Privacy Policy

Google API Services — Limited Use Disclosure

AUX's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Transfer Restrictions

AUX does not transfer Google user data to third parties except:

• As necessary to provide the scheduling and document features described above (for example, calendar event summaries are sent to Google Gemini solely for the purpose of generating conflict-free task schedules)
• As required by applicable law
• As part of a merger, acquisition, or asset sale, with prior notice to users

Human Access to Google User Data

Our team does not read or access your Google user data unless:

• You give us affirmative agreement (for example, when requesting technical support)
• It is necessary for security purposes (investigating abuse or security incidents)
• It is necessary to comply with applicable law

Revoking Google Access

You can revoke AUX's access to your Google account data at any time by visiting your Google Account permissions page and removing AUX. Revoking access will:

• Immediately stop AUX from accessing your Google Calendar and Google Drive
• Invalidate the stored OAuth tokens on our servers
• Not delete data already synced to our servers (for example, calendar event summaries previously used for scheduling). To delete all stored data, use the account deletion feature described in Section 6

1. Data We Collect

We organize the data we collect according to Apple's privacy nutrition label categories. Data marked Optional is collected only if you enable the related feature or integration.

1.1 Contact Info

Data	Collected	Purpose
Name	Yes	Account creation, personalization of AI responses
Email Address	Yes	Account creation, authentication, account recovery
Phone Number	Optional (WhatsApp)	Linking WhatsApp for messaging features

We do not collect your physical address.

Social Sign-In. You may create an account or log in using Sign in with Apple or Google Sign-In. When you do, we receive your name and email address from the provider to create or access your account. If you use Apple's "Hide My Email" feature, we receive an Apple relay email address instead of your personal email. If you sign in with a social provider using an email that matches an existing account, your social provider will be linked to that account automatically. We store the provider type and a provider-assigned user identifier to enable future sign-in; we do not store your social account password.

1.2 Health & Fitness (HealthKit — Read-Only)

With your explicit permission, we read the following data from Apple HealthKit (read-only — we never write to HealthKit):

Data	Purpose
Steps	Daily activity tracking, task recommendations
Active & Basal Energy Burned	Activity-aware scheduling
Walking/Running Distance	Fitness progress tracking
Heart Rate, Resting Heart Rate, HRV	Recovery and readiness insights
Sleep Analysis (total, deep, REM, light, quality)	Sleep-aware task scheduling
Workouts (type, duration, calories, heart rate, distance)	Automatic task verification
Weight & Height	Fitness goal context

Health and fitness data powers a primary, user-facing feature of the App: the Health Dashboard screen (accessible from Settings) and a Health card on the home screen. These surfaces display your sleep, activity, recovery, and energy data in real time. Health data also directly informs AI scheduling — adjusting task placement based on sleep quality, energy levels, and recovery state. Health data is used solely to improve your personal health management and productivity within the App. It is never used for advertising, marketing, or data mining. It is never sold to data brokers.

1.3 Location

Data	Collected	Purpose
Coarse Location (city-level, user-provided)	Optional	Weather-aware scheduling and context-aware suggestions

You may provide your home city or area during setup. We geocode this to approximate coordinates for weather forecasts and scheduling context. We do not request device GPS access. Location data is optional and stored only to provide weather-aware and context-aware features.

1.4 Identifiers

Data	Collected	Purpose
User ID (internal UUID)	Yes	Account management
Device ID (Apple IDFV)	Yes	Push notification delivery, device management
LinkedIn Member ID	Optional (LinkedIn)	Identifying your LinkedIn account for content posting
X/Twitter User ID and Username	Optional (X/Twitter)	Identifying your X account for content posting

We do not collect the Advertising Identifier (IDFA). We do not track you across other companies' apps or websites.

