Privacy Policy
Auri — Executive Command Center
At a Glance
On-device AI
All AI processing uses Apple Foundation Models locally on your device.
No data selling
We never sell, rent, or trade your personal information.
Encrypted everywhere
HTTPS/TLS in transit, AES-256 at rest, macOS Keychain for tokens.
You're in control
Revoke access, disable tracking, or delete your account at any time.
1.Introduction
This Privacy Policy (“Policy”) describes how Auri (“Company,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you use the Auri desktop application and related services (collectively, the “Service”). This Policy applies to all users of the Service, including users and the executives they support.
We are committed to protecting your privacy and handling your data transparently. Please read this Policy carefully. By using the Service, you consent to the data practices described herein.
2.Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Display name
- Firebase user identifier (UID)
- Authentication provider (Google or email)
2.2 Executive Profile Information
When you create executive profiles within the Service, the following data is collected and stored:
- Full name, email address, job title, and company name
- Phone number and timezone
- Workday start and end times
- Associated Google account email address(es)
- Naming prefix preferences
2.3 Google Workspace Data
When you authorize Google Workspace integration, we access the following data through Google APIs using OAuth 2.0:
Gmail
- Email message metadata (message ID, thread ID, sender, recipients, subject, date)
- Email body content and snippets
- Email labels and read/unread status
- Attachment filenames and metadata
- Email signatures and "send as" configurations
Google Calendar
- Event titles, descriptions, locations, and attendees
- Event start and end times, including all-day events
- Recurrence patterns and organizer information
- Free/busy status and calendar access control lists
Google Drive
- File names, types, and metadata
- File sharing permissions and recent file activity
- File content (for Google Docs and Sheets when accessed)
Google Docs & Sheets
- Document content (when read or appended)
- Spreadsheet values (when read or written)
Google People API
- Contact names, email addresses, and phone numbers
- Profile information
Google OAuth Scopes Requested
gmail.readonly— Read email messages and metadatagmail.modify— Send emails, modify labels, trash emailscalendar— Full calendar accesscalendar.events— Create and modify calendar eventsdrive.readonly— Read Drive file metadata and contentdrive.activity.readonly— View Drive file activitydocuments— Read and write Google Docsspreadsheets— Read and write Google Sheetsuserinfo.email— Read your email addressuserinfo.profile— Read your basic profile information2.4 Slack Data
When you authorize Slack integration, we access:
- Authenticated user ID and display name
- Team/workspace name
- User presence status (online, away, do not disturb)
- Conversation and channel names
- Message history from conversations you have access to
- User display names (cached locally, up to 200 entries)
2.5 Apple Contacts Data
When you explicitly enable Apple Contacts integration, we access contact names, email addresses, and phone numbers.
Apple Contacts data is accessed through the macOS Contacts framework, processed locally, and is never transmitted to external servers or our cloud infrastructure.
2.6 Email Analytics Data
The Service collects and computes the following email analytics locally on your device:
- Email sent, received, and reply counts
- Average response times
- Communication volume by hour and day of week
- Top senders and recipients by frequency
- Up to 1,000 email analytics events stored locally
2.7 Email Tracking Data
When read receipt tracking is enabled, the Service collects:
- Tracking identifier (UUID)
- Associated email message and thread identifiers
- Recipient email address(es) and email subject line
- Sent timestamp, open count, and open timestamps
- Delivery status (pending, sent, failed, opened)
2.8 Writing Style Data
The Service analyzes your sent emails to extract writing style characteristics, including formality level, tone patterns, common phrases, sentence structure, and average sentence and paragraph length.
Writing style data is processed and stored entirely on your device and is never transmitted externally.
2.9 Travel Data
When you use travel features, the Service processes flight numbers, travel dates, passport country codes, destination country codes, and airport codes (IATA). This data is sent to third-party travel APIs as anonymous queries without personally identifiable information.
2.10 User Preferences and Settings
The Service stores your preferences locally, including application theme, default event duration, read receipt preferences, smart send preferences, undo send delay, availability time blocks, budget categories, and split inbox rules.
2.11 AI Interaction Data
When you interact with the AI assistant, the Service processes your text queries, calendar event context for the current 7-day window, email metadata, Slack conversation summaries, and extracted topics of interest.
All AI processing occurs on-device using Apple Foundation Models. Your queries and contextual data are not transmitted to external AI services.
3.How We Use Your Information
Providing the Service
Managing your emails, calendar, and contacts; generating AI-powered responses and meeting analyses; providing travel intelligence and morning briefings; enabling A2A scheduling.
Email Tracking
Recording when recipients open tracked emails and providing open analytics and delivery status.
Smart Send
Analyzing recipient response patterns to suggest optimal email send times.
Writing Assistance
Analyzing your writing style to generate email drafts that match your tone.
Calendar Sync
Syncing calendar data to our cloud infrastructure for multi-device access and A2A collaboration.
Service Improvement
Diagnosing technical issues and maintaining the Service.
We do not use your data for:
Advertising or ad targeting, selling to third parties, training external AI models, or profiling for purposes unrelated to the Service.
4.How We Store Your Information
4.1 Local Storage (On Your Device)
| Data Type | Storage | Protection |
|---|---|---|
| OAuth tokens | macOS Keychain | Encrypted by macOS |
| Email & calendar cache | In-memory / UserDefaults | App-sandboxed |
| Writing style profiles | Local file cache | App-sandboxed |
| Email analytics | UserDefaults (max 1,000) | App-sandboxed |
| Smart send patterns | Local file cache | App-sandboxed |
| Auto-draft cache | Local file cache | App-sandboxed |
| User preferences | UserDefaults | App-sandboxed |
| Contact/presence cache | In-memory (max 200) | App-sandboxed |
4.2 Cloud Storage (Firebase Firestore on GCP)
| Data Type | Information | Retention |
|---|---|---|
| Assistant profiles | Display name, share code, creation date | Until account deletion |
| Executive profiles | Name, email, title, company, phone, timezone | Until manually deleted |
| Calendar sync | Event titles, times, locations, attendees | 30-day rolling window |
| Email tracking | Tracking ID, message ID, recipient, subject | Until manually deleted |
| A2A connections | Connected assistant IDs, status | Until manually deleted |
| OAuth refresh tokens | Encrypted refresh tokens | Until revoked |
4.3 Data Not Stored in the Cloud
The following data is processed locally and never transmitted to our cloud: full email body content, Slack message content, writing style profiles, email analytics, Apple Contacts data, AI conversation history, and auto-generated email drafts.
5.How We Share Your Information
5.1 Third-Party Service Providers
| Service | Data Shared | Purpose |
|---|---|---|
| Google APIs | Your authorized data via OAuth | Email, calendar, document management |
| Slack API | Your authorized data via OAuth | Conversation history & presence |
| Firebase / GCP | Account data, profiles, sync data | Cloud storage, auth, real-time sync |
| FlightRadar24 | Flight numbers, travel dates | Real-time flight status |
| Travel advisory APIs | Country codes | Visa & travel advisories |
| Google News RSS | Interest-based search queries | News article retrieval |
5.2 Assistant-to-Assistant (A2A) Sharing
When you connect with another Auri user, calendar event data, executive profile names, and connection status are shared between connected accounts.
Not shared through A2A: email content or metadata, Slack messages, contact lists, writing style profiles, or user preferences.
5.3 Email Recipients
When read receipt tracking is enabled, a tracking pixel is embedded in outgoing emails. The tracking pixel URL contains only a UUID-based tracking identifier and does not expose your personal information to the recipient.
5.4 We Do Not Sell Your Data
We do not sell, rent, or lease your personal information to third parties.
5.5 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Auri, our users, or others.
6.Data Security
Encryption in Transit
All data transmitted uses HTTPS/TLS encryption. OAuth flows employ PKCE for additional security.
