My AI 4 Life — Your Personal Concierge Service

My AI 4 Life ("we", "our", or "us") operates the Onyt concierge service via WhatsApp, Apple iMessage, and other messaging platforms. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service. By using Onyt, you agree to the practices described in this policy.

1. Information We Collect

When you use Onyt, we collect:

Phone Number or Apple ID: Your phone number or Apple ID, used to identify and communicate with you across supported platforms including WhatsApp and Apple iMessage.
Apple iMessage Data: If you use Onyt via Apple iMessage, we may collect your Apple ID, device identifiers, and message content as necessary to provide the service.
Messages: The content of messages you send to Onyt, used to provide the concierge service and maintain conversation context.
Profile Information: Your name, language preference, timezone, and city — collected during onboarding to personalise your experience.
Usage Data: Interaction timestamps, feature usage, and service performance metrics.
Google Account Data (optional): If you choose to connect your Google account, we access:
- Gmail: We read, search, and send emails on your behalf, as directed by you through Onyt. With your explicit instruction, we may also create email drafts in your Drafts folder, manage thread state (mark as read, archive, move, apply labels), create or rename Gmail labels, and update your Gmail settings (vacation responder, signature, filters). Onyt never deletes emails and never modifies the content of an email you sent or received.
- Google Calendar: We read and write calendar events on your behalf. With your explicit instruction, we may also list the calendars you have available, create or share sub-calendars, and read calendar metadata to surface availability across calendars.
- Google Contacts: With your explicit instruction, we look up contacts by name to resolve recipients you mention in conversation, and we may create or update contact entries when you ask us to save someone's information.
- Google Tasks: When you set a reminder with Onyt, we may also create a corresponding entry in your Google Tasks list so the reminder appears in Google's native Tasks app.
Google account connection is optional and can be disconnected at any time. See Section 5 for details.
Microsoft Account Data (optional): If you choose to connect your Microsoft (Outlook / Microsoft 365) account, we access:
- Outlook Mail (Mail.ReadWrite, Mail.Send): We read, search, and send emails on your behalf, as directed by you through Onyt.
- Outlook Calendar (Calendars.ReadWrite): We read and write calendar events on your behalf, as directed by you.
- Outlook Contacts (Contacts.ReadWrite): We read and create contacts to help resolve names you mention in conversation.
Microsoft account connection is optional and can be disconnected at any time. See Section 5 for details.

2. How We Use Your Information

We use your information solely to:

Provide, personalise, and improve the Onyt concierge experience
Remember context from previous conversations to enable continuity
Send reminders, notifications, and proactive briefings you have requested
Execute actions on connected services (calendar events, emails) as instructed by you
Respond to your support requests
Monitor service reliability and fix technical issues

We do not use your data for advertising, sell it to third parties, or use it to train general-purpose AI models. In particular, data accessed from your connected Google or Microsoft accounts is never used to train, develop, or improve any AI models, whether our own or any third party's.

3. Google API Services — Limited Use Disclosure

Onyt's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

Limited use: We only access Google data (Gmail, Calendar) to provide features you explicitly request through Onyt. We do not access, store, or process Google data for any other purpose.
No transfer: We do not transfer your Google data to third parties except as necessary to provide the requested feature (e.g., sending a message through Gmail).
No advertising: We do not use Google data to serve advertisements.
No unauthorised use: We do not allow humans to read your Gmail or Calendar data unless you explicitly share it with us for support purposes, required by law, or with your consent.
Token storage: Google OAuth tokens are encrypted at rest using AES-256 and stored only for as long as your account is active. Tokens are immediately revoked and deleted when you disconnect your Google account or stop using Onyt.
No AI training: Data accessed from Google APIs — including your Gmail messages, drafts, labels, contacts, calendar, and tasks — is never used to train, develop, or improve any AI models, whether our own or any third party's.
AI processing disclosure: When you ask Onyt to summarise, draft, or otherwise work with your Gmail or Calendar content, the relevant message or event text is transmitted in real time to AI providers (Anthropic, OpenAI, Google) over TLS 1.2+ for the purpose of generating your response. These AI providers process the content under contractual data-handling commitments and do not retain it for training. We do not store full message content on our servers beyond the active session; metadata (such as subject, sender, internal message ID) is retained only as needed to support follow-up commands.
User-initiated actions only: All write actions on Google services (sending emails, creating drafts, modifying threads, applying labels, changing settings, creating events, saving contacts, syncing tasks) are initiated by you. Onyt does not write to your Google account on its own initiative.

3a. Microsoft Graph API Services — Limited Use Disclosure

Onyt's use of information received from Microsoft Graph adheres to Microsoft's Application Privacy and Security requirements. Specifically:

Limited use: We only access Microsoft data (Outlook Mail, Calendar, Contacts) to provide features you explicitly request through Onyt. We do not access, store, or process Microsoft data for any other purpose.
No transfer: We do not transfer your Microsoft data to third parties except as necessary to provide the requested feature (e.g., sending a message through Outlook).
No advertising: We do not use Microsoft data to serve advertisements.
No unauthorised use: We do not allow humans to read your Outlook Mail or Calendar data unless you explicitly share it with us for support purposes, required by law, or with your consent.
Token storage: Microsoft OAuth tokens are encrypted at rest using AES-256 and stored only for as long as your account is active. Tokens (including rotated refresh tokens) are immediately revoked and deleted when you disconnect your Microsoft account or stop using Onyt.

4. Data Storage and Security

We implement technical and organisational measures to protect your data:

Encryption at rest: All stored data — including messages, profile information, and OAuth tokens — is encrypted using AES-256.
Encryption in transit: All data transmitted between your device and our servers is protected using TLS 1.2 or higher.
Access controls: Access to user data is restricted to authorised systems and personnel only.
Infrastructure: Data is stored on AWS infrastructure in the EU (Stockholm, eu-north-1 region), subject to EU data protection standards.

Data Retention:

Active accounts: Profile data and conversation history are retained while your account is active.
On opt-out (STOP): All personal data — including profile information, conversation history, memory files, and connected Google tokens — is permanently deleted immediately upon confirmation.
Inactive accounts: Accounts with no activity for 12 months may be automatically deleted.
Backups: Deleted data may persist in encrypted backups for up to 30 days before permanent removal.

5. Google Account Connection

You may optionally connect your Google account to enable Calendar and Gmail features. When you do:

We request only the OAuth scopes needed for the features you enable. The full set Onyt may request is:

gmail.readonly — read messages for summaries and replies
gmail.send — send emails on your behalf after your confirmation
gmail.compose — create drafts in your Drafts folder
gmail.modify — mark read/unread, archive, label, move messages
gmail.labels — create and apply Gmail labels
gmail.settings.basic — vacation responder, signature, filters
contacts.readonly — look up a contact by name to resolve a recipient
contacts — save or update contact entries you ask Onyt to remember
tasks — sync reminders to your Google Tasks list
calendar.events — create, read, update, and cancel calendar events
calendar — list your calendars, create or share sub-calendars

You can disconnect your Google account at any time by messaging Onyt "disconnect Google".
Upon disconnection, your Google OAuth tokens are immediately revoked with Google and deleted from our systems.
You can also revoke access directly at myaccount.google.com/permissions.

5b. Google API Scopes Summary

The table below maps each Google permission Onyt may request to the user-facing feature it powers.

Scope	What it lets Onyt do	When it's used
`gmail.readonly`	Read your Gmail messages	When you ask about an email
`gmail.send`	Send an email on your behalf	When you confirm a send
`gmail.compose`	Create email drafts in your Drafts folder	When you ask to draft an email
`gmail.modify`	Mark read/unread, archive, label, move messages	When you ask to manage your inbox
`gmail.labels`	Create and apply Gmail labels	When you ask to label or organise email
`gmail.settings.basic`	Update vacation responder, signature, filters	When you ask to update Gmail settings
`contacts.readonly`	Look up a contact by name	When you mention someone in conversation
`contacts`	Save or update contact entries	When you ask to remember someone
`tasks`	Sync reminders to Google Tasks	When you set a reminder
`calendar.events`	Create, read, update, and cancel calendar events	When you ask about or manage your calendar
`calendar`	List calendars, create or share sub-calendars	When you ask about availability or calendar setup

5a. Microsoft Account Connection

You may optionally connect your Microsoft account to enable Outlook Mail, Calendar, and Contacts features. When you do:

We request only the minimum OAuth scopes required: Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, Contacts.ReadWrite, offline_access, openid, email, and profile.
You can disconnect your Microsoft account at any time by messaging Onyt "disconnect Microsoft".
Upon disconnection, your Microsoft OAuth tokens are immediately revoked with Microsoft and deleted from our systems.
You can also revoke access directly at account.live.com/consent/Manage.

6. Data Sharing

We do not sell your personal information. We may share data only in the following limited circumstances:

Infrastructure providers: AWS (cloud hosting and storage) and other sub-processors strictly necessary to operate the service. These providers are contractually bound to protect your data.
AI processing: Conversation content may be processed by AI model providers (e.g., Anthropic, OpenAI, Google) solely to generate responses. These providers are subject to their own privacy policies and data processing agreements.
Legal requirements: When required by applicable law, regulation, or valid legal process.
Safety: To protect the rights, property, or safety of My AI 4 Life, our users, or others.

7. Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of all personal data we hold about you.
Deletion: Request permanent deletion of your account and all associated data. Send STOP to Onyt on WhatsApp or iMessage — your data will be deleted immediately upon confirmation.
Rectification: Request correction of inaccurate personal data.
Portability: Request an export of your data in a machine-readable format.
Opt-out: Stop all communication and data processing at any time by sending STOP to Onyt on WhatsApp or iMessage, or email privacy@myai4.life.
Withdraw consent: Disconnect your Google account at any time without affecting your use of the core Onyt service.

To exercise any of these rights, send STOP or HELP to Onyt on WhatsApp or iMessage, or contact us directly at privacy@myai4.life. We will respond within 30 days.

8. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and Israel, we process your data under the following legal bases:

Contract performance: Processing necessary to provide the Onyt service you signed up for.
Consent: For optional features such as Google Calendar and Gmail integration, and for receiving proactive messages. You may withdraw consent at any time.
Legitimate interests: For service monitoring, security, and fraud prevention.
Legal obligation: When required by law.

9. AI Disclosure

Onyt is powered by artificial intelligence. All interactions with Onyt are with an AI system, not a human. This disclosure is provided in compliance with California SB 243 and the New York AI Companion Law. You have the right to know when you are interacting with an AI system. Onyt will always identify itself as an AI-powered service. A human concierge is available upon request.

10. Apple Messages for Business

When using Onyt through Apple iMessage, message delivery is facilitated by Apple's Messages for Business platform. Apple may process message metadata in accordance with Apple's privacy policy. We do not share your conversation content with Apple beyond what is necessary for message delivery.

11. Children's Privacy

Onyt is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at privacy@myai4.life and we will delete it promptly.

12. International Data Transfers

Your data is stored in the EU (AWS eu-north-1, Stockholm). When processing requires transfer to AI providers outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via WhatsApp, iMessage, or email before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued use of Onyt after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

Email: privacy@myai4.life
WhatsApp: Send HELP to Onyt
iMessage: Send HELP to Onyt on iMessage
Company: My AI 4 Life
Website: myai4.life