Privacy Policy

When you create an account, we collect:

• Email address
• Display name
• Firebase user identifier (UID)
• Authentication provider (Google, Microsoft, or email/password)

When you create executive profiles within the Service, the following data is collected and stored:

• Full name, email address, job title, and company name
• Phone number and timezone
• Workday start and end times
• Associated Google account email address(es)
• Naming prefix preferences

When you authorize Google Workspace integration, we access the following data through Google APIs using OAuth 2.0:

When you authorize Slack integration, we access:

• Authenticated user ID and display name
• Team/workspace name
• User presence status (online, away, do not disturb)
• Conversation and channel names
• Message history from conversations you have access to
• User display names (cached locally, up to 200 entries)

When you explicitly enable Apple Contacts integration, we access contact names, email addresses, and phone numbers.

The Service collects and computes the following email analytics locally on your device:

• Email sent, received, and reply counts
• Average response times
• Communication volume by hour and day of week
• Top senders and recipients by frequency
• Up to 1,000 email analytics events stored locally

When read receipt tracking is enabled, the Service collects:

• Tracking identifier (UUID)
• Associated email message and thread identifiers
• Recipient email address(es) and email subject line
• Sent timestamp, open count, and open timestamps
• Delivery status (pending, sent, failed, opened)

The Service analyzes your sent emails to extract writing style characteristics, including formality level, tone patterns, common phrases, sentence structure, and average sentence and paragraph length.

When you use travel features, the Service processes flight numbers, travel dates, passport country codes, destination country codes, and airport codes (IATA). This data is sent to third-party travel APIs as anonymous queries without personally identifiable information.

The Service stores your preferences locally, including application theme, default event duration, read receipt preferences, smart send preferences, undo send delay, availability time blocks, budget categories, and split inbox rules.

When you interact with Auri's AI features, the Service may process your text prompts, selected email and thread context, calendar event context, Slack summaries, document context, travel context, extracted topics of interest, and voice recordings you submit for transcription.

Depending on your configuration, relevant context may be sent to OpenAI either directly from the app or through an Auri-managed relay endpoint in order to generate summaries, drafts, briefings, reasoning, web-search-assisted answers, and voice transcriptions.

When you connect with another Auri user, calendar event data, executive profile names, and connection status are shared between connected accounts.

Not shared through A2A: email content or metadata, Slack messages, contact lists, writing style profiles, or user preferences.

When read receipt tracking is enabled, a tracking pixel is embedded in outgoing emails. The tracking pixel URL contains only a UUID-based tracking identifier and does not expose your personal information to the recipient.

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Auri, our users, or others.

We do not share mobile phone numbers, SMS opt-in data, or SMS consent status with third parties or affiliates for marketing or promotional purposes.

We retain your data for as long as your account is active and as necessary to provide the Service.

Locally stored data persists until you uninstall the application or manually clear the data. Specific retention periods include: email analytics (rolling window of up to 1,000 events), contact/presence cache (in-memory only, cleared on restart), travel advisory cache (1-hour TTL), news article cache (30-minute TTL), and calendar/email cache (refreshed each session).

Cloud-stored data in Firebase Firestore is retained until you manually delete it, request account deletion, or we delete inactive accounts.

Email tracking records are retained indefinitely unless you request deletion.

When you use OpenAI-backed features, relevant request and response content may be retained by OpenAI in accordance with OpenAI's API policies. As of April 16, 2026, OpenAI states that API data is not used to train OpenAI models by default unless the customer explicitly opts in, that abuse-monitoring logs may be retained for up to 30 days by default, and that data sent through the Responses API may be stored as application state for at least 30 days by default.

We do not currently promise a shorter OpenAI retention period unless we explicitly state so in writing. If you need different retention terms, contact us before using OpenAI-backed features for sensitive workflows.

Upon account deletion, we will delete your assistant profile, all executive profiles, calendar sync data, email tracking records, A2A connection data, and revoke stored OAuth refresh tokens. Local data must be removed by uninstalling the application.

If you are a California resident, you have additional rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@auriassist.com.

If you are located in the EEA, you have additional rights under the GDPR:

• Legal Basis: We process data based on consent (OAuth), contractual necessity, and legitimate interests.
• Data Protection Rights: Access, rectification, erasure, restriction, portability, and objection to processing.
• DPO Contact: privacy@auriassist.com
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

Residents of the United Kingdom have equivalent rights under the UK GDPR. The provisions of Section 15.2 apply.

Auri uses OpenAI-backed services for optional AI features such as chat assistance, summaries, drafting, briefings, reasoning, web-search-assisted answers, and voice transcription. Depending on deployment configuration, these requests may be sent directly to OpenAI or first routed through an Auri-managed relay endpoint.

When external AI is enabled and you invoke an AI feature, the request may include your prompt together with relevant context needed to complete that task, such as selected email or thread content, calendar context, document context, Slack summaries, travel context, or an audio recording you submit for transcription.

We do not use your content to train Auri's own models, and we do not sell your data. OpenAI states that data sent to the OpenAI API is not used to train or improve OpenAI models by default unless the customer explicitly opts in.

OpenAI also states that certain API data may be retained for abuse monitoring and application state. In particular, OpenAI states that abuse-monitoring logs may be retained for up to 30 days by default and that Responses API data may be stored for at least 30 days by default unless different enterprise retention controls apply.

You can disable OpenAI-backed features globally or by feature area in the app. Auri also includes a separate control for sensitive email context. Auri does not send email on your behalf without your approval, and calendar write behavior remains subject to the approval controls you configure.