Privacy Policy

1. Introduction

Assistant0 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal assistant application.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and profile information via Auth0 authentication
• Documents: Files you upload (PDFs, text documents) for AI-powered analysis
• Conversations: Chat messages and interactions with the AI assistant
• Workspace Data: Workspace names, descriptions, and organizational preferences

2.2 Information We Collect Automatically

• Usage Data: Actions performed, tools used, timestamps, and interaction patterns
• Audit Logs: Comprehensive logs of AI agent actions for security and compliance
• Technical Data: IP address, browser type, device information, and session data

2.3 Third-Party Services

With your explicit consent, we may access:

• Gmail: Read and compose emails on your behalf
• Google Calendar: Read calendar events and schedules
• These integrations use Auth0 Token Vault and require your explicit authorization

3. How We Use Your Information

• To provide and maintain the AI assistant service
• To process your requests and enable tool integrations (Gmail, Calendar, etc.)
• To generate embeddings and enable semantic search of your documents
• To maintain audit logs for security, debugging, and compliance
• To enforce access controls and workspace isolation via Auth0 FGA
• To improve and optimize our AI models and services
• To detect, prevent, and address security issues or fraud

4. Data Processing and AI Services

We use the following third-party AI and cloud services:

• Mistral AI: Processes conversations and generates document embeddings
• Vercel: Hosts the application infrastructure
• Neon: Stores your data in a secure PostgreSQL database
• Auth0: Manages authentication and authorization
• Exa AI: Powers semantic web search capabilities

These services process your data according to their respective privacy policies and our data processing agreements.

5. Data Security

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Authentication: Secure authentication via Auth0 with MFA support
• Authorization: Fine-grained access control using Auth0 FGA
• Token Management: OAuth tokens secured via Auth0 Token Vault
• Audit Logging: Comprehensive logging of all actions for security monitoring
• Workspace Isolation: Data segregation between workspaces via FGA policies

6. Data Retention

• Your account data is retained while your account is active
• Documents and embeddings are retained until you delete them
• Audit logs are retained for security and compliance purposes
• Conversation history may be retained for service improvement
• You may request deletion of your data at any time (see Your Rights below)

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Export: Receive your data in a portable format
• Revoke Consent: Disconnect third-party integrations at any time
• Object: Object to certain data processing activities

8. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: