Privacy Policy

Last updated: February 2025

1. Introduction

This Privacy Policy describes how GiPiTee (“we,” “our,” or “the service”) collects, uses, and protects your information when you use our AI chat assistant and related features, including the web application, SMS (text messaging), and integrated services. By using GiPiTee, you agree to the practices described in this policy.

2. Information We Collect

We collect information that you provide directly and that is generated through your use of the service:

  • Account information: When you sign in (e.g., via Google), we receive your email address, name, and profile picture from the identity provider.
  • Conversation data: Messages you send and receive in chat, including content and timestamps, are stored to provide conversation history and improve your experience.
  • Memories and settings: Stored memories, preferences (e.g., system prompt, model choice, temperature), and tool configurations that you create or that the assistant derives from conversations.
  • Phone number: If you enable SMS, we store the phone number you provide so we can send and receive text messages on your behalf.
  • Google Workspace data: If you connect Gmail, Calendar, or Drive, we access only what is necessary to perform the actions you request (e.g., reading or sending email, managing calendar events). OAuth tokens are stored securely and used solely for those integrations.
  • Technical and usage data: Logs may include request metadata, approximate location (e.g., from hosting or CDN), and error information for operational and security purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the chat assistant, SMS, and integrated features.
  • Authenticate you and manage your account.
  • Store and retrieve your conversation history, memories, and settings.
  • Send you text messages when you have enabled SMS and when the assistant or a tool initiates a message.
  • Operate Google Workspace integrations (Gmail, Calendar, Drive) when you have connected them and requested such actions.
  • Comply with legal obligations, enforce our terms, and protect the security of the service.

4. Data Storage and Third-Party Services

Your data is stored and processed using third-party infrastructure that we rely on to run the service:

  • Supabase: Authentication, database (conversations, messages, memories, settings, SMS settings), and related storage.
  • Vercel (or similar host): Application hosting; requests and logs may be processed on their systems.
  • Twilio: For SMS, we use Twilio to send and receive text messages; message content and phone numbers are processed according to Twilio’s privacy practices and applicable law.
  • Google: When you sign in with Google or connect Google Workspace, Google’s privacy policy applies to data handled by Google.
  • Upstash: Rate-limiting and related technical data may be processed by Upstash when enabled.

AI model inference may be performed by a local or third-party provider (e.g., LM Studio or another API). Message content sent to that provider is used only to generate responses. We do not sell your personal information.

5. Data Retention

We retain your account data, conversations, memories, and settings for as long as your account exists or as needed to provide the service. You may delete conversations and memories from the application. If you delete your account or request deletion, we will remove or anonymize your data in line with our retention and legal obligations.

6. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information.
  • Export your data.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is consent-based (e.g., you may disable SMS or disconnect Google Workspace at any time).

To exercise these rights or ask questions about your data, contact the operator of your GiPiTee instance (e.g., your organization or the administrator who provided you access).

7. Security

We use industry-standard measures to protect your data, including encryption in transit and at rest where supported by our providers, secure authentication, and access controls. You are responsible for keeping your credentials secure. No system is completely secure; we will notify you of breaches as required by applicable law.

8. Children

The service is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact the operator so it can be removed.

9. International Transfers

Your data may be processed in countries other than your own. By using the service, you consent to the transfer of your information to those countries, which may have different data protection laws. Where required, we rely on appropriate safeguards (e.g., standard contractual clauses) for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Continued use of the service after changes constitutes acceptance of the revised policy. For material changes, we may provide additional notice where appropriate.

11. Contact

For privacy-related questions or requests, contact the operator or administrator of the GiPiTee instance you use. If you use a self-hosted or organization-hosted instance, they are the data controller for your data.