Privacy Policy

1. Introduction

Everything Bot is operated by Fyrd Technology Ltd, trading as Relevant Labs (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI assistant service, website, and related applications (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use the Service.

For UK GDPR and EU GDPR purposes, Fyrd Technology Ltd (trading as Relevant Labs) is the data controller for personal data described in this policy. You can contact us at [email protected].

2. Information We Collect

2.1 Account Information

When you create an account, we may collect your name, email address, and authentication credentials. If you sign in via a third-party provider (e.g. Google, GitHub), we receive the profile information you authorise that provider to share.

We also store your product update subscription preference (opted in or opted out). If you opt in, your email address is stored in our product updates subscriber list. If you opt out, your email is removed from that list.

2.2 Messages & Instructions

Everything Bot processes the messages and instructions you send it through connected chat platforms (such as WhatsApp, Telegram, iMessage, Discord, and Slack). We process these messages solely to provide and improve the Service.

2.3 Connected Service Data

When you connect third-party services (e.g. Gmail, Google Calendar, Spotify, smart home devices), Everything Bot accesses data from those services only as needed to carry out your instructions. We do not store the contents of your emails, calendar events, or other third-party data beyond what is necessary for the immediate task, unless you explicitly ask us to remember something.

2.4 Memory & Preferences

Everything Bot maintains a persistent memory of your preferences, routines, and past interactions to personalise the Service. You can view, edit, or delete any stored memory at any time by asking Everything Bot to do so.

2.5 Usage Data

We automatically collect certain technical information including your IP address, device type, browser type, operating system, referring URLs, and interactions with the Service. This data is used for analytics, security, and service improvement.

2.6 Cookies

We use essential cookies to maintain your session and security. Any analytics or marketing cookies are optional and only enabled when you provide consent through our cookie banner.

You can update or withdraw your cookie consent at any time using Cookie Preferences in the website footer.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Carry out your instructions - including managing emails, calendar events, bookings, purchases, and other tasks
• Personalise your experience by learning your preferences and routines
• Send you proactive reminders, alerts, and daily briefings
• Communicate with you about your account and the Service
• Send product update and marketing emails only when you have opted in
• Detect, prevent, and address security issues and abuse
• Improve and develop new features
• Comply with legal obligations

3.1 Lawful Bases

Where GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract (providing your account, agent operations, billing, and support)
• Legitimate interests (service security, reliability, abuse prevention, and product improvement)
• Consent (non-essential cookies, product updates, and other optional communications)
• Legal obligation (compliance with tax, accounting, and regulatory obligations)

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Third-party services you connect: When you instruct Everything Bot to interact with a third-party service (e.g. send an email via Gmail, book a flight), we transmit the necessary data to that service to fulfil your request.
• AI model providers: Your instructions are processed by AI language models. We send the minimum data required to generate a response. We do not permit our AI providers to use your data for training purposes.
• Service providers: We use trusted service providers for hosting, analytics, and infrastructure. These providers are bound by contractual obligations to protect your data.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

We maintain data processing terms with relevant vendors and require equivalent data protection safeguards where legally required.

5. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We apply retention periods based on data category and legal need.

• Account and settings data: retained while your account is active and deleted after account closure, subject to legal retention obligations
• Operational logs and security events: retained for security monitoring, fraud prevention, and incident response for a limited period
• Marketing/product update preferences: retained until you withdraw consent or close your account
• Backups: deleted on rolling schedules after production deletion events

If you delete your account, we aim to delete or anonymise personal data within 30 days, except where retention is required by law.

7. Google User Data (OAuth and Google APIs)

This section explains specifically how Everything Bot accesses, uses, stores, and shares Google user data when you connect Google services (such as Gmail and Google Calendar).

7.1 Data We Access

When you authorise Google access, we may access:

• Basic account profile details provided by Google (for example, name and email address)
• Gmail metadata and message content required to perform the actions you request (for example, drafting, sending, reading, or searching emails)
• Google Calendar metadata and event content required to perform the actions you request (for example, creating, updating, or listing events)

We request only the Google scopes needed for the features you choose to use.

7.2 How We Use Google User Data

• To provide user-facing features you request, such as managing email and calendar tasks through the assistant
• To improve reliability and safety of those user-facing features (for example, debugging, abuse prevention, and error monitoring)

We do not use Google user data for targeted advertising, profiling for ads, selling data, or training general-purpose AI models.

7.3 How We Store and Protect Google User Data

• OAuth tokens are stored encrypted at rest and transmitted using TLS
• Access to Google-connected data is restricted to authorised systems and personnel with a legitimate need
• We store Google data only as long as required to provide requested functionality and maintain security/integrity obligations

Where possible, we process Google data ephemerally and avoid persisting message/event content beyond what is needed for the task you asked us to perform.

7.4 How We Share Google User Data

We do not sell Google user data. We may share it only:

• With Google services themselves when carrying out your explicit instruction (for example, sending an email you asked us to send)
• With trusted subprocessors (such as hosting/infrastructure providers) strictly as needed to operate the Service, under contractual confidentiality and security obligations
• If required to comply with applicable law, regulation, or valid legal process

We do not transfer Google user data to third parties for independent marketing or advertising purposes.

7.5 Retention, Revocation, and Deletion for Google Data

• You can revoke Google access at any time from your Google account permissions settings.
• You can request deletion of Google-connected data by contacting [email protected]
• After revocation or account deletion, we delete or anonymise associated Google user data within our standard deletion windows, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data (“right to be forgotten”)
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent at any time

To exercise any of these rights, contact us at [email protected].

We may need to verify your identity before fulfilling requests. Where required by law, we will typically respond within one month.

You can opt out of product update emails at any time from your account settings. You may also opt back in later if you choose.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO). If you are in the EEA, you may contact your local supervisory authority.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete that information promptly.

10. International Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), UK transfer mechanisms where applicable, and equivalent contractual protections, to protect your data in accordance with this policy.

11. Automated Decision-Making

We use AI systems to help generate responses and execute requested tasks. We do not intentionally perform solely automated decision-making that produces legal or similarly significant effects on you without meaningful human oversight.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, sending you a notification through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Operated by: Fyrd Technology Ltd, trading as Relevant Labs