Privacy Policy

Effective date: April 18, 2026

Full legal terms → /mykal/pages/legal/privacy-policy.html (the GDPR/CCPA-compliant notice; the short version below is a plain-language summary).

mykal is designed to be transparent about what it stores and why. This page is the authoritative description; where DEV_GUIDE §20 (sessionStorage for tokens) differs from product copy elsewhere, DEV_GUIDE wins.

1. Data we store

• Your account identity via ecosystem SSO (user id, email, name).
• Routine task text you type into the Inbox.
• Scheduling decisions (inputs + outputs + cost), retained 90 days in full.
• Reminder delivery logs, retained 180 days.
• OAuth tokens for your connected calendars, Fernet-encrypted at rest.
• Webhook signing secrets, Fernet-encrypted at rest.
• Audit events for security-relevant actions, retained per platform policy.

2. Data we do NOT store

• Your calendar event titles, unless you explicitly enable "Use titles for context".
• Access tokens in browser localStorage. (Sessions use secure HTTP-only cookies only.)
• Third-party analytics beacons. mykal ships with no Google Analytics, no Facebook pixel, no trackers.

3. How we use your data

Your routine text and calendar free/busy are sent to the LLM provider you choose (Claude or OpenAI) solely to produce a scheduling decision. We do not train models on your data. We do not sell or share data with advertisers.

4. Third parties

• Anthropic (Claude) — receives task text and free/busy windows at schedule time.
• OpenAI — same, when you choose OpenAI as the LLM provider.
• Google Calendar API — receives events mykal writes on your behalf.
• Microsoft Graph — same, for Outlook integration.
• Amazon SES / SMTP — delivers email reminders.

5. Your rights

• Export: Settings -> Danger zone -> Export my data. Delivered within minutes as ICS + JSON.
• Delete: Settings -> Danger zone -> Delete all routine tasks (or contact support for full account deletion).
• Correct: Edit your profile or raw task text any time in the UI.
• Disconnect: Integrations -> Disconnect revokes the OAuth token and unregisters subscriptions.

6. Security

Sensitive fields (OAuth tokens, webhook secrets) are encrypted with Fernet before reaching the database. Keys are rotated via a two-key window. Transport is TLS 1.2+. Row-level security on every tenant-scoped table prevents cross-tenant leakage.

7. Contact

For privacy requests: privacy@otrotl.com.