Privacy Policy

At alfred_ (operated by Knowledge Butler, Inc., "we", "us", "our"), your privacy is fundamental to how we build our platform. This policy explains exactly what data we collect, how we use it, who we share it with, and how you can control it.

We believe in complete transparency. This document describes our actual practices, not aspirational statements, but what our software actually does.

Account Information

When you create an account, we collect your email address and display name. If you sign up via Google or Microsoft OAuth, we receive your email and profile name from those services. Passwords are hashed and managed by our authentication provider.

Payment Information

Payment processing is handled entirely by our third-party payment processor. We do not collect, store, or have access to your full credit card number, CVV, or billing address. We store only a subscription identifier to manage your account status.

Email Data (When Connected)

When you connect Gmail or Outlook, we access:

• • Email subjects, sender/recipient addresses, and preview snippets
• • Email body content (when generating draft responses)
• • Thread IDs and message metadata
• • Unread status and timestamps

We use this data to analyze priority, extract action items, detect follow-ups, and generate draft responses. Email content is processed by third-party AI services to generate drafts and analysis.

Calendar Data (When Connected)

When you connect Google Calendar or Outlook Calendar, we access:

• • Event titles, start/end times, and locations
• • Attendee names, emails, and response status
• • Organizer information
• • Virtual meeting URLs

Calendar events are cached in our database (typically a 28-day window) to provide schedule analysis and reduce API calls.

Contact Data

We access your Google Contacts or Microsoft contacts to enable recipient autocomplete. We store email addresses, display names, and contact frequency scores to improve suggestions.

Tasks, Notes, and User-Created Content

We store all tasks you create (manually or auto-extracted from emails), notes, kanban boards, and whiteboard content in our database. This includes task titles, descriptions, due dates, completion status, and source tracking (which email a task came from).

OAuth Tokens

When you connect email or calendar accounts, we store OAuth access tokens and refresh tokens in our database. These tokens allow us to access your accounts on your behalf. We never see or store your actual passwords.

alfred_ uses cookies and browser storage technologies to operate and improve the Service:

• • Authentication: We use localStorage and sessionStorage to maintain your login session and authentication state.
• • Usage tracking: We use cookies and local storage to track feature usage, preferences, and session activity to improve the Service.
• • Analytics: Third-party analytics services set cookies to help us understand how users interact with alfred_, including page views, feature engagement, and session duration.
• • Communication tracking: We use cookies to track interactions with our communications, such as SMS and email notifications.

You can clear cookies and local storage through your browser settings at any time. Note that clearing authentication storage will require you to log in again.

Do Not Track: alfred_ does not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry-standard technology for honoring DNT requests across websites.

alfred's AI capabilities are powered by third-party AI services. When generating email drafts, analyzing your schedule, or creating daily briefings, we send relevant data to these services:

• • Email subjects, snippets, and body content (for draft generation)
• • Calendar event summaries
• • Task metadata

Important: We do not use your data to train or fine-tune AI models. Your data is processed for inference only, generating responses and analysis for your specific requests. Our AI providers are contractually prohibited from using your data for model training. AI providers may temporarily retain data for abuse monitoring and safety purposes in accordance with their own data processing terms, but not for model improvement.

We use third-party analytics services to understand how people use alfred_ and improve the product. These services collect:

• • Page views and navigation patterns
• • Feature usage (which widgets you use, how often)
• • Session duration and engagement metrics
• • Device and browser information

Analytics data is used solely to improve alfred_ and is not sold to third parties.

We also track additional metrics internally, including AI usage (to manage costs), API performance, and aggregated feature adoption patterns.

We use your information to:

• • Analyze your email to identify priority messages and extract action items
• • Generate draft email responses for your review and approval
• • Analyze your calendar to calculate available focus time and identify conflicts
• • Create and sync tasks across your devices
• • Generate daily briefings summarizing what needs your attention
• • Track recipient interactions for better autocomplete suggestions
• • Detect procrastination patterns and provide nudges
• • Provide customer support
• • Improve alfred_ based on usage patterns
• • Process payments and manage subscriptions

alfred never takes actions without your explicit approval. In the current version (V1):

• • Email drafts are generated but never sent automatically. You must review and click Send
• • Tasks are extracted and suggested but you confirm which ones to add
• • Calendar time blocks are suggested but you approve before they're created
• • All actions in your Daily Brief require one-click confirmation

We may introduce more autonomous features in future versions, but will always give you control over what alfred can do automatically.

