Privacy Policy
Galvence is a personal AI assistant that remembers things, sets reminders, and handles calendar tasks on your behalf. This policy explains what data we collect, why, and how we protect it.
1. Who we are
Galvence is operated by M2R OÜ, a company registered in Estonia (registry code 16972633), with its registered address at Kooli tee 1-12, Ilmatsalu, Tartu County, 61401, Estonia.
For any questions about this policy or your personal data, contact us at [email protected].
2. What data we collect
Account data
When you create an account, we collect your email address, date of birth, and a password (stored as an irreversible hash). If you sign in with Google, we receive your name and email from Google.
Conversation data
The messages you send and the responses the assistant generates. This includes memories the assistant stores on your behalf (things you ask it to remember), people and life events you tell it about, reminders you set, and the assistant's internal daily notes.
Google Calendar data
If you choose to connect your Google account, the assistant can read and create calendar events on your behalf. We access only the data needed to fulfil your requests — we do not scan, index, or store your calendar beyond what is necessary to complete the specific action you asked for.
Technical data
Your IP address (for rate limiting and abuse prevention), browser type, and the CSRF token Django sets for form security. We do not use analytics cookies, advertising cookies, or any form of cross-site tracking.
3. Why we collect it and our legal basis
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Account data | Create and manage your account, authenticate you | Contract performance (Art. 6(1)(b)) |
| Conversation data | Provide the assistant service — generate responses, store memories, set reminders | Contract performance (Art. 6(1)(b)) |
| Google Calendar | Read and manage calendar events — only when you explicitly connect and request it | Consent (Art. 6(1)(a)) |
| Technical data | Security, abuse prevention, service reliability | Legitimate interest (Art. 6(1)(f)) |
4. How we use your data
- Generating AI responses to your messages
- Storing things you ask the assistant to remember
- Setting and delivering reminders at the times you specify
- Reading and creating calendar events when you ask
- Sending you notification emails (reminders, account verification)
- Maintaining the security and reliability of the service
We do not use your data for advertising, profiling, or selling to third parties. We do not build behavioural profiles. We do not train AI models on your conversations.
5. Who receives your data
| Recipient | What they receive | Why | Location |
|---|---|---|---|
| Anthropic | Conversation messages (per request) | AI response generation via the Claude API | United States (SCCs) |
| OAuth tokens, calendar data | Calendar integration (only when you connect) | United States (SCCs) | |
| Stripe | Payment details | Subscription billing | United States (SCCs) |
| Railway | All application data (hosting) | Infrastructure — servers and database | EU (Amsterdam) |
| Resend | Email address, email content | Transactional email delivery (reminders, verification) | United States (SCCs) |
About Anthropic: Your conversations are sent to Anthropic's Claude API to generate AI responses. Anthropic does not store your data beyond a 7-day window used solely for abuse monitoring. Anthropic does not train its models on data sent through the commercial API. The transfer is covered by Standard Contractual Clauses (SCCs), the GDPR-approved mechanism for EU-to-US data transfers.
Prompt caching: To make responses faster and reduce the cost of running Galvence, Anthropic temporarily caches portions of the data we send — typically your assistant's instructions, our tool definitions, and recent conversation context. Cached content is held for up to a few minutes per cache entry and is then deleted. Caching does not change what we send or who has access to it; it only changes how long Anthropic keeps a working copy during active use. Your data is never used to train Anthropic's models.
6. How we protect your data
We take appropriate technical and organisational measures to protect all personal data, including Google user data accessed through our Calendar integration.
- Encryption in transit: All connections to Galvence use HTTPS (TLS). Data sent between your browser, our servers, and Google's APIs is encrypted in transit.
- Secure storage: Your data, including Google OAuth tokens, is stored in our database hosted in the European Union (Railway, Amsterdam). Our infrastructure provider encrypts data at rest.
- Access controls: Google Calendar data and OAuth tokens are accessible only to your authenticated account. Our application enforces per-user data isolation — no user can access another user's data.
- OAuth security: When you connect Google, we use industry-standard OAuth 2.0 with PKCE. Tokens are stored server-side and are never exposed to other users or third parties except as described in section 5.
- Token revocation: When you disconnect Google or delete your Galvence account, we revoke your OAuth tokens with Google and permanently delete them from our database.
- Minimal Google data handling: We do not copy, index, or permanently store your calendar events beyond what is necessary to complete the specific action you requested.
- Abuse prevention: We use CSRF protection, secure session cookies, and rate limiting to protect against unauthorised access and abuse.
We do not use Google user data to train AI models. Google Calendar information is used only to provide the features you request, as described in section 7.
7. Google API data — Limited Use disclosure
Galvence's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google data to provide and improve the features you explicitly request (calendar management).
- We do not transfer Google data to third parties except as necessary to provide the service (e.g., sending a calendar query to Google's own API), for security purposes, or as required by law.
- We do not use Google data for advertising or to build user profiles.
- Human employees do not read your Google data unless you give explicit consent, it is necessary for security purposes, or it is required by law.
8. International data transfers
All user data is stored in the European Union (Railway, Amsterdam). When you send a message, the conversation is transmitted to Anthropic's API servers in the United States for AI response generation. This transfer is lawful under Standard Contractual Clauses (SCCs). Payment processing via Stripe also involves US-based infrastructure, covered by Stripe's own SCCs.
No user data is stored outside the EU. Processing transfers to the US are transient and contractually governed.
9. How long we keep your data
- Account data: Until you delete your account.
- Conversations and memories: Until you delete them individually or delete your account.
- Google integration tokens: Until you disconnect your Google account or delete your Galvence account.
- Anthropic API logs: Deleted by Anthropic within 7 days of the API call.
- Reminders: Kept until delivered and then retained for your reference. Deleted when you delete your account.
When you delete your account, all your data is permanently removed from our database. This action is irreversible.
10. Your rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Access (Art. 15) — request a copy of the personal data we hold about you.
- Rectification (Art. 16) — ask us to correct inaccurate data.
- Erasure (Art. 17) — ask us to delete your data. You can also delete your account directly from the Settings page.
- Restriction (Art. 18) — ask us to temporarily stop processing your data.
- Portability (Art. 20) — receive your data in a structured, machine-readable format.
- Objection (Art. 21) — object to processing based on legitimate interest.
- Withdraw consent (Art. 7) — for Google integrations, you can disconnect at any time from the Settings page.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate), Tatari 39, 10134 Tallinn, Estonia — [email protected].
11. Children
Galvence is not intended for anyone under the age of 18. We enforce this at signup by requiring a date of birth. If we learn that we have collected data from someone under 18, we will delete their account and data promptly.
12. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. If we make a material change, we will notify you by email before the change takes effect. The "last updated" date at the top of this page reflects the most recent revision.
13. Contact
M2R OÜ
Registry code: 16972633
Kooli tee 1-12, Ilmatsalu, Tartu County, 61401, Estonia
[email protected]