Privacy Policy

Last updated: 2 March 2026

1. Scope

This Privacy Policy explains how Alayans collects, uses, and shares personal data when you use our website at alayans.ai, our iOS application, and related services (collectively, the "Services"). It also explains your rights and choices.

2. Data We Collect

We collect the following categories of data depending on which features you use:

  • Account and contact data (for example name, email address, phone number, company)
  • Content you provide (for example prompts, messages, requests, notes, and attachments you choose to submit)
  • Google-connected data, only when you connect Google and grant permission (calendar events, schedules, attendees, contact names, contact emails, contact phone numbers)
  • Microsoft-connected data, only when you connect Microsoft and grant permission (such as Outlook calendar, contacts, and related account data required for enabled features)
  • Technical and usage data (for example device/browser type, app version, IP address, diagnostics, timestamps, and feature usage)

We collect data directly from you (forms and app input), automatically from your use of the Services, and from connected accounts you authorize.

3. How We Use Data

We use personal data to:

  • Provide and operate requested features, including AI assistance
  • Process demo/contact requests and provide support
  • Maintain service security, prevent fraud, and debug issues
  • Improve product quality and reliability through analytics (aggregated or de-identified where possible)

4. AI Processing and Third-Party Sharing

When you use AI-powered features, some user-provided data is sent to our AI provider for inference. This can include prompt text, message content, and related context you choose to submit (which may contain personal data).

  • AI provider: Google Cloud Vertex AI
  • Purpose: Generate AI responses and AI-assisted actions requested by you
  • Data handling commitments: We configure AI inference with zero data retention where supported and a no-training-on-customer-data policy for AI requests.
  • Model details: We use model endpoints served through Google Vertex AI in our production environment.

5. Consent Before Sharing Personal Data with AI Services

We only transmit personal data to third-party AI services after user permission. In our app, permission is collected through consent-driven actions before data is shared for AI inference.

If you do not grant permission, AI features that require third-party inference are not enabled. You can withdraw consent later through in-app settings, account controls, or by contacting us.

6. Other Third Parties We Share Data With

We may share data with service providers that support our Services, such as cloud hosting, communications, customer support, and analytics providers. We require those providers to protect personal data with safeguards that are the same as or stronger than our own contractual and security requirements.

  • No sale of personal data:We do not sell personal data.
  • Legal disclosures:We may disclose data to comply with law, enforce our terms, or protect users and the public.

7. Data Protection and Security Measures

We implement technical and organizational measures designed to protect your data, including encryption in transit, encryption at rest where appropriate, access controls, logging, and routine security updates.

  • OAuth security:We use Google OAuth 2.0 for account linking; credentials are not stored as plaintext.
  • Data minimization:We process only the data needed for requested features.
  • Access controls:Internal access is restricted to authorized personnel with a business need.

These measures are intended to provide protections appropriate to the nature of the personal data we process.

Google and Microsoft API Specific Disclosures

Our application's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

If you connect a Microsoft account, our use of Microsoft user data is limited to providing requested product functionality. We do not sell Microsoft user data, and we do not use Microsoft user data to train generalized AI or ML models.

  • Limited Use Compliance: We only use Google user data to provide and improve our application's features and functionality as requested by you.
  • No Data Sale: We do not sell any Google user data to advertisers or other third parties.
  • No Human Reading: Google user data is not read by humans except for security purposes, compliance, or with your explicit consent.
  • No AI Training: We do not use Google user data to develop, improve, or train generalized/non-personalized AI or ML models.
  • Secure Authentication: We use Google's OAuth 2.0 protocol to securely access your Google account data with your explicit permission.
  • Scope Limitation: We only request the minimum necessary scopes (calendar and contacts access) required for our service functionality.
  • Data Deletion: You can revoke our access to your Google data at any time through your Google Account settings, and we will delete the associated data from our systems.

8. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements)

Specifically for sensitive data:

  • Google Calendar Data: Retained only while your account is active and the integration is enabled. Removed after disconnect or deletion requests, subject to legal obligations.
  • Google Contacts Data: Retained only while your account is active and the integration is enabled. Removed after disconnect or deletion requests, subject to legal obligations.
  • OAuth Tokens: Access and refresh tokens are automatically expired and deleted according to Google's security policies and when no longer needed for service provision.
  • AI inference requests: AI prompts and responses are handled under a zero-retention and no-training configuration for Google Vertex AI requests where supported by provider terms and settings.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it within 30 days.

9. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or export your personal data. You may also withdraw consent for processing based on consent.

Your rights include:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing:You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you wish to exercise any of these rights, please contact us using the contact information below.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

11. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction

If you are located outside the country where our systems are operated, your personal data may be transferred and processed in other jurisdictions, subject to appropriate safeguards.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer

12. Children's Privacy

Our Services are not intended for use by children under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from Children under 16. If you become aware that a Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us: