Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

Account Information

When you create an account, we collect your email address, name (if provided), and a hashed version of your password. We never store your password in plain text.

Usage Data

We collect information about how you use the Service, including conversation history, features used, timestamps, and interaction patterns. This helps us improve the Service and provide personalized assistance.

Google Data via OAuth

When you connect your Google account, we access data from Gmail, Google Calendar, and Google Drive as authorized through Google's OAuth 2.0 consent flow. This includes email content, calendar events, and document metadata necessary to provide the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your requests and respond to your conversations
  • Manage your email, calendar, and documents as directed by you
  • Send transactional emails (account verification, password resets, billing)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

3. Google Data

This section specifically addresses how we handle data accessed through Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

What We Access

  • Gmail: Read, compose, send, and manage emails on your behalf when you instruct Milo to do so
  • Google Calendar: Read, create, update, and delete calendar events as directed
  • Google Drive: Read and search document metadata and contents to assist with your requests

What We Do NOT Do

  • We do not sell, rent, or share your Google data with third parties for advertising purposes
  • We do not use your Google data for purposes unrelated to providing the Service
  • We do not allow humans to read your Google data except where necessary to investigate abuse, comply with legal requirements, or with your explicit consent
  • We do not retain Google data longer than necessary to provide the Service

AI Processing

Your Google data may be processed by AI models (from OpenAI and Anthropic) to generate responses and perform actions you request. These AI providers process data as sub-processors and are contractually prohibited from using your data for model training or any purpose other than providing the Service.

4. Data Storage & Security

Your data is stored on secure cloud infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for all internal systems
  • Secure token storage for Google OAuth credentials

5. Third-Party Services

We use the following third-party services to operate Milo:

  • Google: OAuth authentication and API access for Gmail, Calendar, and Drive
  • OpenAI & Anthropic: AI model providers for natural language processing and generation
  • Stripe: Payment processing for subscriptions
  • Twilio: WhatsApp messaging integration

Each of these providers has their own privacy policies and data handling practices. We encourage you to review their policies.

6. Data Retention

We retain your account data and conversation history for as long as your account is active. Google data is cached temporarily to provide responsive service and is refreshed regularly. When you delete your account, we delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Export: Download your data in a portable format
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and associated data
  • Revoke Google Access: Disconnect your Google account at any time through your Google account settings

To exercise these rights, visit your account settings or contact us at support@trymilo.ai.

8. GDPR (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to data portability
  • The right to restrict processing
  • The right to object to processing
  • The right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is: (a) your consent when you create an account and connect Google services, (b) the performance of our contract with you to provide the Service, and (c) our legitimate interests in improving and securing the Service.

9. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

11. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@trymilo.ai.