Introduction
This Privacy Policy describes how LerriAI ("we", "our", "the Application") collects, uses, stores, shares, and protects your personal data when you use our personal assistant application. LerriAI is designed to help you manage and automate personal and professional tasks by integrating with Google services including Gmail, Google Drive, Google Calendar, Google Tasks, Google Contacts, Google Documents, and Google Sheets.
This Privacy Policy is provided in compliance with the Google API Services User Data Policy, Google APIs Terms of Service, and applicable data protection laws. By using LerriAI, you consent to the data practices described in this policy.
1. Data Accessed
LerriAI accesses the following types of Google user data through the Google API Services to provide its core functionality. Access to this data is only granted after you explicitly authorize the Application through Google's OAuth 2.0 authentication process.
| Google Service | API Scope | Data Accessed |
|---|---|---|
| Google Account | userinfo.email userinfo.profile |
Your email address and basic profile information (name, profile picture) to identify your account and personalize your experience. |
| Gmail | gmail.send | Permission to send emails on your behalf. The Application can compose and send emails when you explicitly request this action through commands such as "Send an email to [recipient]". |
| Google Drive | drive.file | Access to files and folders that you explicitly create with or open with the Application. This scope allows the Application to read, modify, create, and delete only those files that you directly interact with through LerriAI, not your entire Drive. |
| Google Calendar | calendar.readonly | Read-only access to your calendar events and metadata. The Application can view your calendar entries to answer queries such as "What are my appointments today?" or "Check my schedule for next week". |
| Google Documents | documents | Permission to view and manage Google Docs that you create with or open with the Application. This allows the Application to create, read, and edit documents when you request actions like "Create a new document" or "Update my notes". |
| Google Sheets | spreadsheets | Permission to view and manage Google Sheets that you create with or open with the Application. This enables the Application to create, read, update, and manage spreadsheets when you request data organization or analysis tasks. |
2. Data Usage
LerriAI uses the Google user data it accesses exclusively to provide the personal assistant functionality you request. Specifically, the data is used for the following purposes:
2.1 Command Processing and Task Execution
When you issue a command to LerriAI (such as "Schedule a meeting tomorrow at 10 AM" or "Find my flight receipt"), the Application processes your request using AI agents that:
- Analyze your command to understand the intent and required actions
- Access the relevant Google services to retrieve necessary information
- Execute the requested actions on your behalf
- Provide you with confirmation and results of the completed task
2.2 Personalization and Context
The Application maintains a temporary conversation context during your session to provide coherent and contextually relevant responses. This includes:
- Remembering the current conversation flow to handle follow-up questions
- Storing user preferences and settings you configure within the Application
- Maintaining a minimal set of personal data (such as your name and email) to personalize interactions
2.3 Daily Briefing Generation
If you enable the daily briefing feature, the Application accesses your calendar data to generate a summary of your upcoming appointments and tasks. This briefing is created on-demand and is not stored permanently.
2.4 Technical Operations
The Application uses your Google account credentials (OAuth tokens) to authenticate and authorize API requests to Google services. These tokens are securely stored and used only to maintain your authenticated session.
3. Data Sharing
LerriAI is committed to protecting your privacy and does not share your Google user data with third parties, except as described below:
3.1 No Third-Party Sharing for Marketing or Advertising
We do not sell, rent, trade, or otherwise share your personal data with third parties for marketing, advertising, or any commercial purposes unrelated to the functionality of the Application.
3.2 Service Providers
The Application uses the following service providers to deliver its functionality:
- Google API Services: Your data is transmitted to Google's servers to execute API requests when you use features that interact with Gmail, Drive, Calendar, Documents, and Sheets. This data transmission is necessary for the Application to function and is governed by Google's Privacy Policy.
- Anthropic API: User commands and requests are processed using Anthropic's Claude AI model to understand intent and generate appropriate responses. We transmit only the minimum necessary information (your command and relevant context) to Anthropic's API. No complete emails, documents, or files are sent to Anthropic unless specifically required to fulfill your request. Anthropic's data handling is governed by their privacy policy.
- Cloud Hosting Provider: The Application backend is hosted on a cloud server infrastructure. Server logs and operational data may be stored by the hosting provider for technical maintenance and security purposes.
3.3 Legal Requirements
We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (such as a court order or government agency), including to meet national security or law enforcement requirements.
3.4 No Data Brokers or Analytics
We do not share your data with data brokers, analytics companies, or advertising networks. The Application does not include third-party tracking, analytics, or advertising SDKs.
4. Data Storage and Protection
4.1 Storage Practices
LerriAI stores the following types of data on our secure backend servers:
- Authentication Tokens: OAuth 2.0 access tokens and refresh tokens provided by Google are securely stored to maintain your authenticated session. These tokens are encrypted and stored in a secure database.
- User Account Information: Basic account details including your email address and name are stored to identify your account and personalize your experience.
