your passwords)
• • Row-level security policies ensure you can only access your own data
• • Regular security reviews and updates

No system is 100% secure. We will notify you promptly if we detect a breach affecting your data.

Google API Limited-Use Compliance

alfred_ accesses Google user data only to provide the features you explicitly enable. We:

• • Only access data necessary to provide email analysis, calendar management, and contact autocomplete
• • Do not use Google Workspace data to train or improve generalized AI/ML models
• • Do not sell or share Google data with advertisers or data brokers
• • Allow you to revoke access at any time through your Google account settings

These practices comply with Google's API Services User Data Policy, including its Limited Use requirements.

Microsoft API Compliance

alfred_ accesses Microsoft user data through the Microsoft Graph API only to provide the features you explicitly enable. We:

• • Only access data necessary to provide email analysis, calendar management, and contact autocomplete
• • Do not use Microsoft data to train or improve generalized AI/ML models
• • Do not sell or share Microsoft data with advertisers or data brokers
• • Delete Microsoft data when you disconnect your account, close your account, or upon your request
• • Allow you to revoke access at any time

Data Retention

• • Active account: Data kept as long as your account is active
• • Calendar cache: Events cached for approximately 28 days
• • Account deletion: Data retained for 14 days in case you choose to reactivate, then permanently deleted
• • Inactive accounts: Accounts inactive for 12+ months may be deleted with 30 days notice
• • Aggregated analytics: May be retained longer in anonymized form

Your Privacy Rights

• • Access: View your data through your account settings
• • Correction: Update inaccurate information
• • Deletion: Delete your account and all associated data
• • Disconnect: Revoke email/calendar access at any time
• • Export: Request a copy of your data
• • Communications: Unsubscribe from product update emails at any time

To exercise these rights, use the tools in your account settings or contact us at connor@get-alfred.ai.

International Users

alfred_ is based in and designed for users in the United States. Your data is processed and stored in the US. By using the Service, you consent to the transfer and processing of your data in the United States.

Children's Data

alfred_ is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• • Right to Know: You may request what personal information we have collected about you
• • Right to Delete: You may request deletion of your personal information
• • Right to Opt-Out of Sale: We do not sell your personal information
• • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Contact us at connor@get-alfred.ai. We will respond within 45 days as required by law.

Third-Party Links

alfred_ may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes via email or through alfred_.

Contact Us