Privacy Policy

Introduction

This Privacy Policy describes how PiPar - digital business partner ("we", "our", or "the App") collects, uses, stores, and protects your information when you use our mobile application. We are committed to protecting your privacy and handling your data with transparency and care.

PiPar is operated by Nex Oy, a company registered in Finland.

Information We Collect

Information You Provide

• Email Address: Used for account creation, authentication, and subscription management
• Google Account Information: When you grant permission, we access your Google Calendar data to enable AI assistant features
• User-Generated Content: Tasks, notes, documents, images, chat messages, and voice recordings that you create or upload to the App

Automatically Collected Information

• Usage Logs: Anonymized usage data including timestamps, AI service types used, request costs, and response latencies
• Subscription Information: Subscription type, expiration/renewal dates, and credit balance

How We Store Your Data

Local Storage

All your personal content is stored locally on your device, including:

• Chat history
• Notes and documents
• Tasks
• Images
• Synchronized Google Calendar data (when you grant calendar access)
• All user-created materials

This means your content remains on your device and is under your control.

Temporary Backend Storage

• Active Chat Sessions: The currently active chat conversation is temporarily stored in Redis on our backend server to enable real-time AI interactions
• Automatic Deletion: This temporary chat data is automatically deleted when you close the chat or when a session timeout occurs

Persistent Backend Storage

User Database (Google Firestore)

We maintain a user database containing:

• Email address
• Subscription type
• Subscription expiration/renewal date
• Credit balance

Note: We do not store your name, physical address, phone number, or other personal identifiers beyond your email address.

Log Database (Google PostgreSQL)

We maintain anonymized usage logs containing:

• Anonymized user token (cryptographic hash of email address)
• Timestamp
• AI service type and endpoint used
• Request cost
• Response latency

How We Use Your Information

We use the collected information for the following purposes:

1. Service Delivery: To provide task management, note-taking, document creation, and AI-powered features
2. Account Management: To manage your account and subscription
3. Service Improvement: To analyze usage patterns and improve application performance
4. Audit and Compliance: To investigate reports of improper use if flagged by AI service providers
5. Billing: To track API usage costs and manage subscription credits

Google Calendar Integration

PiPar uses the Google Calendar API to synchronize your calendar data with the app's local calendar. Here's how we handle your Google Calendar data:

What Calendar Data We Access

When you grant permission, PiPar synchronizes:

• Calendar events (titles, descriptions, dates, times, locations, attendees)
• Calendar metadata (calendar names, colors, time zones)
• Event changes, additions, and deletions for synchronization

How We Use Your Calendar Data

• Calendar Synchronization: Your Google Calendar is synchronized with PiPar's local calendar stored on your device
• AI Assistant Features: The AI assistant can access your synchronized calendar data to answer questions about your schedule, create events, and provide schedule-based insights
• Local Storage: Synchronized calendar data is stored locally on your device alongside your other app data
• Temporary Chat Context: Calendar information may be included in chat context when you ask calendar-related questions, and this is temporarily stored in Redis during the active chat session only
• No Backend Storage: Your calendar data is NOT permanently stored on our backend servers (only temporarily in Redis during active chats)
• Shared with AI Services: Calendar data is sent to AI service providers only when you ask calendar-related questions as part of the chat context

Your Control

• You can revoke PiPar's access to your Google Calendar at any time through your Google Account settings (https://myaccount.google.com/permissions)
• Revoking access will stop calendar synchronization and disable calendar-related AI features, but will not affect other app functionality
• Locally stored calendar data will remain on your device until you delete it or uninstall the app
• You can delete synchronized calendar data from within the app at any time
• We only access your Google Calendar data when synchronizing or when you use features that require it

Google API Services User Data Policy

PiPar's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Third-Party AI Services

The App integrates with the following AI service providers to deliver intelligent features:

• OpenAI
• Google Gemini
• Anthropic
• Mistral AI
• Together AI

Important Information about AI Services:

• We use non-free API endpoints from these providers, which means your chats are not used to train their AI models
• When you interact with AI features, your prompts and uploaded content (text, images, audio, documents) are sent to these services for processing
• Each AI provider has their own privacy policy governing how they handle data sent through their APIs
• We recommend reviewing the privacy policies of these services:
  • OpenAI Privacy Policy
  • Google Privacy Policy
  • Anthropic Privacy Policy
  • Mistral AI Privacy Policy
  • Together AI Privacy Policy

Data Retention

• Local Data: Remains on your device until you delete it (includes synchronized calendar data)
• Active Chat Data: Automatically deleted from Redis when the chat session ends or times out (may include calendar information if discussed during the chat)
• User Account Data: Retained while your account is active and for 30 days after account deletion for backup purposes
• Usage Logs: Retained for 90 days for auditing and performance analysis purposes, then automatically deleted

Data Security

We implement appropriate technical and organizational measures to protect your data:

• Local data is protected by your device's security features
• Backend data is stored on secure Google Cloud infrastructure (Firestore and PostgreSQL)
• Temporary chat data in Redis is encrypted in transit and automatically purged
• User identifiers in logs are anonymized through cryptographic hashing
• All communications between the App and backend services use encryption

Your Rights

You have the following rights regarding your data:

• Access: Request a copy of your data stored on our backend
• Deletion: Request deletion of your account and associated backend data
• Rectification: Update your email address or subscription information
• Data Portability: Export your locally stored content at any time
• Opt-out: Discontinue use of the service at any time

To exercise these rights, please contact us at pipar@nexii.fi.

Children's Privacy

Our App is not intended for children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

International Data Transfers

Your data may be processed on servers located in different countries where our infrastructure providers (Google Cloud Platform) and AI service providers operate. This may include transfers outside the European Economic Area (EEA).

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• Google Cloud Platform provides GDPR-compliant data processing agreements
• AI service providers operate under standard contractual clauses or adequacy decisions
• Data is encrypted in transit and at rest

By using PiPar, you acknowledge and consent to these international data transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

Third-Party Services

In addition to AI services, we use the following third-party services:

• Google Cloud Platform: For backend infrastructure (Firestore, PostgreSQL, Redis)
• Google Calendar API: For accessing your calendar data when you grant permission to enable calendar-related AI features

Legal Basis for Processing (GDPR)

As a company based in Finland, we comply with the General Data Protection Regulation (GDPR). Our legal basis for collecting and using your information depends on the data and context:

• Contract Performance: Processing necessary to provide the service you requested (account management, subscription handling, service delivery)
• Legitimate Interest: Processing for service improvement, security, and performance optimization
• Consent: Processing of data sent to AI services for analysis and feature delivery. You provide this consent when you use AI features
• Legal Obligation: Retaining logs for audit purposes when legally required or when AI service providers report potential misuse

Your GDPR Rights

As an individual in the European Economic Area, you have the following rights:

1. Right of Access: Request confirmation of what personal data we process and obtain a copy
2. Right to Rectification: Request correction of inaccurate personal data
3. Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
4. Right to Restriction of Processing: Request limitation of processing under certain circumstances
5. Right to Data Portability: Receive your data in a structured, commonly used format
6. Right to Object: Object to processing based on legitimate interests
7. Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
8. Right to Lodge a Complaint: File a complaint with your national data protection authority

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: