← Back to home

Legal

Privacy Policy

Last updated: 15 May 2025

Overview

Actly (“we”, “our”, “us”) operates an AI assistant that connects to your Google account to help you manage your inbox and calendar. This policy explains what data we access, how we use it, and your rights over it.

By using Actly, you agree to the practices described here. If you disagree, do not use the service.

Data we access

When you connect your Google account, Actly requests the following permissions:

  • Gmail — read and modify your email threads, surface important messages, and draft replies on your behalf when you ask.
  • Google Calendar — read your upcoming events to provide context, prep notes, and scheduling awareness.
  • Basic profile — your name and email address, used to identify your account.

We never send emails or create calendar events without your explicit instruction.

How we use your data

Your data is used exclusively to:

  • Generate responses and actions within the Actly interface
  • Surface relevant context from your inbox and calendar
  • Improve the accuracy of AI responses for your account

We do not sell your data. We do not use your Gmail or Calendar content to train general AI models. We do not share your personal data with third parties except as described in the “Service providers” section below.

Data storage and retention

OAuth tokens are stored securely in our database and used solely to authenticate requests on your behalf. Message content and calendar events are not stored permanently — they are fetched in real time when you use the service and held only in memory for the duration of your session.

If you delete your account, all stored tokens and profile data are permanently removed within 30 days.

Service providers

We use a limited set of third-party services to operate Actly:

  • Supabase — database and authentication infrastructure
  • Vercel — hosting and edge compute
  • xAI / Anthropic — AI inference (your messages are sent to these providers to generate responses; they are governed by their own data retention policies)

Each provider is subject to strict data processing terms and is prohibited from using your data for their own purposes.

Security

Access tokens are encrypted at rest. All data in transit is protected by TLS. We limit access to your data to the minimum necessary for the service to function. We do not store Gmail message bodies or calendar event details beyond your active session.

Your rights

You can at any time:

  • Revoke Actly's access to your Google account via Google's account settings at myaccount.google.com/permissions
  • Request deletion of your Actly account and all associated data by emailing hello.actly@gmail.com
  • Request a copy of the data we hold about you

Children

Actly is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected such data, contact us immediately.

Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use after that constitutes acceptance.

Contact

Questions about this policy: hello.actly@gmail.com