Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Data. Name, email address, and authentication credentials collected through our identity provider.
• Payment Data. Billing address and payment instrument details processed by our third-party payment processor. We do not store full payment card numbers.
• Communications. Any messages, feedback, support requests, or other content you send to us.
• User Preferences. Settings, configurations, and instructions you provide to customize the Service.

1.2 Information from Connected Accounts

When you authorize connections to third-party services (email, calendar, contacts, and similar platforms), we access and process data from those services through secure OAuth tokens or equivalent authorization mechanisms. This may include email content, metadata, headers, attachments, calendar events, contact records, and associated metadata. We never store your third-party passwords.

1.3 Information Collected Automatically

• Device & Browser Data. IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Usage Data. Pages viewed, features used, click patterns, session duration, referring URLs, and interaction logs.
• Log Data. Server logs, error reports, and performance telemetry generated during your use of the Service.
• Cookies & Similar Technologies. See Section 8 below.

1.4 Information from Third Parties

We may receive information about you from third-party sources, including identity verification services, analytics providers, marketing partners, public databases, and social media platforms, and we may combine such information with information we already hold about you.

2. How We Use Your Information

We use personal information for the following purposes:

• Providing the Service. Operating, maintaining, and delivering the features of the Service, including AI-powered email triage, calendar management, contact enrichment, automated drafting, and daily briefings.
• AI Training & Improvement. Using aggregated, de-identified, and/or anonymized data derived from your usage to train, fine-tune, evaluate, and improve our machine-learning models, algorithms, and Service quality. Such derived data shall not be considered personal information once de-identified in accordance with applicable law.
• Analytics & Research. Conducting internal analytics, benchmarking, and research to understand usage patterns and improve performance.
• Safety & Security. Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues.
• Communications. Sending transactional messages, service announcements, security alerts, and, where permitted, promotional communications.
• Legal Compliance. Fulfilling our legal obligations, responding to lawful requests, and establishing, exercising, or defending legal claims.
• Business Operations. Supporting mergers, acquisitions, financing, audits, and other corporate transactions.

3. How We Share Your Information

We do not sell your personal information as the term "sell" is traditionally understood. We may disclose your information to the following categories of recipients:

• Service Providers. Third-party vendors who perform services on our behalf, including cloud hosting, infrastructure, AI model inference, email synchronization, payment processing, analytics, and customer support. These providers are contractually obligated to use your data only as directed by us.
• AI & LLM Providers. We transmit data to third-party large language model providers for inference. While we contractually prohibit these providers from using your data to train their own models, we cannot guarantee their compliance with such restrictions. Your use of the Service constitutes acknowledgment of this risk.
• Legal & Regulatory. When required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers. In connection with any merger, acquisition, reorganization, sale of assets, bankruptcy, or similar transaction, your information may be transferred to the acquiring entity. We will notify you via the Service or email if your information becomes subject to a different privacy policy.
• With Your Consent. We may share information with third parties when you direct us to do so or provide explicit consent.
• Aggregated & De-Identified Data. We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with any third party for any purpose.

4. Data Retention

We retain personal information for as long as your account is active and for a reasonable period thereafter, or as necessary to fulfill the purposes described in this Privacy Policy — including to satisfy legal, accounting, regulatory, or reporting requirements; to resolve disputes; to enforce our agreements; and to support business operations. De-identified and aggregated data may be retained indefinitely.

When you delete your account, we will delete or de-identify your personal information within ninety (90) days, except where retention is required or permitted by applicable law.

5. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, destruction, use, modification, or disclosure. These measures include encryption in transit (TLS 1.2+) and at rest, access controls, audit logging, and infrastructure hosted on SOC-2 compliant providers.

However, no method of electronic transmission or storage is completely secure. We cannot and do not guarantee the absolute security of your information, and you acknowledge that you transmit data to us at your own risk.

6. International Data Transfers

Your information may be transferred to, stored, and processed in the United States or any other country where we or our service providers maintain facilities. These countries may have data protection laws that differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. We will take commercially reasonable steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

7. Your Rights & Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

• The right to access the personal information we hold about you.
• The right to request correction of inaccurate information.
• The right to request deletion of your personal information, subject to certain exceptions.
• The right to data portability — receiving your data in a structured, machine-readable format.
• The right to object to or restrict certain processing activities.
• The right to withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@pers.to. We may require verification of your identity before processing your request and may deny requests where permitted or required by law. We will not discriminate against you for exercising your rights.

8. Cookies & Tracking Technologies

We use cookies and similar technologies (pixels, local storage, session storage) for the following purposes:

• Essential Cookies. Required for authentication, security, and core Service functionality. These cannot be disabled.
• Analytics Cookies. First-party analytics to understand usage patterns, measure performance, and improve the Service.

We do not use third-party advertising or behavioral tracking cookies. You may control non-essential cookies through your browser settings, but doing so may impair certain features.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@pers.to.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of "sales" or "sharing" of personal information, and the right to non-discrimination. We do not sell or share (as defined by the CCPA/CPRA) your personal information. To submit a verifiable consumer request, contact us at privacy@pers.to.

11. European Economic Area, UK & Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing your personal information include: (a) performance of a contract, (b) our legitimate interests (improving the Service, fraud prevention, security), (c) your consent, and (d) compliance with a legal obligation. You have the right to lodge a complaint with your local data protection supervisory authority.

12. Third-Party Links & Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party service before providing personal information.

13. Changes to This Policy

We may update this Privacy Policy at any time. When we do, we will revise the "Effective date" at the top of this page and, at our discretion, provide additional notice (such as an in-app banner or email). Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at: