Actlyback

legal

Privacy Policy

Last updated: 9 June 2026

Overview

Actly (“we”, “our”, “us”) operates an AI assistant that connects to the tools you choose to connect so it can manage approved work, automations, follow-ups, and everyday tasks. This policy explains what data we access, how we use it, and your rights over it.

By using Actly, you agree to the practices described here. If you disagree, do not use the service.

Data we access

When you connect a tool, Actly requests only the permissions needed for the capabilities you enable:

  • Gmail — read and modify your email threads, surface important messages, and draft replies on your behalf when you ask.
  • Google Calendar — read your upcoming events to provide context, prep notes, and scheduling awareness.
  • Basic profile — your name and email address, used to identify your account.

Actly may complete routine work without another prompt when you enable an automation or grant an ongoing scope. Sensitive, destructive, or financial actions remain subject to the approval boundaries shown in the product.

How we use your data

Your data is used exclusively to:

  • Generate responses and actions within the Actly interface
  • Surface relevant context from your inbox and calendar
  • Improve the accuracy of AI responses for your account

We do not sell your data. We do not use your Gmail or Calendar content to train general AI models. We do not share your personal data with third parties except as described in the “Service providers” section below.

Data storage and retention

OAuth tokens are stored securely in our database and used solely to authenticate requests on your behalf. Message content and calendar events are not stored permanently — they are fetched in real time when you use the service and held only in memory for the duration of your session.

If you delete your account, all stored tokens and profile data are permanently removed within 30 days.

Service providers

We use a limited set of third-party services to operate Actly:

  • Supabase — database and authentication infrastructure
  • Vercel — hosting and edge compute
  • OpenRouter — AI inference routing (your messages are sent to the underlying model providers to generate responses; they are governed by their own data retention policies)
  • Nylas — email and calendar connectivity (used to read and act on your inbox and calendar when you connect them)
  • Lemon Squeezy — payment processing and merchant of record for paid plans (handles your card and billing details; we do not store your payment card information)

Each provider is subject to strict data processing terms and is prohibited from using your data for their own purposes.

Security

Access tokens are encrypted at rest. All data in transit is protected by TLS. We limit access to your data to the minimum necessary for the service to function. We do not store Gmail message bodies or calendar event details beyond your active session.

Your rights

You can at any time:

  • Revoke Actly's access to your Google account via Google's account settings at myaccount.google.com/permissions
  • Request deletion of your Actly account and all associated data by emailing hello.actly@gmail.com
  • Request a copy of the data we hold about you

Children

Actly is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected such data, contact us immediately.

Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use after that constitutes acceptance.

Contact

Questions about this policy: hello.actly@gmail.com