We do not sell your personal information. We share data only in these circumstances:

Service Providers

• • Cloud infrastructure: Database hosting, authentication, and server-side processing
• • AI services: Third-party AI processing for email drafts and analysis (inference only, no model training)
• • Analytics services: Product analytics and usage tracking
• • Payment processing: Subscription billing and payment handling

These providers process data on our behalf under contractual obligations to protect your information. We do not sell your personal information to any third party.

Other Circumstances

• • When required by law or legal process
• • To protect our rights, safety, or the safety of our users
• • In connection with a merger, acquisition, or sale of assets (with notice)

We implement security measures to protect your data:

• • All data encrypted in transit using TLS 1.2+
• • Data encrypted at rest in our database
• • OAuth tokens stored securely (we never see your passwords)
• • Row-level security policies ensure you can only access your own data
• • Regular security reviews and updates

No system is 100% secure. We will notify you promptly if we detect a breach affecting your data.

alfred_ accesses Google user data (Gmail, Google Calendar, Google Contacts) only to provide the features you explicitly enable. We:

• • Only access data necessary to provide email analysis, calendar management, and contact autocomplete
• • Do not use Google Workspace data to train or improve generalized AI/ML models
• • Do not sell or share Google data with advertisers or data brokers
• • Allow you to revoke access at any time through your Google account settings

These practices comply with Google's API Services User Data Policy, including its Limited Use requirements.

alfred_ accesses Microsoft user data (Outlook Mail, Outlook Calendar, Microsoft Contacts) through the Microsoft Graph API only to provide the features you explicitly enable. We:

• • Only access data necessary to provide email analysis, calendar management, and contact autocomplete
• • Use Microsoft email protocols and APIs solely for syncing email messages, calendar events, and contacts as permitted under Microsoft's API Terms of Use
• • Do not use Microsoft data to train or improve generalized AI/ML models
• • Do not sell or share Microsoft data with advertisers or data brokers
• • Delete Microsoft data when you disconnect your account, close your account, or upon your request
• • Allow you to revoke access at any time through Settings or your Microsoft account settings

These practices comply with the Microsoft APIs Terms of Use.

We retain your data as follows:

• • Active account: Data kept as long as your account is active
• • Calendar cache: Events cached for approximately 28 days
• • Account deletion: When you delete your account, your data is retained for 14 days in case you choose to reactivate. After 14 days, all personal data is permanently and irreversibly deleted.
• • Inactive accounts: Accounts inactive for 12 or more consecutive months may be deleted. We will send a notice to your registered email at least 30 days before deletion.
• • Aggregated analytics: May be retained longer in anonymized, non-identifiable form

You have control over your data:

• • Access: View your data through your account settings
• • Correction: Update inaccurate information
• • Deletion: Delete your account and all associated data
• • Disconnect: Revoke email/calendar access at any time
• • Export: Request a copy of your data
• • Communications: Unsubscribe from product update emails at any time using the unsubscribe link in any email. Note that you cannot opt out of transactional emails related to your account (such as billing confirmations and security alerts).

To exercise these rights, use the tools in your account settings or contact us at [email protected].

alfred_ is based in and designed for users in the United States. Your data is processed and stored in the US and may also be processed in other countries where our service providers operate. By using the Service, you consent to the transfer and processing of your data in the United States.

alfred_ is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal data, please contact us at [email protected].

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• • Right to Know: You may request that we disclose what categories of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
• • Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-contextual behavioral advertising.
• • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days as required by law.

alfred_ may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through alfred_.

We may update this policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes via email or through alfred_. The "Last updated" date shows when this policy was most recently revised.