Encryption at Rest
macOS Keychain for tokens, AES-256 via Google Cloud for cloud data, App Sandbox for local caches.
App Sandboxing
Restricted to user-selected files, HTTPS-only network, scoped Keychain access, and explicit Contacts permission.
Token Security
Short-lived access tokens, encrypted Keychain storage, 30-minute refresh buffer, per-executive scoping.
While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
7.Data Retention
7.1 Active Use
We retain your data for as long as your account is active and as necessary to provide the Service.
7.2 Local Data
Locally stored data persists until you uninstall the application or manually clear the data. Specific retention periods include: email analytics (rolling window of up to 1,000 events), contact/presence cache (in-memory only, cleared on restart), travel advisory cache (1-hour TTL), news article cache (30-minute TTL), and calendar/email cache (refreshed each session).
7.3 Cloud Data
Cloud-stored data in Firebase Firestore is retained until you manually delete it, request account deletion, or we delete inactive accounts.
7.4 Email Tracking Data
Email tracking records are retained indefinitely unless you request deletion.
7.5 Account Deletion
Upon account deletion, we will delete your assistant profile, all executive profiles, calendar sync data, email tracking records, A2A connection data, and revoke stored OAuth refresh tokens. Local data must be removed by uninstalling the application.
8.Your Rights and Choices
Access & Portability
Request access to your personal information in a structured, commonly used format.
Correction
Update or correct your account information and executive profiles at any time through the Service.
Deletion
Request deletion of your account and data by contacting us. Processed within 30 days.
Revoke Third-Party Access
Revoke Google or Slack access via their settings or within the Service at any time.
Disable Email Tracking
Disable read receipt tracking globally or on a per-email basis through Settings.
Opt Out of A2A
Disconnect from other assistants at any time to stop calendar data sharing.
9.Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.
10.International Data Transfers
The Service stores cloud data on Google Cloud Platform (Firebase Firestore), which may process data in the United States and other jurisdictions. By using the Service, you consent to the transfer of your data to these jurisdictions. We rely on Google Cloud's data processing agreements and standard contractual clauses for international data transfers where applicable.
11.Third-Party Links and Services
The Service may detect and present links to third-party services (such as Zoom, Microsoft Teams, or Google Meet meeting links). Clicking these links will open your default web browser. We do not control and are not responsible for the privacy practices of these third-party services.
12.Analytics and Telemetry
Firebase Analytics is disabled
We do not collect app usage analytics through Firebase or any third-party analytics platform.
The Service does not integrate with any third-party analytics, advertising, or tracking SDKs. Email analytics (response times, volume patterns, top contacts) are computed and stored entirely on your device and are not transmitted to us or any third party.
13.Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The “Last Updated” date at the top indicates when it was last revised. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.
14.Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Auri
Email: neelksharma13@gmail.com
Website: auriassist.com
For data deletion requests, email neelksharma13@gmail.com with the subject line “Data Deletion Request” and include your account email address.
15.Jurisdiction-Specific Provisions
15.1 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at neelksharma13@gmail.com.
15.2 European Economic Area (GDPR)
If you are located in the EEA, you have additional rights under the GDPR:
- Legal Basis: We process data based on consent (OAuth), contractual necessity, and legitimate interests.
- Data Protection Rights: Access, rectification, erasure, restriction, portability, and objection to processing.
- DPO Contact: neelksharma13@gmail.com
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
15.3 United Kingdom (UK GDPR)
Residents of the United Kingdom have equivalent rights under the UK GDPR. The provisions of Section 15.2 apply.
16.Google API Services User Data Policy Compliance
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the Service's functionality as described in this Policy.
- We do not transfer Google user data to third parties except as necessary to provide the Service, as required by law, or with your explicit consent.
- We do not use Google user data for advertising purposes.
- We do not allow humans to read your Google user data unless: (a) you have given explicit consent, (b) it is necessary for security purposes, (c) it is required by law, or (d) the data is aggregated and anonymized.
By using Auri, you acknowledge that you have read and understood this Privacy Policy.