1.5 User Content

Data	Collected	Purpose
Chat messages	Yes	AI-powered coaching conversations
Goal descriptions (free text)	Yes	Personalized task generation
Task verification proofs (text)	Optional	Verifying task completion
Uploaded documents (PDFs, DOCX, text files)	Optional	Personalized knowledge base and AI context
Calendar events (Apple Calendar and/or Google Calendar)	Optional	Scheduling around commitments
Voice input transcripts	Optional	Voice interaction features
WhatsApp messages (if connected)	Optional	Messaging features
Social media posts (LinkedIn and X/Twitter)	Optional	Content drafted and posted on your behalf to connected social accounts

1.6 Financial Data

Data	Collected	Purpose
Bank account information (via Plaid)	Optional	Budgeting and productivity insights
Transaction history (via Plaid)	Optional	Financial wellness features

Financial data is collected only if you choose to connect a financial account through Plaid. We do not store raw bank credentials — Plaid handles authentication and provides us with access tokens and transaction data. We do not provide brokerage, investment, or banking services.

1.7 Email Data

Data	Collected	Purpose
Email content and metadata (via Gmail or Outlook)	Optional	Email drafting, search, and workflow automation
Email writing style analysis	Optional	Matching your tone and style in AI-drafted emails

When you connect Gmail or Outlook, we may analyze your sent emails to learn your writing style so AI-drafted responses match your voice. Writing style data is stored on our servers and used solely for your personalization.

1.8 Audio Data

Data	Collected	Purpose
Voice session audio (via LiveKit)	Optional	Real-time AI voice companion conversations
Speech-to-text transcripts	Optional	Voice input during onboarding and interactions

Voice audio is streamed in real time during active voice sessions and is not permanently stored as raw audio on our servers. Transcripts and AI responses derived from voice sessions may be stored as part of your conversation history. A visual indicator is displayed on screen when your microphone is active.

1.9 Usage Data

Data	Collected	Purpose
Product Interaction (task completions, feature usage, onboarding steps)	Yes	Improving recommendations, tracking your progress
Behavioral Events (task actions, AI suggestions, notification responses)	Yes	Personalizing AI coaching and schedule optimization
Focus Sessions (start/end, duration, interruptions)	Optional	Focus and productivity insights
Notification Interactions	Yes	Optimizing notification timing and content

1.10 AI-Derived Data

To provide personalized coaching, our AI system processes your data to extract and store:

Data	Purpose
Entities (people, projects, companies mentioned in conversations)	Building a knowledge graph for context-aware assistance
Behavioral patterns (productivity trends, energy patterns)	Adaptive scheduling and recommendations
Conversation summaries	Cross-session context for continuity
Vector embeddings (numerical representations of text)	Semantic search and relevance matching

This derived data is linked to your account, used solely for app functionality, and deleted when you delete your account.

1.11 Sensitive or Voluntary Profile Data

During onboarding, you may optionally provide:

Data	Purpose
Fitness level, age range, sex	Fitness personalization
Personality type and preferences	Communication style personalization

This data is provided voluntarily and is used only to personalize your experience within the App.

1.12 Diagnostics and Security Data

Data	Collected	Purpose
Crash logs and error metadata	Yes	Reliability and debugging
IP address and request metadata	Yes	Security, abuse prevention, rate limiting

We do not use third-party advertising SDKs. We do not use third-party analytics to track you across apps or websites.

1.13 Data We Do NOT Collect

• Advertising Identifier (IDFA)
• Contacts or address book
• Browsing history
• Credit or debit card numbers (Plaid handles financial authentication separately)
• Physical address
• Precise GPS coordinates from your device
• Biometric authentication data (Face ID / Touch ID are handled entirely by iOS)

2. How We Use Your Data

We use the data described above for these purposes:

1. Account Management — Creating and maintaining your account, authenticating you, and enabling account deletion.
2. AI-Powered Coaching — Generating personalized coaching responses based on your goals, health data, and conversation history.
3. Task Generation & Verification — Building daily task plans informed by your energy levels, goals, and progress, and verifying task completion using text proofs you submit.
4. Scheduling — When you connect your calendar (Apple Calendar, Google Calendar, and/or Outlook), we read your existing events to generate conflict-free task schedules and write task events so your AI-generated plan appears alongside your commitments.
5. Health & Wellness Insights — Using HealthKit data to power the App's Health Dashboard — a dedicated screen displaying your sleep duration and quality, heart rate and HRV recovery trends, step and calorie counts, recent workouts, and weekly trend charts. Health data also powers a Health card on the home screen showing today's steps, sleep, and AI-predicted energy level. Beyond display, health data informs AI scheduling: sleep data adjusts when cognitively demanding tasks are placed, energy predictions determine task ordering, and workout data auto-verifies fitness goals.
6. Email & Communication — Drafting emails matching your tone, searching emails, and automating messaging workflows (Gmail, Outlook, Slack, WhatsApp).
7. Financial Insights — Providing budgeting and financial wellness features (if Plaid connected).
8. Digital Wellness — Focus sessions and app blocking features via Screen Time / Family Controls (optional).
9. Push Notifications — Sending task reminders, streak milestones, motivational messages, and energy check-ins.
10. Voice Companion — Real-time AI voice conversations via LiveKit, with text-to-speech responses from ElevenLabs or Google Cloud TTS.
11. Knowledge Base — Storing documents, URLs, and notes you upload to improve the relevance of AI coaching responses.
12. Personalization — Extracting entities and patterns from your interactions to improve AI coaching over time.
13. Weather-Aware Scheduling — Using your stored home location to fetch weather forecasts and adjust scheduling recommendations.
14. Content Generation & Social Posting — Drafting social media posts and written content based on your goals, milestones, reflections, and app activity. The App learns your writing voice over time from your approvals, rejections, and edits to improve future drafts. When you connect LinkedIn or X/Twitter, the App can publish approved content directly to those platforms on your behalf.

We do not use your data for:

• Advertising or marketing to third parties
• Selling or renting to data brokers
• Building profiles for advertising purposes
• Tracking you across other apps or websites

3. Third-Party Data Sharing

We share user data with the following third-party services. Each is named explicitly per Apple's requirements and the Google API Services User Data Policy.

3.1 Google Gemini — AI Processing (Non-Google User Data)

• Provider: Google LLC (Gemini API, accessed directly)
• AI Model Used: Gemini 2.5 Flash
• Data Sent: Your profile context (name, persona, goals, schedule preferences), health metrics summaries, conversation history, and task context. Personally identifiable information (SSNs, credit card numbers, raw email addresses, phone numbers, physical addresses) is redacted before transmission.
• Purpose: Providing and improving the following user-facing features of the App: AI coaching conversations, personalized daily task plans, progress assessments, and contextual web search.
• Retention by Third Party: Google processes requests in real time. Refer to Google's AI Privacy Policy for their data retention practices.

3.2 Google Gemini — Scheduling Feature (Google Calendar Data)

• Provider: Google LLC (Gemini API, accessed directly)
• Data Sent: Calendar event summaries (event titles, times, and durations) obtained from Google Calendar via OAuth.
• Purpose: Providing and improving the App's scheduling feature. Calendar event summaries are sent to the Gemini API solely so the AI can generate task schedules that do not conflict with your existing calendar events. This data is not used for AI coaching conversations, personalization, or any other feature.
• Retention by Third Party: Refer to Google's AI Privacy Policy for their data retention practices.

3.3 Google Gemini — Task Verification

• Provider: Google LLC (Gemini API, accessed directly)
• Data Sent: Task title, task description, task category, and user-submitted proof content (text).
• Purpose: Providing the App's task verification feature, which confirms task completion using AI analysis.
• Retention by Third Party: Refer to Google's AI Privacy Policy for their data handling.

3.4 Google Calendar (Optional Integration)

• Provider: Google LLC (Google Calendar API)
• Scope Requested: auth/calendar.events — View and edit events on all your calendars.
• Data Accessed: Your Google Calendar event titles, times, durations, and attendees.
• Data Written: AUX creates, updates, and deletes task events in your Google Calendar so your AI-generated schedule appears alongside your existing commitments.
• How Data Is Stored: Calendar event summaries are stored on our servers solely to provide the App's scheduling feature. Google OAuth tokens are stored encrypted at rest on our servers (see Section 4).
• Purpose: Providing and improving the App's scheduling feature. AUX reads your existing events to generate conflict-free daily task plans and writes AUX task events to your calendar. Without calendar access, the App cannot avoid scheduling tasks during your meetings or other events.
• Retention by Third Party: Google stores data per their standard terms. You can revoke AUX's access at any time through your Google Account permissions.

