Privacy Policy

Last Updated: January 17, 2025

This Privacy Policy describes how ResonarAI (“we”, “us”, “our”, or the “Service”) collects, uses, stores, and protects your information when you use our AI assistant Telegram bot service.

1. Overview

ResonarAI is an AI-powered personal assistant accessible via Telegram that helps you manage your email, calendar, files, and contacts across connected services like Google Workspace and iCloud. This policy explains our data practices for all connected services.

2. Information We Collect

2.1 Account Information

When you use ResonarAI, we collect:

• Telegram account data: Your Telegram user ID, username, first name, last name, profile photo URL, and premium status
• Service preferences: Your timezone, language preference, and custom instructions you provide to the assistant

2.2 Connected Account Data

When you connect external accounts (Google Workspace, iCloud, or other services), we store:

• Authentication credentials: Encrypted tokens or passwords required to access your accounts (see Sections 3 and 4 for details)
• Account identifiers: Email addresses of connected accounts
• Granted permissions: The specific scopes/permissions you authorized

2.3 Conversation Data

We store your interactions with the assistant, including:

• Messages: Text messages you send to the bot and responses from the assistant
• Tool execution logs: Records of actions performed on your behalf (e.g., emails sent, calendar events created)

3. Connected Services: How We Handle Your Data

3.1 General Principles

For all connected services (Google Workspace, iCloud, and any future integrations), we follow these principles:

Data Access: We only access data you explicitly request through conversation with the assistant. We do not perform bulk data collection or background data synchronization.

Data Use: Your data from connected services is used exclusively to:

1. Respond to your requests: When you ask the assistant to read an email, check your calendar, or perform other tasks
2. Provide AI-powered assistance: Processing your data through our AI model to generate helpful responses
3. Maintain conversation context: Storing relevant information from previous interactions to provide coherent, contextual assistance

We do NOT use your data for:

• Advertising or marketing purposes
• User profiling for non-service purposes
• Selling or transferring to third parties
• Training AI models on your personal data

Data Sharing: We share data from connected services only in these limited circumstances:

1. AI Processing: Data is transmitted to Google’s Gemini AI service to generate responses
2. With your explicit consent: If you specifically request us to share information
3. Legal requirements: When required by applicable law, regulation, or legal process
4. Security purposes: To investigate or prevent security threats or fraud

We do NOT:

• Sell your data to third parties
• Share data with advertising platforms or data brokers
• Use data for credit scoring or lending decisions
• Allow human review of your data except for security investigations or legal compliance

3.2 Google Workspace

Based on the permissions you grant, ResonarAI may access the following Google Workspace data:

Service	Read Access	Write Access
Gmail	Search and read emails, view labels, attachments	Send emails, modify labels
Google Calendar	View calendars and events	Create, update, delete events
Google Drive	List and view file metadata	(Not currently implemented)
Google Contacts	View contact information	Create, update contacts

Credential Storage:

• Refresh tokens: Stored encrypted using AES-256-GCM encryption in Google Cloud Firestore
• Access tokens: NOT stored; generated on-demand when needed and discarded after use

Revoking Access: You can disconnect your Google account at any time through ResonarAI settings or via Google Account Permissions.

3.3 iCloud (Apple)

Based on the permissions you grant, ResonarAI may access the following iCloud data:

Service	Read Access	Write Access
iCloud Calendar	View calendars and events	Create, update, delete events
iCloud Contacts	View contact information	Create, update contacts

Credential Storage:

• App-specific password: Stored encrypted using AES-256-GCM encryption in Google Cloud Firestore
• We recommend using a dedicated app-specific password that you can revoke independently

Revoking Access: You can disconnect your iCloud account at any time through ResonarAI settings or revoke the app-specific password via Apple ID Settings.

4. Google API Services User Data Policy Compliance

ResonarAI’s use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements:

1. Limited to stated purposes: We only use Google data to provide and improve the user-facing features of our AI assistant
2. No unauthorized transfers: We do not transfer Google user data except as described in Section 3.1
3. No human reading: We do not allow humans to read your Google data unless:
   • You have given explicit consent for a specific request
   • It is necessary for security purposes
   • It is required by applicable law
   • The data is aggregated and anonymized for internal operations
4. No prohibited uses: We do not use Google data for advertising, user profiling, credit decisions, or selling to third parties

Data Minimization: We only request the minimum OAuth scopes necessary for the features you want to use. You can choose read-only or full access for each service.

5. Data Security

We implement industry-standard security measures:

• Encryption at rest: All credentials encrypted with AES-256-GCM
• Encryption in transit: All data transmitted over HTTPS/TLS
• Access controls: Strict access controls on our cloud infrastructure
• No credential logging: Sensitive credentials are never logged
• Secure infrastructure: Hosted on Google Cloud Platform with enterprise security

6. Data Retention and Deletion

6.1 Retention Periods

• Chat history: Automatically deleted on the 1st of each month if older than 180 days
• Connected account credentials: Retained until you disconnect the account
• Account information: Retained until you request deletion

6.2 Your Deletion Rights

You can request data deletion by:

1. Disconnecting accounts: Remove connected accounts through the Settings menu
2. Deleting conversation history: Request conversation deletion through the bot
3. Full account deletion: Contact us at support@resonar.ai to delete all your data

Upon receiving a deletion request, we will delete your data within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access your data: Request a copy of data we hold about you
• Correct your data: Update incorrect information
• Delete your data: Request deletion of your data
• Revoke access: Disconnect any connected account at any time
• Limit permissions: Choose which services (email, calendar, etc.) to connect

7.2 Withdrawing Consent

You can withdraw consent for data access at any time:

1. Through ResonarAI settings (disconnect account)
2. Through the respective service’s account settings:
   • Google: Google Account Permissions
   • iCloud: Apple ID Settings
3. By contacting us directly at support@resonar.ai

8. Children’s Privacy

ResonarAI is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice in the Telegram bot
• Updating the “Last Updated” date at the top of this policy

Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: support@resonar.ai
• Telegram: Contact us through the ResonarAI bot

12. Additional Disclosures

12.1 Third-Party Services

ResonarAI integrates with the following third-party services:

Service	Purpose	Data Shared
Google Cloud Platform	Infrastructure hosting	All service data
Google Gemini AI	AI response generation	Conversation context including data from connected services
Google Workspace	Email, calendar, drive, contacts	As authorized by user
Apple iCloud	Calendar, contacts	As authorized by user
Telegram	User interface	Messages, user profile

12.2 Service-Specific Disclosures

Google OAuth: When connecting your Google account, you will see a Google consent screen listing the permissions we request. The permissions shown correspond to the features described in Section 3.2.

iCloud: When connecting iCloud, you will need to generate an app-specific password from your Apple ID settings. This password only grants access to the specific services you configure.

---

By using ResonarAI, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.