Privacy Policy Final Audit v5

Last Updated: April 23, 2026

1. Introduction

AI Planner ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we handle your data, with a specific focus on our Zero Storage Architecture and our strict adherence to Google API policies. By using AI Planner (accessible from https://planner.analogdigital.tech/), you agree to the collection and use of information in accordance with this policy.

2. Zero Storage Architecture

Core Principle: Your Data is Transient.
Unlike traditional cloud applications, AI Planner does not store your journal entries, planner pages, or images on our servers.

• In-Memory Processing: When you upload an image, it is streamed directly into the temporary memory (RAM) of our processing function.
• Immediate Deletion: Once the AI analysis is complete and the data is synced to your accounts (Notion/Google), the image buffer is immediately wiped from our memory.
• No Persistent Storage: We do not write your images to a database or a storage bucket (AWS S3/Google Cloud Storage).

3. Data Collection & Diagnostics

In addition to your account information, we temporarily collect diagnostic data to ensure the application runs smoothly:

• Crash Diagnostics: If an error occurs in the browser, our application automatically captures the error stack trace, the URL, and your email address, securely transmitting this data to Google Cloud Logging. This personally identifiable information is used strictly by our developers to identify and resolve critical bugs and is never used for marketing.

4. Google Integrations & Limited Use Policy

While using Our Service, you may choose to connect your Google account to enable the core scheduling and tracking features. We only request the minimum permissions necessary to operate the application:

• Google Calendar: To insert new, AI-generated events and reminders into your calendar. When the "Calendar Duplicate Prevention" setting is enabled (the default), we also read the titles and start times of your existing events for the specific planner date to avoid creating duplicates. You can disable this in Advanced Settings. We do not scan, analyze, or extract content from any other dates or events.
• Google Tasks: To sync and manage your daily to-do lists. When the "Tasks Duplicate Prevention" setting is enabled (the default), we read existing task titles for the specific planner date before inserting new tasks. You can disable this in Advanced Settings. We do not access tasks from other dates or task lists.
• Google Drive: To create and edit specific files generated by the app, such as the Expense and Health tracking spreadsheets. We only access files created directly by the AI Planner.

Google API Services User Data Policy (Limited Use):
AI Planner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We do not sell your Google data (Calendar, Tasks, or Drive files).
• We do not use your data for serving advertisements.
• Your data is strictly utilized to provide the automated scheduling, task-syncing, and data-logging functionalities of this application.

5. Data Sharing, Transfer, and AI/ML Model Training Disclosure

We do not sell, rent, or trade your personal information or Google Workspace data to any outside parties. We only transfer data to trusted third-party infrastructure and service providers strictly for the temporary purpose of processing your planner images to provide the core application features.

• Default AI Processing Models: By default, AI Planner utilizes Google's Gemini models for rapid handwriting extraction. We currently prioritize the Gemini 2.5 Flash / Flash-Lite architectures. However, to ensure a seamless experience, our systems dynamically switch between different secure enterprise model versions based on real-time metrics such as processing speed, cost-efficiency, server uptime, and stability. Regardless of the specific model version used at any given time, your data remains strictly governed by the Zero Training and Zero Storage guarantees outlined in this policy.
• Custom AI Providers (BYOK): If you configure a custom Bring Your Own Key (BYOK) provider via our Universal AI Adapter (e.g., DeepSeek, Groq, Mistral, OpenRouter, Cohere, Perplexity, Together.ai, HuggingFace, Azure OpenAI, or Local/Ollama models), your data is securely routed to them and bounded by their specific privacy and data usage terms.
• AI/ML Model Training Disclosure: We strictly prohibit the use of your Google Workspace data (including Calendar events, Tasks, and Drive files) to train, improve, or fine-tune generalized artificial intelligence or machine learning models. Your data is never used for training purposes by us or our third-party AI providers.

6. Data Protection Mechanisms for Sensitive Data

We implement robust, multi-layered security measures to maintain the safety of your sensitive personal information and Google data:

• Encryption in Transit: All communications between your browser, our application, and Google/Notion servers are fully encrypted using modern TLS/HTTPS protocols.
• Encryption at Rest: Your account integrations (like Notion API keys) and Cloud-saved BYOK keys are encrypted with AES-256-GCM before storage. The encryption key is managed via Google Cloud Secret Manager / Cloud KMS and is never exposed in plaintext.
• Secure Access: We utilize secure OAuth 2.0 token-based authentication. We never see, process, or store your Google account password. On the web application, OAuth tokens are kept in memory only and are never saved to browser storage. On the mobile application, tokens are safely stored in the device's native encrypted Keychain/Keystore (SecureStore) and are cleared upon logout.

7. Third-Party Processors

• Notion (Sync Destination): We upload the original image file of your handwritten planner, along with the extracted text, directly to your Notion workspace using the Notion API. Once uploaded, the image file and data reside on Notion's servers and are governed by Notion's Privacy Policy.
• Content Delivery Networks (CDNs): We use third-party CDNs (including jsDelivr, Google Fonts, Flaticon, and Unsplash) to serve static user interface assets. When your browser requests these assets, these services automatically receive your IP address and standard browser fingerprinting data as a fundamental function of web traffic.

8. Data We Persist

Important: While images and calendar data are never stored on our servers, we do persist necessary account state and telemetry in our secure database:

• Email Address & Name: Stored securely to authenticate and identify your account.
• Usage & Gamification Metrics: We store platform usage metrics including your subscription tier status, sync quotas, booster credits, and gamification stats (such as current streak, highest streak, and total images processed), as well as internal sync timing fields (last sync date, daily sync count, and subscription cycle date) used to power streak tracking and billing logic.
• Sync Activity Logs: We maintain a log of your sync events (timestamp, sync type, image count, and success/failure status, including brief summary messages) to power your dashboard history. These logs are permanently deleted when you delete your account.
• Integration Keys & Identifiers: Notion keys and BYOK API keys saved in "Cloud KMS" mode are encrypted with AES-256-GCM and securely stored in Firestore. We cannot fundamentally read these without the Secret Manager key. We also store your Google Drive Spreadsheet ID (a non-sensitive file identifier used to locate the AI Planner Data tracking spreadsheet in your Google Drive) and your Notion Database ID for routing purposes. If you use BYOK "Session-Only" mode, the key is securely transmitted over HTTPS for the duration of the sync and is never written to our database.
• Local Browser Storage: We store your UI theme preference (e.g., dark mode) in your browser's local storage (localStorage) as a convenience setting.
• Session-Only BYOK Keys: If you utilize the "Session-Only" mode for your Bring Your Own Key (BYOK) integrations, your custom API key is never stored in our database. It is securely transmitted over HTTPS directly to our server's memory only for the duration of the sync request. Between syncs, it is kept securely in your browser's temporary memory (sessionStorage) and is automatically and permanently erased by your browser the moment you close the tab or window.

9. User Rights & GDPR Compliance

Your image content deletes itself automatically from our servers after every sync (Zero Storage). For your persisted account data, you have the right to:

• Export Data: Download a JSON file of all data we hold about you via your dashboard.
• Delete Account: Permanently delete your email, metrics, logs, and encrypted keys from our database instantly via the dashboard. This also removes your Firebase Authentication identity record, completing a full GDPR Article 17 erasure.
• Revoke Access: You may revoke our access to your Google accounts at any time via your Google Account Permissions page, and Notion access via your Notion Integrations page.

10. Contact Us

If you have any questions about this Privacy Policy or your data, you can contact us by email: support@analogdigital.tech