Privacy Policy - AI Planner

1. Introduction

AI Planner ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we handle your data, with a specific focus on our Zero Storage Architecture.

By using AI Planner, you agree to the collection and use of information in accordance with this policy.

2. Zero Storage Architecture

Core Principle: Your Data is Transient.

Unlike traditional cloud applications, AI Planner does not store your journal entries, planner pages, or images on our servers.

In-Memory Processing: When you upload an image, it is streamed directly into the temporary memory (RAM) of our processing function.
Immediate Deletion: Once the AI analysis is complete and the data is synced to your accounts (Notion/Google), the image buffer is immediately wiped from memory.
No Persistent Storage: We do not write your images to a database or a storage bucket (AWS S3/Google Cloud Storage).

3. Data Collection & Usage

We collect and process the following types of information:

A. Personal Information

We collect your email address via Google Sign-In solely for authentication purposes and to identify your user preferences (like your Notion API keys).

B. User Content

Images of your handwritten planners are processed solely to extract structure data (tasks, events, expenses). This data is passed to the AI model and then discarded.

4. Third-Party Processors

To provide our service, we transmit data to the following trusted third-party providers. We do not control how these providers process data, but we use them in accordance with their standard API terms.

Third-Party AI Models (e.g., Google Gemini)

We process your data using enterprise-grade AI providers. We currently use Google Gemini, but may switch to other providers (like OpenAI or Anthropic) to improve performance. We only select providers whose API terms explicitly prohibit using your data to train their models.

Notion (Sync Destination)

We upload images directly to your Notion workspace using the Notion API. Once uploaded, the data resides on Notion's servers and is governed by Notion's Privacy Policy.

Google Workspace (Calendar/Tasks/Drive/Sheets)

We use read/write access to your Google Calendar and Tasks to sync your schedule. For the Evening Sync feature, we also request minimal Drive and Sheets access to automatically initialize and append to an "AI Planner Data" spreadsheet for your expenses and health tracking. We do not store your calendar or spreadsheet data.

5. Security

We implement multiple layers of security:

Encryption in Transit: All data transmitted over HTTPS.
Encryption at Rest: Your Notion API keys are encrypted with AES-256-GCM before storage. The encryption key is managed via Google Cloud Secret Manager and never exposed in code.
Content Security Policy: Strict CSP headers prevent cross-site scripting (XSS) attacks.
Firestore Access Control: Your account data is read-only from the client. All writes go through authenticated server-side functions.
Token Management: OAuth tokens are kept in memory only and are never saved to browser storage.

6. Data We Persist

Important: While images are never stored, we do persist minimal account data.

Email Address: Stored in Firestore to identify your account.
Notion Integration Keys: Encrypted with AES-256-GCM and stored in Firestore. We cannot read these without the Secret Manager encryption key.
No images, journal text, calendar data, or planner content is ever stored.

7. GDPR Compliance (EU Users)

For users in the European Economic Area (EEA):

Legal Basis: We process data based on your Consent (granted when you sign in and use the service). You may withdraw consent at any time by revoking access via your Google Account settings.
Data Controller: AI Planner Project (Contact: officialshoubhiksaha@gmail.com)
Data Processors: Google Cloud (hosting, AI, auth), Notion (journal storage). We rely on their standard Data Processing Addendums.
International Transfers: Your data is processed in the United States (Google Cloud us-central1). We rely on Google's Standard Contractual Clauses for lawful transfer.
Right to Erasure: Image content is erased automatically (Zero Storage). To delete your account data (email + encrypted keys), use the 🗑️ Delete Account button in your dashboard. Deletion is instant.
Right to Access: Use the 📦 Export Data button in your dashboard to download a JSON file of all data we hold about you.
Data Retention: Account data is retained as long as your account is active. Inactive accounts may be purged after 12 months of no activity.

8. User Rights (Self-Service)

Your image content deletes itself automatically after every sync (Zero Storage).

For your account data, use the buttons in your dashboard:

📦 Export Data: Download a JSON file of all data we hold about you.
🗑️ Delete Account: Permanently delete your email and encrypted keys from our database.
Revoke Google access via Google Account Permissions.
Revoke Notion access via your Notion Integrations page.