Privacy Policy

Last updated: November 29, 2025
Effective date: November 29, 2025

CamyAI Inc. ("Camy", "Company", "we", "us", or "our") explains in this Privacy Policy how we collect, use, disclose, and protect information about you when you use our websites, products, and services (collectively, the "Service"). It also describes your privacy rights and how to exercise them.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Who We Are and How To Contact Us

Company: CamyAI Inc.
Address: 1449 S Michigan Ave, STE 13146, Chicago, IL 60605, USA
Email: support@camyai.com
Website: https://camyai.com

Interpretation and Definitions

Interpretation
The words with initial capital letters have meanings defined under the conditions below. The following definitions shall have the same meaning regardless of whether they appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

  • "Account" means a unique account created for you to access the Service.
  • "Affiliate" means an entity that controls, is controlled by, or is under common control with a party.
  • "Cookies" are small text files placed on your device to store and track information.
  • "Device" means any device that can access the Service (for example, a computer, phone, or tablet).
  • "Personal Data" is information that relates to an identified or identifiable individual.
  • "Service" means the websites, apps, products, and services we provide.
  • "Service Provider" means any third party that processes data on our behalf.
  • "Usage Data" means data collected automatically by the Service (for example, page views and device information).
  • "Website" refers to Camy, accessible at https://camyai.com.
  • "You" means the individual or entity using the Service.

What We Collect

Personal Data you provide:

We collect Personal Data that you provide directly to us, such as:

  • Contact details (e.g., name, email address, company name, role/title).
  • Account credentials and settings.
  • Content you choose to connect or upload (for example, emails, calendar events, files, messages, notes, and integrations data).
  • Support requests and feedback you submit to us.
  • Payment and subscription information processed via our payment provider(s).

Personal Data from connected services (if you choose to integrate):

If you connect third‑party services (for example, Google, Microsoft, Apple, or other productivity, communications, CRM, or file‑storage providers), we may receive:

  • Email, calendar, files, contacts, and similar account data you authorize us to access.
  • App marketplace purchase information (such as Apple in‑app purchases), where applicable.

Usage Data collected automatically:

When you use the Service, we automatically collect certain Usage Data, which may include:

  • IP address, device identifiers, browser type, and browser settings.
  • Pages viewed, referring/exit pages, timestamps, and approximate location (city/region level).
  • Diagnostic, crash, and performance data.
  • Cookies and similar technologies (pixels, SDKs, local storage, and beacons) used for functionality, analytics, security, and—where permitted—advertising/attribution.

Inference data and AI-related data:

We may generate machine-produced data (for example, summaries, classifications, embeddings, and suggestions) derived from your content and usage in order to provide and improve features. We do not intentionally collect "sensitive" Personal Data unless you provide it or a particular feature requires it. Do not upload or connect information you are not authorized to share.

Sources of Personal Data

We obtain Personal Data from:

  • You directly, when you create an account, use features, or contact support.
  • Connected accounts and integrations that you authorize.
  • Service Providers that support our operations (for example, analytics, hosting, payments, and communications).
  • Publicly available sources and partners, where permitted by law.

How We Use Personal Data

We use Personal Data to:

  • Provide, maintain, secure, and improve the Service.
  • Operate integrations you authorize (for example, email/calendar sync, file access, and productivity integrations).
  • Personalize features, generate insights, and deliver AI‑powered assistance.
  • Communicate with you about Service notices, updates, security alerts, and—where permitted—marketing.
  • Analyze usage, debug issues, and enhance performance.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and legal requests.
  • Comply with laws, enforce terms, and protect our rights, users, and the public.
  • Any other purpose with your consent.

Legal Bases for Processing (EEA/UK/Swiss Users)

Where required by law, we process Personal Data based on:

  • Contract: to provide the Service you requested.
  • Legitimate interests: to secure, improve, and operate the Service and to send non‑marketing communications, balanced against your rights.
  • Consent: for certain analytics, marketing, and optional integrations; you can withdraw consent at any time.
  • Legal obligation: to comply with applicable laws and requests.

