Privacy Policy

Introduction

At Myself AI ("we," "our," or "us"), we respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This policy describes the types of information we may collect from you or that you may provide when you visit our website at myselfai.app (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect on this Website, in email, text, and other electronic messages between you and this Website, and through the services provided via this Website.

Information We Collect

Personal Information

We may collect several types of information from and about users of our Website, including:

  • Personal identifiers such as name, email address, and preferences you provide when you register on our Website, subscribe to our service, or otherwise communicate with us.
  • Usage data about your activity on our Website, including the pages you have visited, the time and date of your visit, the time spent on those pages, and other diagnostic data.
  • Device information including your device type, browser type, IP address, operating system, and other technical information.

Calendar and External Integration Data

With your consent, we may access and process information from your Google Calendar to provide enhanced functionality such as:

  • Displaying your upcoming events within the application
  • Creating and managing events and reminders in your calendar
  • Synchronizing tasks with your calendar events

We only access the specific data needed to provide these features and do not store your calendar content on our servers beyond what is necessary to provide the service.

How We Use Your Information

We use the information we collect about you or that you provide to us:

  • To provide, maintain, and improve our services
  • To process and complete transactions, and send related information including confirmations and invoices
  • To send administrative information, such as updates, security alerts, and support messages
  • To personalize your experience and deliver content relevant to your interests
  • To respond to your comments, questions, and requests
  • To protect our services, users, and the public

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Data Protection Mechanisms

We implement comprehensive data protection mechanisms to safeguard your sensitive information. Our security architecture includes multiple layers of protection designed to ensure the confidentiality, integrity, and availability of your data.

Encryption at Rest

All sensitive user data is encrypted at rest using industry-standard AES-256-GCM encryption. This includes:

  • Journal entries: Titles, content, and mood data are encrypted with unique initialization vectors
  • Notes: Titles and content are encrypted using field-level encryption
  • Tasks: Task titles and descriptions are encrypted individually
  • Lists and List Items: All list content and individual items are encrypted
  • Reminders: Reminder titles and descriptions are encrypted
  • Contacts: Names, email addresses, phone numbers, and notes are encrypted

Each encrypted field uses a unique initialization vector (IV) to ensure that identical content produces different encrypted output, providing additional security against pattern analysis.

Encryption in Transit

All data transmission between your device and our servers is protected using:

  • TLS 1.3 encryption: All communications use the latest Transport Layer Security protocol
  • HTTPS enforcement: All connections are automatically redirected to secure HTTPS
  • Certificate pinning: Additional protection against man-in-the-middle attacks

Access Controls

We implement strict access controls to ensure only authorized personnel can access systems containing your data:

  • Role-based access control (RBAC): Access is granted based on job function and necessity
  • Multi-factor authentication: All administrative access requires multiple forms of verification
  • Principle of least privilege: Users and systems are granted only the minimum access necessary
  • Regular access reviews: Access permissions are reviewed and updated regularly

Key Management

Our encryption key management follows industry best practices:

  • Secure key storage: Encryption keys are stored separately from encrypted data
  • Key rotation: Encryption keys are regularly rotated according to security schedules
  • Hardware security modules: Keys are protected using dedicated security hardware when possible
  • Key derivation: Keys are derived using cryptographically secure methods

Database Security

Our database infrastructure implements multiple security layers:

  • Network isolation: Databases are deployed in private networks with restricted access
  • Connection encryption: All database connections use encrypted channels
  • Automated backups: Encrypted backups are created regularly and stored securely
  • Vulnerability scanning: Regular security scans identify and address potential vulnerabilities

Application Security

Our application implements comprehensive security measures:

  • Input validation: All user input is validated and sanitized to prevent injection attacks
  • Content Security Policy (CSP): Strict CSP headers prevent cross-site scripting attacks
  • Authentication and authorization: Robust user authentication with session management
  • Security headers: Implementation of security headers including HSTS, X-Frame-Options, and others

Monitoring and Incident Response

We maintain continuous security monitoring and incident response capabilities:

  • Security monitoring: 24/7 monitoring of systems for security threats and anomalies
  • Incident response plan: Documented procedures for responding to security incidents
  • Audit logging: Comprehensive logging of access and activities for security review
  • Regular security assessments: Periodic security audits and penetration testing

Compliance and Standards

Our data protection mechanisms are designed to meet or exceed industry standards:

  • GDPR compliance: Data protection measures align with General Data Protection Regulation requirements
  • SOC 2 Type II controls: Implementation of security controls based on SOC 2 frameworks
  • Industry best practices: Regular review and implementation of security best practices
  • Data minimization: Collection and retention of only necessary data

Data Security

Beyond our comprehensive data protection mechanisms detailed above, we maintain additional security practices to ensure the ongoing protection of your personal information:

  • Regular security training: All personnel receive ongoing security awareness training
  • Vendor security assessments: Third-party service providers undergo security evaluations
  • Secure development lifecycle: Security is integrated into our software development process
  • Business continuity planning: Comprehensive plans ensure service availability and data protection during disruptions

While we implement industry-leading security measures, we cannot guarantee absolute security. We encourage users to maintain good security practices on their end, including using strong passwords and keeping their devices secure.

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

  • The right to access the personal information we have about you
  • The right to request correction of inaccurate personal information
  • The right to request deletion of your personal information
  • The right to withdraw consent at any time, where we rely on consent to process your information
  • The right to object to our processing of your personal information
  • The right to data portability

To exercise any of these rights, please contact us using the information provided at the end of this policy.

Third-Party Services

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We may use third-party Service Providers to:

  • Facilitate our Service
  • Provide the Service on our behalf
  • Perform Service-related services
  • Assist us in analyzing how our Service is used

These third parties may have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Google API Limited Use Disclosure & Data Protection

Myself AI's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google Data Protection Mechanisms

We implement specific protection mechanisms for Google API data:

  • Encryption of Google data: All Google Calendar data accessed through APIs is encrypted using the same AES-256-GCM encryption as other sensitive data
  • Secure API communications: All communications with Google APIs use TLS 1.3 encryption and OAuth 2.0 authentication
  • Token security: Google API access tokens are stored securely and encrypted at rest
  • Data minimization: We only request the minimum scope of permissions necessary for functionality
  • Secure storage: Google calendar data is stored in encrypted format in our secure database infrastructure
  • Access logging: All access to Google API data is logged and monitored for security purposes

Limited Use Compliance

Strict adherence to Google's Limited Use Policy: The use of information received from Google Workspace APIs will adhere to the Workspace API user data and developer policy, including the Limited Use requirements.

Specifically, our Google Calendar integration:

  • Explicit consent: Only accesses calendar data necessary for the features you've explicitly enabled
  • No third-party transfers: Does not transfer your Google user data to third parties
  • No advertising use: Does not use your Google user data for advertising purposes
  • Human access restrictions: Does not allow humans to read your data unless required for security purposes or with your explicit consent
  • Feature-specific use: Uses your data only to provide or improve user-facing features visible in our application
  • No AI training: Does not use your data to develop, improve, or train non-personalized AI and/or ML models
  • Secure deletion: Google data is securely deleted when you revoke access or delete your account
  • Audit compliance: Regular audits ensure ongoing compliance with Google's policies

User Control Over Google Data

You maintain full control over your Google data integration:

  • Permission management: You can review and revoke Google API permissions at any time
  • Data synchronization control: You can enable or disable calendar synchronization features
  • Selective access: You can choose which calendars to integrate with our service
  • Immediate revocation: Revoking access immediately stops our ability to access your Google data

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: support@myselfai.app

Last Updated: 6/28/2025