Privacy — The Short Version
A plain-language summary of how we handle your data. This is not a replacement for the full Privacy Policy — it's here to help you understand the key points quickly.
What we collect
Your account info (name, email via Google login), data from services you choose to connect (Gmail, Google Calendar, Telegram), your conversations with Revoly, AI memory (learned preferences), and basic usage/technical data.
Why we collect it
One reason: to make Revoly work for you. Reading your emails, managing your calendar, learning your preferences — the tasks you ask it to do. We also use basic data for bug fixes and security.
What we never do
AI processing (Anthropic)
When you ask Revoly to do something, your request and relevant context go to Claude (Anthropic's AI) for processing. Only the data needed for that specific task is sent. Anthropic does not train models on your data.
Google data: Limited Use
We comply with Google's Limited Use requirements. We only use your Gmail/Calendar data to provide the service to you. We don't use it for ads, don't let humans read it (except with your explicit consent or for security/legal reasons), and cache it for max 30 days. You can revoke access anytime.
We access data only when you ask
Revoly accesses your Gmail and Calendar when you initiate a task or have explicitly enabled an automation. We don't passively scan or monitor your inbox in the background without your active configuration.
Retention & deletion
Delete your account → everything is permanently wiped within 30 days (up to 60 with backup rotation). Google cached data is kept max 30 days. Billing records are kept as required by law.
Your GDPR rights
We're based in the EU (Portugal). You can access, correct, export, or delete your data anytime. You can withdraw consent for connected services by disconnecting them. You can request human review of any automated AI decision. Email hello@revoly.ai for any data request.
Security
Data encrypted at rest (AES-256) and in transit (TLS). Each user's data is completely isolated. OAuth tokens are encrypted. We take reasonable measures to protect your data, but no system is 100% secure.
Who else touches your data
Anthropic (AI), Google (Gmail/Calendar), Telegram (messaging), Clerk (login), Stripe (payments), Railway (hosting). Full list with locations and safeguards: Sub-processors page.
Cookies: just the essentials
Only authentication cookies to keep you logged in. No analytics, no ad trackers, no third-party tracking. That's it.