Cookies and Tracking

We use:

  • Strictly necessary Cookies: to sign you in, secure the Service, and provide core functionality.
  • Functional Cookies: to remember your preferences.
  • Analytics Cookies/SDKs: to understand usage and improve the Service.
  • Advertising/Attribution: where applicable, to measure campaign performance and offer relevant content.
You can control Cookies via your browser settings. Where required by law, we obtain consent before setting non‑essential Cookies. Some features may not function properly without certain Cookies.

How We Share Personal Data

We do not sell your Personal Data for money. We may "share" Personal Data for cross‑context behavioral advertising as defined under certain state laws (see "California Notice at Collection" below), and you can opt out. We disclose Personal Data to:

  • Service Providers: such as hosting, cloud infrastructure, analytics, communications, customer support, email delivery, authentication, payments/billing, security, fraud prevention, and AI models/providers used to deliver features. These Service Providers are authorized to use your information only as necessary to provide services to us and must protect it.
  • Integration partners you authorize: if you connect third‑party accounts (for example, email, calendar, file‑storage, productivity, or identity providers), we exchange data with those providers as necessary to enable the integration, consistent with your settings and this Policy.
  • Professional advisors: such as lawyers, auditors, and insurers, where necessary for the services they provide to us.
  • Corporate events: in connection with a merger, acquisition, financing, or sale of all or part of our business or assets, subject to appropriate confidentiality and data protection obligations.
  • Legal compliance: to comply with law, regulations, legal processes, or governmental requests; to enforce our terms; or to protect the rights, property, or safety of Camy, our users, or others.
We require recipients to protect your Personal Data in a manner consistent with this Policy and applicable laws. We do not allow third parties to use your integration data (including Google user data or data from other connected accounts) for their own independent advertising or marketing purposes without your consent.

Google User Data and Other Third-Party Integrations

When you connect third‑party accounts to the Service—such as Google Workspace (for example, Gmail, Google Calendar, Google Drive), Microsoft 365, Apple services, or other productivity/communications/storage providers—we access and process data from those accounts only as necessary to provide the features you choose to use, consistent with this Privacy Policy and the permissions you grant.

  • Limited use: Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide or improve user‑facing features and not to serve ads.
  • No unauthorized sharing: We do not transfer or disclose your Google user data—or data from other connected accounts—to third parties for purposes other than (a) providing and maintaining the Service and integrations you selected, (b) complying with law or legal process, or (c) with your direction or consent.
  • No independent advertising use: We do not allow Google user data or data from other integrations to be used for independent advertising, profiling for advertising, or to build marketing‑oriented user profiles outside the Service.
  • Human access: Human access to Google user data and other integration data is limited to specific purposes such as resolving a support request you initiate, investigating security issues, complying with legal obligations, or when you otherwise give us permission. In all cases, access is subject to confidentiality and access‑control measures.
  • Your controls: You can connect or disconnect integrations at any time in product settings or via the relevant third‑party account management pages. Disconnecting an integration stops future data flows from that account; we handle existing data as described in "Data Retention" and "How to Exercise Your Rights".
For non‑Google integrations, we likewise comply with the applicable platform terms and use data only as needed to deliver the features you choose to use, subject to this Privacy Policy.

International Transfers

We may process and store Personal Data in the United States and other countries with different data protection laws. Where required (for example, for EEA/UK/Swiss data), we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures.

