← Back to Home

Privacy Policy

Last updated: February 14, 2026

1. Introduction

Welcome to Alfred. This Privacy Policy explains how Alfred.ai ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use the Alfred AI assistant through supported messaging platforms. We are committed to protecting your privacy and ensuring transparency about our data practices, particularly regarding how your data interacts with artificial intelligence models.

2. Information We Collect

We collect information strictly necessary to provide and maintain the Service.

• Account Information: When you interact with Alfred, we collect your messaging platform identifier (e.g., your phone number or username) to create and authenticate your account.
• Interaction Data: We collect the direct messages, voice notes, and files you send directly to Alfred within the chat interface.
• Connected Third-Party Data: If you choose to link third-party services (such as Google Workspace or Microsoft accounts), we access data such as emails, calendar events, and cloud storage files strictly based on the permissions you explicitly grant during the OAuth authorization process.

3. How We Use Your Information

We use your information solely for the following purposes:

• To provide, operate, and maintain the Alfred Service.
• To execute specific tasks you request, such as sending emails, scheduling events, or searching for information.
• To troubleshoot technical issues, fix bugs, and ensure the reliability of the Service.
• To communicate with you regarding security updates, technical notices, and changes to our Terms or Policies.

4. AI Processing and Model Training

Alfred operates as a passthrough AI service. We prioritize your privacy through strict data boundary rules:

• No Foundation Model Training: We do not use your personal data, chat messages, or connected third-party data to train, fine-tune, or improve the foundation weights of any generalized artificial intelligence or machine learning models.
• Zero Data Retention (ZDR) API Partners: Your interactions are transmitted securely to our enterprise AI infrastructure partners strictly for the purpose of generating immediate responses. We mandate that these partners adhere to Zero Data Retention (ZDR) agreements, ensuring your data is not retained after the response is generated and is never used to train their models.
• Voice Message Processing: When you send voice messages, the audio is transmitted to our speech-to-text infrastructure partner strictly for transcription. The audio data is processed in real time, is not retained after transcription is complete, and is never used to train models.

5. Human Review and Debugging

To maintain service quality and resolve technical issues, authorized Alfred.ai personnel may review portions of your direct conversational interactions with Alfred.

• AI Development Tools: During debugging, our engineers may utilize enterprise-grade AI coding assistants. These third-party tools are governed by strict Zero Data Retention (ZDR) agreements, ensuring that your data is never used to train generalized models.
• Strict Exclusion of Third-Party Data: Human review and the use of AI debugging tools strictly exclude data fetched from connected third-party integrations (such as emails, calendar entries, or drive files). No human personnel will ever access your integrated third-party data unless you provide separate, explicit written consent for a specific support request, or if we are legally compelled to do so.

6. Google API Limited Use Disclosure

Alfred's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

1. We use data obtained via Google APIs (such as Gmail or Google Calendar data) strictly to provide or improve user-facing features of the Service.
2. We will not transfer this data to third parties unless necessary to provide the core user-facing features, for security purposes (such as investigating abuse), to comply with applicable laws, or as part of a merger or acquisition.
3. We will not allow humans to read Google user data unless we have your affirmative agreement for specific messages (e.g., for a specific support request), it is necessary for security purposes (such as investigating abuse), it is aggregated and anonymized and used for internal operations, or it is required by law.
4. We do not use or transfer Google API data for serving advertisements.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share your data in the following limited circumstances:

• Service Providers: With trusted infrastructure and AI API partners (under ZDR agreements) required to operate the Service.
• Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

8. Data Security and Retention

We implement industry-standard security measures to protect your data, including encryption of all communications in transit.

• Direct Conversation Logs: To provide you with long-term contextual memory and to facilitate technical debugging, we retain conversation logs for a period of up to 365 days, after which they are securely deleted. You may also request deletion of your data at any time (see Section 9).
• Account Data: Account identifiers and profile information are retained for the duration of your active use of the Service, and are deleted upon account deletion request.
• Third-Party Integration Data: Data accessed from connected third-party integrations (such as emails, calendar events, or cloud storage files) is retrieved dynamically at runtime to fulfill your requests and is not stored independently on our servers. References to such data may still appear within your conversation logs and are subject to the same retention period described above.
• Voice Messages: Audio files are processed in real time for transcription and are not retained after processing is complete.

9. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify affected users within seventy-two (72) hours of becoming aware of the breach. Notification will be provided through the Service, via email where available, and/or through a prominent notice on our website. We will also notify relevant regulatory authorities and third-party providers (such as Google) as required by applicable law.

10. International Data Processing

The Service is intended solely for users located outside the European Economic Area (EEA). We do not intentionally collect data from or offer services to individuals in the EEA.

The Service is operated from infrastructure located in Finland and the United States. Your data may be processed in these jurisdictions as necessary to provide the Service. Our AI infrastructure partners may process data in the United States under ZDR agreements. By using the Service, you acknowledge and consent to the processing of your data in these locations.

11. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to promptly delete that information. If you believe that a child under 18 has provided us with personal information, please contact us at the address below.

12. Cookies and Tracking Technologies

The Service is primarily delivered through messaging platforms and does not use cookies, web beacons, or similar tracking technologies. Our OAuth authorization pages (used to connect third-party accounts) do not set cookies or employ tracking technologies.

13. Your Rights and Choices

• Revoking Third-Party Access: You can revoke Alfred's access to your connected accounts at any time directly through the security settings of your third-party provider (e.g., your Google Account permissions page).
• Account Deletion: You have the right to request the complete deletion of your Alfred account and associated data. You can exercise this right by sending a message to Alfred saying "delete my account" or by emailing us at the address below. Upon request, we will permanently delete your account identifier and associated chat history.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you through the Service and update the "Last Updated" date at the top of this page. Your continued use of the Service after notification of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@misteralfred.ai
Website: misteralfred.ai