OAuth access tokens and refresh tokens are encrypted at rest using PostgreSQL pgcrypto PGP symmetric encryption before being stored.

2.3. Content You Provide

When you use Unyo, you may provide:

• Chat messages to our AI agents (Maya, Ashley, Tyron, Alex, Riley, Sam, Lucy, Blake, Ema)

• Brain entries you save to your personal knowledge base (Neural Core): contacts, products, offers, notes, URLs, files

• Uploaded files: images, PDFs, documents for agents to analyze or attach to outgoing messages

• Configuration: branding (logo, colors, tagline), signature, automation rules, preferred agent personality

2.4. Derived Information

Unyo generates derived data based on your content to make the service useful, including:

• AI-generated conversation titles, summaries, classifications

• Extracted entities (e.g. people, companies, products mentioned in messages)

• Email classification tags (urgent, promotional, newsletter, etc.)

• Vector embeddings for semantic search over your Neural Core

This derived data is linked to your account and purged on the same schedule as the source content.

2.5. Technical Data

We automatically collect limited technical data needed to run the Service:

• IP address (temporarily, for security and rate limiting)

• Browser type, operating system (user agent string)

• Session tokens (JWT, stored in browser cookies, expire after session)

• Geolocation at country-level only (via geolocate-user edge function, for timezone defaults)

• Error logs and trace IDs (7-day retention)

We do not collect precise location, device fingerprints, or cross-site tracking data.

3. Google Limited Use Policy

3.1. Application

This section governs our use of data obtained from Google APIs (Gmail, Calendar, Drive). Unyo's access to Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements. The English wording of the four Limited Use clauses is reproduced verbatim below, as required by Google.

3.2. Limited Use clauses (verbatim)

(a) Only use access to read, write, modify, or control Gmail message bodies, metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails, and does not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

(b) Not use this Gmail data for serving advertisements.

(c) Not use this data for any other purpose.

(d) Only transfer this data to others if necessary to provide or improve user-facing features that are prominent in the requesting application's user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

3.3. No AI training on Google data

Unyo does not use Gmail, Google Calendar, or Google Drive data to train any AI model, including OpenAI models, Anthropic models, Google Gemini, or any other third-party AI. When we process Google user data through these AI providers (for example, to draft an email reply), we do so under enterprise terms that prohibit the provider from training on or retaining the data beyond the immediate response.

3.4. AI provider commitments

AI providerTraining commitmentDefault retentionOpenAI (API, gpt-4.1)No training on API data (OpenAI API default policy)Up to 30 days for abuse monitoring, opt-out availableAnthropic (API, claude-haiku-4-5)No training on API data by defaultNot retained beyond immediate responseGoogle Gemini (Vertex AI, paid tier, gemini-2.5-flash)No training on data, no retentionNot retained

4. How We Use Your Information

We process your personal data for the following purposes:

4.1. Service provision

• Powering our AI agents (chat, drafting, scheduling, analysis)

• Executing integrations on your behalf (sending emails, posting to social networks, creating records in connected apps)

• Storing your Neural Core for personalized assistance

4.2. AI processing

We send relevant slices of your content to the AI providers listed in Section 3.4 to generate responses, classifications, or summaries. No data is shared with any AI provider beyond what is strictly necessary to complete the immediate task you initiated.

4.3. Account management and support

• Authenticating your access

• Sending transactional emails (password reset, security notifications)

• Responding to support requests and bug reports

4.4. Legal compliance and security

• Detecting and preventing abuse, fraud, and security incidents

• Complying with legal obligations (subpoenas, tax, accounting)

4.5. Legal basis under GDPR

We rely on the following legal bases under Article 6 GDPR:

• Contract (Art. 6(1)(b)): to deliver the Service you signed up for

• Consent (Art. 6(1)(a)): for each OAuth integration you connect; you can withdraw consent by disconnecting the integration in Settings

• Legitimate interests (Art. 6(1)(f)): for security, abuse prevention, and service improvement

• Legal obligation (Art. 6(1)(c)): for tax records, legal holds, and regulatory responses

5. AI Processing Disclosure

5.1. AI providers and their roles

ProviderModelUsed forOpenAI (API)gpt-4.1Agent chat, content generation, intent classificationAnthropic (API)claude-haiku-4-5Specific agents and fallback when OpenAI is unavailableGoogle Cloud (Vertex AI, paid tier)gemini-2.5-flashCalendar notifications, Gmail draft generation, inbox classification, email compose assistance

5.2. What we send to AI providers

Only the data necessary for each task is sent, for example:

• For a chat message: your message + short conversation history + relevant Neural Core snippets

• For a Gmail draft: the email body or thread you chose + your signature + brand tone

• For inbox classification: email subject, sender, preview (no attachments sent to AI)

5.3. What we do not do

• We never train any AI model on your data.

• We never allow AI providers to train on your data (enforced by their API terms / opt-out).

• We never sell or share your data with AI providers for purposes other than fulfilling your immediate request.

6. Data Sharing and Subprocessors

We engage each subprocessor under a Data Processing Agreement (DPA) that binds them to GDPR-level data protection obligations. In most cases, the DPA is incorporated by reference into the subprocessor's standard Terms of Service, which we accept when creating our account (a "clickwrap DPA" valid under GDPR Article 28). The table below indicates the form each DPA takes.

SubprocessorRolePrimary locationDPA formSupabase(Supabase Inc. / Supabase EU)PostgreSQL database, authentication, file storage, edge functionsEU (Paris / Frankfurt region)DPA in place (Supabase DPA, available on request)Vercel (Vercel Inc.)Frontend hosting (CDN + serverless edge)US (global CDN)DPA in place (Vercel DPA)OpenAI (OpenAI LLC)AI model inference (gpt-4.1)USDPA in place (OpenAI API Data Processing Addendum)Anthropic(Anthropic PBC)AI model inference (claude-haiku-4-5)USDPA in place (Anthropic Commercial Terms with data processing provisions)Google Cloud(Google LLC, Vertex AI)AI model inference (gemini-2.5-flash paid tier)US / EU (data residency configurable)DPA in place (Google Cloud Data Processing Addendum)Google Workspace APIs(Google LLC)Gmail / Calendar / Drive integration when you connectUSGoverned by Google API Services User Data Policy (includes DPA provisions)Microsoft(Microsoft Corporation)Outlook integration when you connectUS / EUGoverned by Microsoft Online Services DPA (auto-applicable)Meta Platforms(Meta Platforms Inc.)Facebook / Instagram integration when you connectUSGoverned by Meta Platform Terms and Developer Data PoliciesLinkedIn(LinkedIn Corporation, Microsoft subsidiary)LinkedIn integration when you connectUSGoverned by LinkedIn API Terms of UseX Corp.X (Twitter) integration when you connectUSGoverned by X Developer Agreement and PolicySlack Technologies(Slack Technologies LLC, Salesforce subsidiary)Slack integration when you connectUSGoverned by Slack API Terms of ServiceAtlassian(Atlassian Pty Ltd)Trello integration when you connectUSGoverned by Atlassian Customer AgreementNotion (Notion Labs Inc.)Notion integration when you connectUSGoverned by Notion API Terms of UseShopify (Shopify Inc.)Shopify integration when you connectCanada / USGoverned by Shopify Partner Program AgreementStripe (Stripe Inc.)Payment processing — will be activated when paid plans launchUS / EUDPA will be in place upon activation (Stripe Services Agreement with DPA provisions)

6.1. Analytics

We currently use no marketing or product analytics tools. We may introduce Google Analytics on unyo.ai (the marketing site only) in the future, together with a GDPR-compliant cookie consent banner. This Policy will be updated accordingly before any such rollout.

6.2. No sale of personal data

We do not sell personal data to third parties, as that term is defined under the California Consumer Privacy Act (CCPA), the Virginia CDPA, or any equivalent legislation.

6.3. International transfers

Transfers of personal data from the EU/EEA to subprocessors located outside the EU/EEA are governed by:

• The EU-US Data Privacy Framework (where the subprocessor is certified) and/or

• The Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision (EU) 2021/914), or

• Equivalent safeguards approved by the competent authority.

Countries where your data may be processed: France, EU/EEA, United States, Canada.

7. Data Retention

We retain data only for as long as needed to deliver the Service or to comply with our legal obligations. The following schedules are enforced automatically by a daily retention cron (run_retention_purge):

Data typeRetentionMechanismChat conversations + messages (all agents)90 days after last activityAutomatic daily purge via chat_conversations.updated_atCached emails (Gmail / Outlook local cache)30 days after cache creationAutomatic daily purgeTechnical logs (MCP debug, cron execution history)7 daysAutomatic daily purgeNeural Core entries (contacts, brain entries, folders, files)Until account deletionPurged only on explicit user action or account deletionUploaded files in Storage (chat attachments, email attachments, brain files, offer images, brand logos, signatures, social media assets)Until account deletionPurged only on explicit user action or account deletionOAuth access and refresh tokensUntil integration disconnect or account deletionPurged immediately on disconnectAccount data (profile, settings, preferences)Until account deletionPurged within 30 days of a deletion request; most is deleted immediatelyAudit logs (retention_log)365 daysSelf-pruningBilling and accounting records (once paid plans launch)Retention imposed by French law (generally 10 years for invoicing)Archived beyond normal retention

7.1. Account deletion

You can delete your account at any time from Settings → Account → Delete my account. Our delete-account flow:

1. Revokes OAuth tokens at the 7 providers that offer a revocation endpoint (Google Gmail, Google Drive/Calendar services, Meta, X, Slack, Shopify).

2. Deletes all user-scoped rows across 72 database tables via a single atomic SQL function (admin_purge_user_rows).

3. Purges all your files across the 8 user-scoped Storage buckets.

4. Deletes your authentication record.

5. For providers without a programmatic revocation endpoint (Microsoft Outlook, LinkedIn, Trello, Notion), the final confirmation screen gives you a direct link to each provider's dashboard so you can revoke manually.

All deletions complete within 30 days of the deletion request; in practice the entire flow runs in under 10 seconds.

7.2. Per-integration disconnect

You can disconnect any single OAuth integration at any time from **Settings → Integrations** without deleting your account. When you disconnect an integration:

1. Your OAuth tokens for that integration are **purged from Unyo's database immediately** — Unyo loses all ability to call the provider's APIs on your behalf.

2. Cached data local to that integration (for example cached Gmail/Outlook email metadata for a disconnected mailbox) is purged on its normal schedule.

3. The **OAuth grant at the provider's side is not programmatically revoked** for per-integration disconnects. This is intentional: Unyo uses a single OAuth client per provider, so revoking one service's token at the provider would invalidate the grant for every other service you have connected with the same provider (e.g. disconnecting Gmail would also revoke Drive and Calendar).

If you want to fully revoke Unyo's access at the provider side after a per-integration disconnect, you can do so at any time from the provider's own account settings:

- **Google** (Gmail / Drive / Calendar) — https://myaccount.google.com/permissions

- **Microsoft** (Outlook) — https://account.microsoft.com/privacy/app-access

- **Meta** (Facebook / Instagram) — Facebook Settings → Business Integrations

- **LinkedIn** — https://www.linkedin.com/psettings/permitted-services

- **X (Twitter)** — https://x.com/settings/connected_apps

- **Slack** — Workspace settings → Installed Apps → Unyo

- **Notion** — https://www.notion.so/my-integrations

- **Trello** — https://trello.com/<username>/account → Applications

- **Shopify** — Shop admin → Settings → Apps and sales channels

The **Account deletion** flow (§7.1) always revokes at the provider side for the seven providers that support it, so no manual step is needed if you delete your account.

8. Your Rights

Depending on your location, you may have the following rights. To exercise any right, email privacy@unyo.ai with a brief description of your request and proof of identity (so we do not disclose data to impostors).

8.1. GDPR rights (EU/EEA, UK, Switzerland)

Under Articles 15–22 GDPR, you have the right to:

• Access (Art. 15) — Obtain a copy of the personal data we hold about you.

• Rectification (Art. 16) — Correct inaccurate or incomplete data.

• Erasure / "Right to be forgotten" (Art. 17) — Delete your data (most easily done via the in-app Delete my account flow; see Section 7.1).

• Restriction (Art. 18) — Limit how we process your data.

• Portability (Art. 20) — Receive your personal data in a commonly used, machine-readable format. To request an export, email privacy@unyo.ai. We will provide your data in a standard format (such as JSON or CSV) within 30 days of the verified request. We are working on a self-service data export feature in the app Settings, which will supersede the email-based process above once available.

• Object (Art. 21) — Object to processing based on legitimate interests.

• Withdraw consent (Art. 7) — Disconnect any OAuth integration at any time from Settings → Integrations.

• Lodge a complaint with your national data protection authority. For France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés), https://www.cnil.fr/.

