Privacy Policy

Last Updated: 9 April 2026

This Privacy Policy explains how Graylin ("the Service", "we", "us", "our") collects, uses, stores, protects, and shares your personal information. By using the Service, you agree to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password, organization details.
• Profile Information: Preferences, settings, timezone.
• Conversation Data: Messages, prompts, and responses exchanged with AI assistants.
• Files & Documents: Any files you upload for processing.
• API Keys & Credentials: Third-party service credentials you configure (stored encrypted).

1.2 Automatically Collected Information

• Device information (browser type, OS, IP address)
• Usage analytics and session data
• Error logs and performance metrics
• Timestamps and activity patterns

1.3 Third-Party Data

We may receive data from authentication providers (OAuth) and integrated services you connect. We do not purchase personal data from third parties.

2. How We Use Your Information

Your information is used for:

• Providing and personalizing the Service
• Processing your requests and AI interactions
• Maintaining and improving the platform
• Communicating service updates and support
• Ensuring security and preventing abuse
• Complying with legal obligations

3. AI Processing

Your conversations and data may be processed by AI models to provide responses and assistance. This processing includes:

• Generating responses to your queries
• Analyzing context for better assistance
• Improving AI model performance (using anonymized data only)

We do not use your personal conversations to train AI models without explicit consent. Anonymized, aggregated data may be used to improve general service quality.

4. Data Isolation & Security

Each tenant's data is isolated using:

• Per-tenant encryption keys (never shared across tenants)
• Isolated compute environments (OCI containers)
• Strict access controls and audit logging
• Encrypted storage at rest and in transit

Control plane services cannot access tenant encryption keys.

5. Data Sharing

We may share personal data only with:

• Cloud infrastructure providers (for hosting)
• AI model providers (for processing requests)
• Analytics services (aggregated/anonymized data only)
• Legal authorities when required by law

Any third party with whom we share user data is contractually required to provide the same or equal protection of user data as stated in this Privacy Policy.

We do not sell personal data.

6. Third-Party AI Providers

The Service may use third-party AI providers to process your requests. When this occurs:

• Only necessary data is sent to the provider
• Providers are contractually bound to protect your data
• You can configure which providers are used (where applicable)

7. Google API Services

Graylin's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google account, Graylin may request access to the following services based on the features you enable:

7.1 Google Sign-In

We use Google OAuth2 for authentication. This provides us with your name, email address, and profile picture to create and manage your Graylin account. No additional Google data is accessed for sign-in.

7.2 Gmail (Read & Send)

If you enable the email integration, Graylin accesses your Gmail to:

• Read incoming emails so your AI assistant can process and respond to messages on your behalf
• Send emails as instructed by you through the AI assistant
• Mark messages as read after processing

Email content is processed in your isolated tenant environment and is not shared with other users or used for advertising.

7.3 Google Calendar

If you enable the calendar integration, Graylin accesses your Google Calendar to:

• List your calendars and events so your AI assistant can answer scheduling questions
• Create, update, and delete events as instructed by you
• Set up video conferencing (Google Meet) for events you create

7.4 Google Drive

If you enable the cloud storage integration, Graylin accesses Google Drive to:

• List, read, upload, and organize files in your Drive that you access through Graylin
• Only files created by or opened through Graylin are accessible (not your entire Drive)

7.5 Google Contacts

If you enable the contacts integration, Graylin accesses your Google Contacts to:

• Import your contacts into Graylin's address book for use by your AI assistant
• Search your contacts when composing emails or scheduling meetings

Contact data is read-only — Graylin does not modify your Google Contacts.

7.6 Data Handling for Google Data

• Google user data is stored in your encrypted, isolated tenant environment
• We do not use Google user data for advertising, market research, or to train AI models
• We do not share Google user data with third parties except as necessary to provide the Service (e.g., AI providers processing your requests)
• You can revoke Graylin's access to your Google account at any time through your Google Account settings or by disconnecting the integration in Graylin
• Upon account deletion, all Google-sourced data is permanently removed from our systems

8. International Transfers

Data may be stored or processed in locations outside your home country. We use appropriate safeguards such as contractual clauses, encryption, and compliance certifications to protect data.

9. Data Retention

We retain data for as long as necessary to provide the Service and comply with legal requirements:

• Account data: Retained while account is active
• Conversation history: Retained until you delete it or close your account
• Audit logs: Retained for security and compliance purposes

You may delete your data at any time through account settings or by contacting support.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Request correction or deletion
• Export your data (data portability)
• Withdraw consent
• Object to certain processing
• Lodge a complaint with a supervisory authority

To exercise these rights, contact: gl@graylin.ai

11. Cookies & Tracking

We use essential cookies for authentication and session management. We may use analytics cookies to understand usage patterns. You can configure cookie preferences in your browser settings.

12. Children's Privacy

Graylin is not intended for users under the age of 18. We do not knowingly collect personal data from children.

13. Security Measures

We implement industry-standard security measures including:

• Encryption at rest and in transit (TLS 1.3)
• Regular security audits and penetration testing
• Access controls and authentication
• Intrusion detection and monitoring

No system is completely secure. We encourage you to use strong passwords and protect your credentials.

14. Changes to this Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or through the Service. Continued use after changes constitutes acceptance.

15. Contact Us

If you have questions about this Privacy Policy, contact us at:
gl@graylin.ai