3.5 Google Drive (Optional Integration)

• Provider: Google LLC (Google Drive API)
• Scope Requested: auth/drive.file — See, edit, create, and delete only the specific Google Drive files you use with this app.
• Data Accessed: Only files created by or opened with AUX. This scope does not grant access to your entire Google Drive.
• Data Written: AUX may create files in your Google Drive, such as AI-generated planning documents or goal summaries (as Google Docs format within Drive).
• How Data Is Stored: File metadata for app-created files may be stored on our servers solely to provide the App's document feature. Google OAuth tokens are stored encrypted at rest on our servers (see Section 4).
• Purpose: Providing and improving the App's document feature. AUX creates planning documents and goal summaries in your Google Drive so you can access, edit, and share AI-generated content alongside your existing files.
• Retention by Third Party: Google stores data per their standard terms. You can revoke AUX's access at any time through your Google Account permissions.

3.6 Gmail (Optional Integration)

• Provider: Google LLC (Gmail API)
• Data Sent: OAuth tokens, email content and metadata you authorize.
• Purpose: Email reading, drafting, sending, and writing style analysis for AI-drafted responses.

3.7 Firebase (Push Notifications)

• Provider: Google LLC (Firebase)
• Data Sent: Device identifiers, FCM tokens, APNs tokens, notification payloads.
• Purpose: Push notification delivery.
• Retention by Third Party: Firebase retains device tokens per Firebase's Privacy Documentation.

3.8 Social Sign-In Providers

• Google Sign-In
  • Provider: Google LLC
  • Data Received: Name, email address, and a unique account identifier via a verified ID token.
  • Purpose: Account creation and authentication.
• Sign in with Apple
  • Provider: Apple Inc.
  • Data Received: Name (first authorization only), email address (or Apple relay address if "Hide My Email" is used), and a unique account identifier via a verified identity token.
  • Purpose: Account creation and authentication.

We verify social sign-in tokens directly with Google and Apple — your credentials are never sent through intermediary services. We do not access your social media profiles, contacts, or any data beyond what is listed above.

3.9 Apple Push Notification service (APNs)

• Provider: Apple Inc.
• Data Sent: Device token, notification content.
• Purpose: Delivering push notifications on iOS.

3.10 Google Cloud Text-to-Speech

• Provider: Google LLC
• Data Sent: Text content for speech synthesis (task descriptions, AI responses).
• Purpose: Voice playback of AI-generated content (fallback provider).

3.11 LiveKit (Voice Companion)

• Provider: LiveKit, Inc.
• Data Sent: Real-time audio streams and session metadata during live voice sessions.
• Purpose: Real-time voice communication with your AI companion. Audio is streamed, not permanently stored.

3.12 ElevenLabs (Text-to-Speech)

• Provider: ElevenLabs, Inc.
• Data Sent: Text content to synthesize voice responses.
• Purpose: AI persona voice playback with persona-specific voice styles.

3.13 OpenAI (Audio Transcription)

• Provider: OpenAI, L.L.C.
• Service: Whisper API
• Data Sent: Audio files for transcription.
• Purpose: Speech-to-text conversion for voice features.

3.14 Microsoft Outlook (Optional Integration)

• Provider: Microsoft Corporation (Microsoft Graph API)
• Data Sent: OAuth tokens, email content, calendar events.
• Purpose: Email and calendar integration for Outlook users.

3.15 Slack (Optional Integration)

• Provider: Slack Technologies, LLC
• Data Sent: OAuth tokens and user-authorized data (channels, messages, user info, files).
• Purpose: Messaging and workflow automation you initiate.

3.16 Notion (Optional Integration)

• Provider: Notion Labs, Inc.
• Data Sent: OAuth tokens and user-authorized page/database content.
• Purpose: Saving notes, research, and workflows to Notion.

3.17 GitHub (Optional Integration)

• Provider: GitHub, Inc. (Microsoft)
• Data Sent: OAuth tokens and user-authorized data (notifications, issues, pull requests, repository content).
• Purpose: Development workflow features you initiate.

3.18 WhatsApp (Optional Integration)

• Provider: Meta Platforms, Inc. (WhatsApp Business API)
• Data Sent: Your phone number and message content.
• Purpose: Messaging features and proactive reminders, if enabled.

3.19 Plaid (Optional Financial Data)

• Provider: Plaid Inc.
• Data Sent: Account linking credentials (handled by Plaid's secure Link flow — we never see your bank password). Plaid provides us with access tokens, account metadata, and transaction history.
• Purpose: Financial wellness and budgeting features.
• Note: You can disconnect Plaid at any time in-app or via Plaid's portal. See Plaid's privacy policy at https://plaid.com/legal.

3.20 YouTube Data API

• Provider: Google LLC
• Data Sent: Search queries derived from your task context and goals (not your personal identity).
• Purpose: Video search, transcript retrieval, and learning recommendations.

3.21 Research and Search APIs

• Providers: Brave Software (Brave Search), Serper, NewsAPI
• Data Sent: Search queries derived from your task context (not your personal identity).
• Purpose: AI-assisted web research for task context and learning recommendations.

3.22 Resend (Transactional Email)

• Provider: Resend, Inc.
• Data Sent: Your email address and email content for transactional messages (password resets, account notifications).
• Purpose: Delivering account-related emails.

3.23 LinkedIn (Optional Integration)

• Provider: LinkedIn Corporation (Microsoft)
• Scopes Requested: profile, email, w_member_social, openid
• Data Accessed: Your LinkedIn display name, email address, profile picture URL, and member identifier.
• Data Written: AUX publishes posts to your LinkedIn feed on your behalf when you explicitly approve content for posting.
• How Data Is Stored: LinkedIn OAuth access tokens and your member identifier are stored on our servers. Tokens are never logged or transmitted in plaintext.
• Purpose: Publishing AI-generated content (goal updates, milestones, reflections) to your LinkedIn feed when you choose to share.
• Retention by Third Party: LinkedIn retains posted content per their standard terms. You can revoke AUX's access at any time through your LinkedIn Permitted Services settings.

3.24 X / Twitter (Optional Integration)

• Provider: X Corp.
• Scopes Requested: tweet.read, tweet.write, users.read, offline.access
• Data Accessed: Your X display name, username, and user identifier.
• Data Written: AUX posts tweets to your X account on your behalf when you explicitly approve content for posting.
• How Data Is Stored: X OAuth access tokens, refresh tokens, and your username are stored on our servers. Tokens are never logged or transmitted in plaintext.
• Purpose: Publishing AI-generated content (goal updates, milestones, reflections) to your X feed when you choose to share.
• Token Refresh: X access tokens expire after approximately 2 hours. We use your refresh token to automatically obtain new access tokens so the integration remains active without requiring you to reconnect.
• Retention by Third Party: X retains posted content per their standard terms. You can revoke AUX's access at any time through your X Connected Apps settings.

We Do NOT Share Data With:

• Advertising networks
• Data brokers
• Any other third parties not listed above

All third-party providers are contractually or by their published terms required to provide the same or equal protection of your data as described in this Privacy Policy. We do not share data with any provider that does not meet this standard.

4. Data Storage & Security

• Server Location: Your data is stored in Timescale Cloud (US-based) running PostgreSQL.
• Encryption in Transit: All data transmitted between the App and our servers, and between our servers and third-party APIs (including Google APIs), uses HTTPS/TLS encryption. Tokens and credentials are never transmitted in plaintext.
• Encryption at Rest: Database provider applies encryption at rest for stored data.
• Password Security: Passwords are hashed using bcrypt with salt rounds before storage. We never store plaintext passwords.
• Authentication: Sessions are managed with JSON Web Tokens (JWT) with expiration and refresh token rotation.
• Google OAuth Token Security: Google OAuth access tokens and refresh tokens are stored encrypted at rest in our PostgreSQL database. Tokens are never logged, never transmitted in plaintext, and are used only to make authorized API calls on your behalf for the integrations you have explicitly consented to. When you revoke access or delete your account, stored tokens are permanently deleted from our servers.
• Local Storage: Authentication tokens stored in iOS Keychain (encrypted, device-only). Preferences stored in AsyncStorage.
• Vector Embeddings: We generate numerical vector representations (embeddings) of your conversation memories and knowledge documents for semantic search. These are mathematical representations, not plaintext copies.
• PII Redaction: Personally identifiable information is redacted before being sent to AI processing services.

5. Data Retention

• Account Data: Retained for the lifetime of your account.
• Health Data: Daily summaries and metrics are retained for the lifetime of your account to enable trend analysis and personalized recommendations.
• Conversation History: Retained for the lifetime of your account to maintain context for AI coaching.
• Task History: Retained for the lifetime of your account for progress tracking and analytics.
• Verification Proofs: Retained for the lifetime of your account.
• Calendar Data: Synced calendar events (from Apple Calendar, Google Calendar, and/or Outlook) are retained and updated with each sync cycle.
• Google Drive Data: File metadata for app-created files is retained for the lifetime of your account. The files themselves are stored in your Google account, not on our servers.
• Google OAuth Tokens: Access and refresh tokens are retained for the lifetime of your Google integration. Tokens are deleted when you revoke Google access or delete your account.
• Financial Data: Plaid tokens and transaction data are retained for the lifetime of your Plaid connection.
• LinkedIn Data: OAuth access tokens and member identifier are retained for the lifetime of your LinkedIn integration (approximately 60 days per token; reconnection required when expired).
• X/Twitter Data: OAuth access tokens, refresh tokens, and username are retained for the lifetime of your X integration. Access tokens are automatically refreshed.
• AI-Derived Data: Entities, patterns, embeddings, and summaries are retained for the lifetime of your account.
• Operational Logs: Security and error logs are retained for up to 30 days for abuse prevention and troubleshooting.
• Cache Data: Routing and research cache automatically expires (typically within 1–7 days).
• After Account Deletion: All data associated with your account is permanently deleted from our servers, including all Google user data and OAuth tokens (see Section 6).

6. Account Deletion

You can delete your account at any time from the Settings screen in the app. When you delete your account:

1. All personal data is permanently deleted from our servers, including:
   • Your profile and onboarding data
   • All health and fitness data
   • All conversation history and vector embeddings
   • All tasks, verification proofs, and progress data
   • All calendar data (including Google Calendar event summaries)
   • All knowledge base content and embeddings
   • All behavioral data, patterns, and entity extractions
   • All notification preferences and device tokens
   • All OAuth tokens (Google, Slack, Notion, GitHub, Outlook, Plaid, LinkedIn, X/Twitter)
   • All financial data (Plaid tokens and transaction records)
2. Deletion is performed via a cascading database delete, meaning all related records across all tables are removed.
3. What we cannot delete:
   • Data already processed by third-party AI providers (Google Gemini, OpenAI) — refer to their privacy policies for retention and deletion practices.
   • Data already processed by third-party service providers (LiveKit, ElevenLabs, Plaid) subject to their retention policies.
   • Any data Apple retains independently (push notification logs, App Store purchase records).
4. If you used Google integrations, we recommend also revoking AUX's access in your Google Account permissions.
5. If you connected Slack, Notion, GitHub, Plaid, WhatsApp, LinkedIn, or X/Twitter, you should also revoke access in those providers' account settings.

7. Your Rights and Choices

Regardless of where you live, we provide the following rights to all users:

7.1 Right to Access

You can request a copy of the personal data we hold about you by contacting us at the email addresses listed above.

7.2 Right to Deletion

You can delete your account and all associated data at any time through the App (Settings > Delete Account), or by contacting us directly.

7.3 Right to Correction

You can update your profile information, goals, and preferences at any time within the App. For corrections to other data, contact us.

7.4 Right to Data Portability

You can request an export of your personal data in a machine-readable format by contacting us.

7.5 Right to Withdraw Consent

You can revoke any optional permission (HealthKit, Calendar, Notifications, Screen Time, Microphone, Speech Recognition, Siri) at any time through iOS Settings. Revoking a permission will stop future data collection for that category but will not automatically delete previously collected data. To delete previously collected data, use the account deletion feature or contact us.

7.6 Right to Revoke Google Access

You can revoke AUX's access to your Google account (Google Calendar and Google Drive) at any time by visiting your Google Account permissions page. This immediately stops all Google API access. To also delete Google user data already stored on our servers, use the account deletion feature or contact us.