Data Retention

We retain Personal Data only as long as reasonably necessary for the purposes described in this Policy or as required by law. For example:

  • Account data: kept for the life of your account and then deleted or anonymized within 30–90 days after account deletion or termination, subject to longer retention where legally required (for example, tax, accounting, or dispute‑resolution purposes).
  • Integration data (including Google user data): kept while the integration remains connected and as needed to operate the relevant features. When you disconnect an integration or delete your account, we delete or anonymize associated integration data within 30–90 days, subject to legal retention requirements or overriding security needs (such as fraud prevention and audit logs).
  • Logs and analytics: typically retained for up to 12–24 months, then aggregated or deleted, unless a longer period is required for security, compliance, or legitimate business needs.
  • Backups: persist for a limited, rotating period (commonly up to 90 days), after which data is overwritten or securely deleted.
When a retention period expires, we will delete, anonymize, or destroy the data in a secure manner. You may request deletion of your data, including data obtained from integrations, as described under "How to Exercise Your Rights" below.

Security

We use administrative, technical, and organizational safeguards designed to protect Personal Data, including data obtained from Google and other third‑party integrations. We use encryption for data in transit and, where appropriate, at rest; apply access controls and authentication mechanisms; monitor our systems; and regularly review our security practices. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we work to protect your data in line with applicable laws and industry standards.

Your Privacy Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete Personal Data.
  • Withdraw consent where processing is based on consent.
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Opt out of "sale"/"sharing" or targeted advertising where applicable.
  • Appeal a denial of your request (for certain U.S. states).
You can make a request by emailing support@camyai.com. We will verify your request and respond as required by law. Authorized agents may submit requests where permitted (we may require proof of authorization and identity verification).

California Notice at Collection

Categories of Personal Information collected:

  • Identifiers (for example, name, email, account IDs, device IDs, IP address).
  • Customer records (for example, account profile, billing information via our payment provider).
  • Commercial information (for example, subscriptions and feature usage).
  • Internet/Network activity (for example, browsing, app interactions, diagnostics).
  • Approximate geolocation.
  • Inferences (for example, preferences, AI‑generated suggestions).
  • Sensitive information: generally not sought; may be processed incidentally if included in your connected content.
Sale/Sharing: We do not sell Personal Information for money, but we may "share" identifiers and internet activity for cross‑context behavioral advertising where allowed by law. You may opt out via Global Privacy Control signals where recognized.

Non‑discrimination: We will not discriminate against you for exercising your privacy rights.

Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect Personal Data from them. If you believe a child under 13 has provided Personal Data, please contact us so we can delete it. For California residents aged 13–16, we do not sell or share Personal Data without affirmative authorization.

AI and Automated Decision-Making

Some features use AI models to analyze content you provide (for example, emails, calendars, files) and generate summaries, classifications, recommendations, or assistive outputs.

  • Human oversight: We design AI features for assistive use with human review where appropriate.
  • Controls: You can disconnect integrations and request deletion of your data.
  • Model providers: We may use third‑party AI providers under agreements requiring confidentiality and appropriate use restrictions. We do not permit providers to train their general models on your identifiable content unless we have your permission or clearly provide an opt‑in mechanism.

Third-Party Links and Services

The Service may link to third‑party websites, apps, or services. Their privacy practices are governed by their own policies. You should review those policies before providing data to them.

Your Choices

You have choices about how we use your data, including:

  • Account and integrations: manage in‑app settings to connect or disconnect accounts and control permissions.
  • Emails: opt out of marketing emails via the unsubscribe link in our messages; we may still send transactional or security notices.
  • Cookies: manage Cookies via your browser settings and any consent tools we provide where required.
  • Do Not Track: we currently do not react to browser DNT signals, but we honor Global Privacy Control signals for applicable opt‑outs.

How to Exercise Your Rights

To exercise your rights, submit a request via email support@camyai.com. Please provide sufficient information so we can verify your identity and understand your request. If we cannot verify you, we may be unable to fulfill the request. Where applicable, you may appeal a denied request by replying to our decision.

Data Controller

For users in the EEA/UK/Switzerland, CamyAI Inc. is the controller of your Personal Data. Where required, we will provide additional contact details or local representatives on our website.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page, update the "Last updated" date, and, where required, provide additional notice (for example, by email or in‑Service notification). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Contact Us

If you have any questions about this Privacy Policy, you can contact us: