Privacy Policy

Last updated: April 29, 2026

This Privacy Policy describes how Del (“Del,” “we,” “us,” or “our”) collects, uses, and shares information when you use our website and services (collectively, the “Service”). Del is operated by an individual developer based in California, United States. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information you provide directly to us and information that is generated automatically when you use the Service.

  • Account information: name, email address, and authentication identifiers (managed via Supabase Auth) when you sign in.
  • Content: tasks, notes, and chat messages you create or import into the Service.
  • Google Calendar data: if you connect Google Calendar, calendar events and metadata obtained via the Google Calendar API. See Section 3 for details.
  • SMS data: if you link a phone number, your phone number, the contents of SMS messages you send to and receive from Del, and carrier delivery metadata. SMS is delivered via Telnyx.
  • Usage data: device type, browser, pages viewed, and interaction events used to operate and improve the Service. We use Vercel Analytics, which collects aggregated, privacy-friendly metrics without cross-site tracking cookies.

2. How We Use Information

  • To provide, maintain, and improve the Service.
  • To authenticate you and secure your account against unauthorized access.
  • To deliver the AI features you request, including generating suggestions, responding to your messages, and (where you have connected Google Calendar) reading and modifying calendar events on your behalf.
  • To communicate with you about the Service, including service updates and support.
  • To comply with legal obligations and enforce our Terms of Service.

3. Google User Data

When you connect Google Calendar to Del, we request the following OAuth scopes:

  • openid, email, and profile — to identify your Google account and read your basic profile info (name and profile picture).
  • https://www.googleapis.com/auth/calendar.calendarlist.readonly — to see the list of Google calendars you’re subscribed to, so Del knows which calendars to read and write.
  • https://www.googleapis.com/auth/calendar.freebusy — to see your availability (free/busy times) on the calendars you have access to.
  • https://www.googleapis.com/auth/calendar.events — to view and edit events on your calendars, so Del can show your schedule and create, update, or delete events when you ask.
  • https://www.googleapis.com/auth/gmail.modify — read and write access to your Gmail. We use the read access to summarize recent messages in your daily briefings and to give the Del assistant context when you message it, and we use the write access to let the assistant draft, send, reply to, label, and archive email on your behalf when you ask it to. This scope does not permit permanently deleting your messages.

How we access and use Google data: we read calendar events for the current day and the next 7 days to render your schedule and to provide context to the Del assistant when you message it. The assistant may also create, update, or delete calendar events when you ask it to (for example, “move my 3pm to tomorrow”). For Gmail, we read recent messages (by default those from the last 7 days) to produce your briefings and to give the assistant context, and we create, send, reply to, label, or archive messages only when you direct the assistant to do so. We store OAuth refresh tokens server-side so the Service can keep your calendar and email in sync.

How we store Google data: calendar events and Gmail messages themselves are fetched on demand and are not persisted to our database; only OAuth tokens and the fact that you have connected your Google account are stored.

How we share Google data: calendar event content and Gmail message content are shared with Google’s Gemini API when it is needed as context for an AI feature you have invoked (see Section 4). It is not shared with any other third party.

Limited Use compliance: Del’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or sell Google user data to third parties (including for advertising, retargeting, credit assessment, or data brokers), and we do not use Google user data to develop, improve, or train generalized AI or machine-learning models.

Disconnecting your Google account: you can disconnect your Google account at any time from Del’s integrations settings, which deletes the stored OAuth tokens (covering both Calendar and Gmail access). You can also revoke access directly at myaccount.google.com/permissions.

4. AI and Automated Processing

Del uses Google’s Gemini large language models to power features such as suggestions and SMS replies. To deliver these features, we send the relevant context to Gemini, which may include your tasks, notes, connected Google Calendar events, recent SMS conversation history, and the message you are submitting. When processing inbound SMS, Gemini may also use grounding tools provided by Google (web search, URL retrieval, code execution, and Google Maps) to answer your request; portions of your message may be sent to those tools.

We use Gemini under terms that prohibit using your data to train Google’s general-purpose models. We do not use Google user data, SMS content, or your tasks and notes to create, train, or improve any AI or machine-learning model beyond features personalized to your own account.

5. Actions Taken on Your Behalf

The Del assistant can take actions on your behalf in response to your instructions, including:

  • Creating, updating, completing, and deleting tasks and notes.
  • Creating, updating, and deleting Google Calendar events (when Google Calendar is connected).
  • Sending SMS replies to you from the Del number.

These actions are initiated by your messages. We log the actions taken so you can review them.

6. Sharing of Information

We do not sell your personal information. We share information only as described below:

  • Service providers (sub-processors): Vercel (application hosting and analytics, United States), Supabase (authentication and database hosting, United States), Google (Gemini AI processing, United States), and Telnyx (SMS delivery, United States). These providers process data on our behalf under confidentiality and data-protection obligations.
  • Integrations: when you connect a third-party service (such as Google Calendar), data is exchanged with that service as needed to perform the integration.
  • Legal reasons: to comply with applicable law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

7. Data Retention and Deletion

We retain your information for as long as your account is active. You can delete your account at any time from Del’s settings; account deletion takes effect immediately and removes your tasks, notes, chat history, SMS records, and stored Google Calendar OAuth tokens from our active systems. Routine encrypted backups may retain residual copies for a short period before being overwritten. We may retain limited records where required by law.

8. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS) and encryption at rest for our databases and backups. Inbound SMS webhooks are verified using Telnyx’s Ed25519 signature scheme. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Human Access to Your Data

We do not routinely read the contents of your tasks, notes, calendar events, or SMS messages. A human (the operator of Del) may access this data only when (a) you give us affirmative permission, for example by sharing a specific message while requesting support; (b) it is necessary to investigate a security incident or suspected abuse; (c) it is required by law; or (d) the data has been aggregated or de-identified for internal operations.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising these rights. We do not sell or “share” personal information for cross-context behavioral advertising. To exercise any of these rights, contact us at the email below.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12. International Users

Del is operated from the United States, and your information is processed and stored in the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. If we make a material change to how we use your data, we will notify you and, where required, obtain your consent before the change takes effect.

14. Contact

Questions about this Privacy Policy can be sent to hu.evan123@gmail.com.