7.7 Right to Disconnect Integrations

You can disconnect any optional integration (Gmail, Slack, Notion, GitHub, Plaid, Outlook, WhatsApp, LinkedIn, X/Twitter) from the app's integration settings at any time.

7.8 Right to Opt Out of AI Processing

If you wish to stop your data from being sent to third-party AI providers, you may delete your account. The core functionality of the App depends on AI processing, so selective opt-out of AI features while maintaining an account is not available.

California Residents (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the "sale" of personal information (we do not sell your personal information); and non-discrimination for exercising your privacy rights. To exercise these rights, contact us at the email addresses listed above.

8. Children's Privacy

AUX is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will delete that data.

9. HealthKit Data — Special Protections

In compliance with Apple's HealthKit guidelines:

• Health and fitness data obtained from HealthKit is never used for advertising or marketing.
• Health data is never sold to data brokers or any third party.
• Health data is never used for use-based data mining other than improving your personal health management within the App.
• Health data shared with AI providers (Google Gemini) is limited to aggregated summaries (e.g., "slept 7 hours," "walked 8,000 steps") and is sent solely for the purpose of generating personalized health and productivity recommendations.
• We do not store personal health information in iCloud.
• We do not write data to HealthKit.

10. Permissions We Request

Permission	Required	Purpose
Push Notifications	Optional	Task reminders, motivational messages, streak updates
HealthKit (read-only)	Optional	Health-aware scheduling and fitness tracking
Calendar (EventKit)	Optional	Scheduling tasks around existing events
Reminders (EventKit)	Optional	Creating task reminders in the iOS Reminders app
Microphone	Optional	Voice conversations with AI companion (LiveKit) and speech input
Speech Recognition	Optional	On-device voice-to-text transcription
Siri & Shortcuts	Optional	Voice command integration for quick task actions
Screen Time / Family Controls	Optional	App blocking during focus sessions (iOS 16+)
Alarms (AlarmKit)	Optional	Scheduling alarms, including during Do Not Disturb (iOS 26+)
Google Calendar (OAuth)	Optional	Providing the App's scheduling feature: reading events for conflict-free task plans; writing task events
Google Drive (OAuth, drive.file scope)	Optional	Providing the App's document feature: creating and managing app-generated planning documents
LinkedIn (OAuth)	Optional	Publishing AI-generated content to your LinkedIn feed when you approve it
X / Twitter (OAuth 2.0 with PKCE)	Optional	Publishing AI-generated content to your X feed when you approve it

You can deny any optional permission without losing access to the core features of the App. You can change iOS permissions at any time in iOS Settings. You can revoke Google permissions at any time through your Google Account permissions page. You can revoke LinkedIn access through your LinkedIn Permitted Services settings and X/Twitter access through your X Connected Apps settings.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email and/or in-app notification within 72 hours of becoming aware of the breach, consistent with applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other means before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: mayottekyle@gmail.com
• Email: rseals13@gmail.com

14. Apple App Store Privacy Nutrition Label Summary

Data Linked to You

• Contact Info (name, email, phone number if WhatsApp connected)
• Health & Fitness (all HealthKit metrics listed in Section 1.2)
• Identifiers (user ID, device ID, LinkedIn member ID, X/Twitter user ID)
• User Content (chat messages, goals, tasks, documents, verification proofs)
• Email Data (email content and writing style, if Gmail/Outlook connected)
• Calendar Data (events, titles, times)
• Financial Info (account and transaction data, if Plaid connected)
• Audio Data (voice session transcripts, if voice features used)
• Usage Data (product interaction, behavioral events, focus sessions)
• Diagnostics (crash and error data, performance data)
• Location (coarse — city-level, user-provided)

Data Used for App Functionality

All data collected is used for App functionality and personalization. No data is used for tracking or third-party advertising.

Data NOT Collected

• Advertising Identifier (IDFA)
• Browsing history
• Contacts
• Credit or debit card numbers
• Physical address
• Precise GPS coordinates

Data NOT Used to Track You

We do not track you across other companies' apps or websites. We do not collect the IDFA. We do not share data with advertising networks or data brokers.