8.2. CCPA / CPRA rights (California residents)

• Right to know what personal information we collect and for what purpose

• Right to delete personal information

• Right to opt-out of sale (we do not sell personal data)

• Right to non-discrimination for exercising your rights

8.3. LGPD rights (Brazilian residents)

Equivalent rights under the Lei Geral de Proteção de Dados (Law No. 13.709/2018), including access, correction, anonymization, blocking, deletion, portability, and withdrawal of consent.

8.4. Response times

We respond to verified requests within 30 days. Complex requests may require up to 60 additional days, in which case we will inform you of the extension.

9. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

9.1. Encryption

• At rest: OAuth access tokens and refresh tokens are encrypted using PostgreSQL pgcrypto PGP symmetric encryption before being stored.

• In transit: All traffic to and from Unyo uses TLS 1.2 or higher.

9.2. Access control

• Row-Level Security (RLS) policies on every user-scoped table. A user can never read another user's data.

• SECURITY DEFINER functions gate all privileged operations (token decryption, user purge, admin actions).

• Multi-Factor Authentication (MFA) on all administrator accounts (Supabase, Google Cloud, Vercel).

9.3. Audit and monitoring

• Source code is version-controlled on GitHub with branch protection on main.

• Database changes go through reviewed SQL migrations.

• Edge function deployments are logged and versioned.

• Storage and database access is logged by Supabase.

9.4. Limitations

No online service can be made perfectly secure. We use reasonable, industry-standard measures, but we cannot guarantee the absolute security of your data. If we become aware of a personal data breach affecting you, we will notify you without undue delay and, where required, notify the CNIL within 72 hours in accordance with Article 33 GDPR.

10. Children's Privacy

Unyo is intended for users aged 18 or older. We do not knowingly collect personal data from children under 18.

10.1. Parental action

If you are a parent or guardian and believe your child has provided personal data to Unyo, please contact privacy@unyo.ai. We will verify the claim and delete the data within 30 days.

10.2. Age verification

We rely on your representation at sign-up that you are at least 18. We reserve the right to request proof of age if there is reasonable doubt. Accounts identified as belonging to minors are deleted immediately.

10.3. Applicable laws

This Section addresses obligations under the Children's Online Privacy Protection Act (COPPA) in the United States, the UK Age-Appropriate Design Code, and the age-based provisions of the GDPR (Art. 8).

11. International Data Transfers

Unyo is operated from France (EU/EEA). Some subprocessors are located outside the EU/EEA; see Section 6 for the full list and the legal safeguards that apply. Your data may be processed in the following countries: France, other EU/EEA member states, United Kingdom, United States, Canada.

We do not transfer personal data to jurisdictions without adequate protection unless one of the following safeguards is in place: an adequacy decision, Standard Contractual Clauses (SCCs), or the EU-US Data Privacy Framework (for certified US recipients).

12. Cookies and Tracking

12.1. Web application (unyo.app)

We use strictly necessary cookies only to maintain your authenticated session. These cookies cannot be disabled without breaking the Service.

12.2. Marketing website (unyo.ai)

The marketing website currently does not set analytics, advertising, or tracking cookies. If we introduce analytics (e.g. Google Analytics) in the future, we will:

1. Display a GDPR-compliant cookie consent banner.

2. Load analytics only after you have given explicit consent.

3. Honor opt-out choices across sessions.

12.3. No third-party advertising

Unyo does not serve third-party advertising on any of its properties. We do not use tracking pixels or cross-site tracking technologies.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or in applicable law.

13.1. Notification

For material changes (e.g. a new category of data, a new subprocessor with broader access, a change to retention), we will notify affected users by email sent to the address on your account, at least 30 days before the change takes effect.

13.2. Non-material changes

For clarifications, typography, or minor wording improvements, we will update the "Last updated" date at the top of this document without individual notice.

13.3. Continued use

Continued use of Unyo after a change takes effect constitutes acceptance of the updated Policy. If you do not agree, you may delete your account at any time (see Section 7.1).

14. Contact

For any question, concern, or request relating to this Privacy Policy or your personal data:

• General support: support@unyo.ai

• Privacy and Data Protection: privacy@unyo.ai

• Postal address: Unyo SASU, 6 Rue d'Armaillé, 75017 Paris, France

• SIREN: 104 459 391

If you are in the EU/EEA and are not satisfied with our response, you may lodge a complaint with your national data protection authority. For France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL), https://www.cnil.fr/.

This Privacy Policy is published at https://unyo.ai/policies/privacy and governs the use of Unyo on and after 20 April 2026.