Privacy Policy

Last updated: March 29, 2026

1. Overview

This application ("Joolia PA") is a personal assistant tool for private use. It connects to third-party services on your behalf to manage emails, calendar events, tasks, contacts, and messaging. This policy explains what data is collected and how it is used.

2. Data We Collect

  • Account information — your name, email address, and hashed password for authentication.
  • Email data — email metadata (sender, subject, snippet, category) from connected Gmail accounts. Full email bodies are fetched on demand and cached.
  • Calendar data — event titles, times, and locations from connected Google Calendar accounts.
  • Contacts — names, phone numbers, and email addresses synced from Google Contacts.
  • Conversations — messages exchanged with the assistant via WhatsApp or web chat, including voice message transcriptions.
  • Tasks and memories — tasks you create and facts the assistant learns about your preferences and context.
  • Engagement data — which emails you open, delete, or reply to, used to improve email classification.

3. How We Use Your Data

Your data is used solely to provide the personal assistant service:

  • Classifying and summarising emails
  • Managing tasks, calendar events, and reminders
  • Sending messages on your behalf (with your explicit instruction)
  • Remembering your preferences and context across conversations
  • Improving email classification accuracy based on your corrections

Your data is never sold, shared with advertisers, or used for any purpose other than operating this application for you.

4. Third-Party Services

The application connects to the following services using your credentials:

  • Google APIs (Gmail, Calendar, Contacts) — via OAuth2. Tokens are stored encrypted and auto-refreshed.
  • Meta WhatsApp Business API — for sending and receiving WhatsApp messages.
  • Anthropic Claude API — for AI-powered conversation, email classification, and summarisation. Conversation content is sent to Anthropic for processing.
  • OpenAI Whisper API — for transcribing voice messages. Audio data is sent to OpenAI for processing.
  • Brave Search API — for web search queries. Search terms are sent to Brave.

5. Data Storage and Security

  • Data is stored in a PostgreSQL database hosted on Railway with TLS encryption in transit.
  • Passwords are hashed using bcrypt (cost factor 12).
  • API authentication uses Bearer tokens and JWT sessions.
  • WhatsApp webhooks are verified using HMAC-SHA256 signatures.
  • The application is served over HTTPS.

6. Data Retention

Your data is retained for as long as your account is active. You can delete individual memories, tasks, and emails from the dashboard at any time. To request full data deletion, contact the application administrator.

7. Your Rights

You can:

  • View all data stored about you via the dashboard (Memory, Tasks, Inbox)
  • Edit or delete memories, tasks, and emails
  • Disconnect third-party integrations at any time
  • Request a full data export or deletion

8. Contact

For questions about this privacy policy or your data, contact the application administrator.

← Back to login