- User Preferences and Settings: Configuration settings and preferences you set within the Application are stored in JSON format on our servers (in the data/ directory).
- Minimal Session Data: Temporary conversation context is maintained during active sessions to provide coherent responses to your commands.
What We Do NOT Store:
- Complete email contents from Gmail
- Full documents or files from Google Drive
- Complete calendar event details beyond what is necessary for temporary processing
- Sensitive file contents from Google Documents or Sheets
Data retrieved from Google services is processed in real-time to fulfill your requests and is not permanently stored on our servers.
4.2 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between the Application, Google services, and AI providers is encrypted using HTTPS/TLS protocols.
- Encryption at Rest: Authentication tokens and sensitive user data stored on our servers are encrypted using industry-standard encryption algorithms.
- Access Controls: Access to backend systems and databases is restricted to authorized personnel only and protected by strong authentication mechanisms.
- Secure Authentication: The Application uses Google's OAuth 2.0 authentication protocol, which ensures that we never have access to your Google account password.
- Regular Security Updates: We regularly update our systems and dependencies to address known security vulnerabilities.
4.3 Data Location
Your data is stored on servers located in secure data centers. The Application backend operates on cloud infrastructure, and data may be processed in different geographic locations depending on the service provider's infrastructure.
5. Data Retention and Deletion
5.1 Retention Policy
LerriAI retains your data for the following periods:
- Authentication Tokens: OAuth tokens are retained as long as you maintain an active account with LerriAI. Refresh tokens are periodically renewed to maintain uninterrupted service.
- User Account Data: Your account information and preferences are retained for as long as your account is active.
- Session Data: Temporary conversation context and session data are automatically deleted when your session ends or after a period of inactivity.
- Server Logs: Technical logs used for system maintenance and security monitoring are retained for a maximum of 90 days before being automatically deleted.
5.2 Data Deletion Rights
You have the right to request the deletion of your personal data at any time. You can exercise this right through the following methods:
- Revoke Access: You can revoke LerriAI's access to your Google account at any time by visiting your Google Account security settings at https://myaccount.google.com/permissions and removing LerriAI from the list of connected apps. This action will immediately terminate all access to your Google data.
- Request Account Deletion: You can request complete deletion of your LerriAI account and all associated data by contacting us at leonardo.cofone5@gmail.com. We will process your deletion request within 30 days.
- Automatic Deletion: If you revoke access or your account becomes inactive, we will automatically delete your authentication tokens and personal data within 90 days of revocation or inactivity.
5.3 Post-Deletion
After your data is deleted:
- All authentication tokens will be invalidated and removed from our systems
- Your user preferences and settings will be permanently deleted
- Any temporary session data will be cleared
- Anonymized technical logs may be retained for legal compliance or security purposes but will not contain personally identifiable information
6. User Rights and Control
You have the following rights regarding your personal data:
6.1 Right to Access
You can request a copy of the personal data we store about you by contacting us at leonardo.cofone5@gmail.com. We will provide this information in a structured, commonly used format within 30 days of your request.
6.2 Right to Rectification
If any personal information we hold about you is inaccurate or incomplete, you have the right to request correction. You can update your profile information directly within the Application or contact us for assistance.
6.3 Right to Revoke Access
You can revoke LerriAI's access to your Google account at any time through your Google Account settings. This will immediately terminate all services provided by the Application and prevent any further access to your Google data.
6.4 Right to Data Portability
You have the right to receive your personal data in a portable format. Contact us at leonardo.cofone5@gmail.com to request a copy of your data.
6.5 Right to Object
You have the right to object to our processing of your personal data. Given that the Application only processes data to fulfill your explicit requests, objecting to processing would effectively prevent the Application from functioning. However, you can always choose to stop using the Application or revoke access.
7. Compliance with Google API Services User Data Policy
LerriAI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only request access to the minimum necessary scopes required to provide the Application's functionality
- We use Google user data only to provide or improve user-facing features that are prominent in the Application's user interface
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent
- We do not use or transfer Google user data for serving advertisements
- We do not allow humans to read user data unless we have received the user's affirmative agreement, it is necessary for security purposes, or it is required by law
8. Children's Privacy
LerriAI is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child, please contact us immediately at leonardo.cofone5@gmail.com.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you of significant changes through the Application or via email
- Provide you with an opportunity to review the updated policy
Your continued use of LerriAI after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
10. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
LerriAI
Email: leonardo.cofone5@gmail.com
We will respond to your inquiry within 30 days.
11. Additional Information
11.1 How the Application Works
LerriAI is a Progressive Web Application (PWA) that consists of a frontend interface and a backend server. When you issue a command:
- Your request is sent securely to our backend server
- Our AI agents analyze your request to determine the appropriate action
- The Application uses your authorized Google API access to retrieve or modify data as requested
- The results are processed and returned to you through the interface
11.2 Transparency
We are committed to transparency in our data practices. The Application only performs actions that you explicitly request, and you maintain full control over your data through Google's permission management system.