Privacy Policy

1. Information We Collect

1.1 Landing Page and Waitlist

When you visit our website at allf.red or sign up for our waitlist, we collect:

• Email address you provide when joining the waitlist (stored in Firebase/Firestore)
• Analytics data collected automatically via Firebase Analytics, including page views, referral source, device type, browser type, and approximate geographic location

1.2 Account Information

When you create an Allfred account, we collect:

• Account credentials (email address, authentication tokens)
• Profile information you provide (name, preferences)
• Payment information for paid tiers (processed by our third-party payment provider; we do not store full payment card details)

1.3 Connected Services Data

With your explicit authorization, Allfred connects to third-party services to provide its assistant features. This includes:

• WhatsApp messages: Incoming and outgoing messages from your WhatsApp account, including text content, sender/recipient information, timestamps, and media metadata. This data is processed in real time to determine message importance and triage notifications.
• Gmail: Email messages, labels, and metadata from your Google account, used to surface important communications and provide briefings.
• Google Calendar: Calendar events, attendees, and scheduling information, used for daily briefings and scheduling assistance.
• Google Contacts: Contact names, phone numbers, and email addresses, used for identity resolution and relationship management.

1.4 Device and Usage Information

When you use the Allfred mobile app, we may collect:

• Device information: Device model, operating system version, unique device identifiers, and push notification tokens
• Usage data: Features used, interaction patterns, and session duration
• Location data: Only if you explicitly grant location permissions, and only to provide location-relevant assistance

2. How We Use Your Information

We use your information solely to provide, maintain, and improve the Allfred service. Specifically:

• To provide the AI assistant service: Processing your messages, emails, and calendar data to triage communications, manage relationships, and deliver daily briefings
• To personalize your experience: Learning your preferences, important contacts, and communication patterns
• To send notifications: Alerting you to important messages and events based on your configured preferences
• To process payments: Managing subscriptions for paid tiers
• To improve the service: Analyzing aggregated, anonymized usage patterns to improve features and performance
• To communicate with you: Sending service-related announcements, security alerts, and support responses

What We Do NOT Do With Your Data

• We do not sell your personal data to any third party, ever.
• We do not use your data to train AI models. Your messages, emails, and personal information are never used as training data for any machine learning system.
• We do not share your data with advertisers.
• We do not retain bulk copies of your messages. Data is processed in real time and only metadata and summaries are stored as needed for the service to function.

3. Data Storage and Security

3.1 Per-User Data Isolation

Each Allfred user has a completely separate, encrypted database. Your data is never commingled with other users' data. This per-user isolation is a core architectural principle of our service.

3.2 Infrastructure

• Your data is stored on Microsoft Azure cloud infrastructure
• All data is encrypted at rest and encrypted in transit using industry-standard TLS
• Our servers are operated from Israel, with Azure cloud infrastructure in supported regions

3.3 Security Measures

We implement industry-standard security practices including:

• Encryption of data at rest and in transit
• Per-user database isolation
• Access controls and authentication
• Regular security reviews
• Minimal data retention (we store only what is necessary for the service)

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

Allfred integrates with and relies on the following third-party services:

4.1 WhatsApp (Meta Platforms)

Allfred connects to your WhatsApp account to read and, depending on your plan, send messages on your behalf. Your use of WhatsApp is subject to WhatsApp's Terms of Service and Privacy Policy. We are not affiliated with, endorsed by, or sponsored by Meta Platforms or WhatsApp. WhatsApp may change their platform, API, or policies at any time, which may affect or limit Allfred's WhatsApp features.

4.2 Google Services (Gmail, Calendar, Contacts)

Allfred accesses your Google account data through Google's OAuth 2.0 authorization framework. Your use of Google services is subject to Google's Terms of Service and Privacy Policy. We are not affiliated with, endorsed by, or sponsored by Google.

4.3 Azure OpenAI Service (Microsoft)

Your messages and data are processed using Microsoft's Azure OpenAI Service to power the AI assistant. Data sent to Azure OpenAI is processed in accordance with Microsoft's data processing terms and is not used by Microsoft to train their AI models.

4.4 Firebase (Google)

We use Firebase for authentication, waitlist management (Firestore), push notifications (FCM), and website analytics (Firebase Analytics). Firebase's data practices are governed by Google's Privacy Policy.

4.5 Langfuse (Self-Hosted)

We use a self-hosted instance of Langfuse for internal service telemetry and performance monitoring. This system processes anonymized operational data and does not store your personal message content.

5. Data Retention and Deletion

5.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the service. Message content is processed in real time; only metadata, summaries, and relationship data are persisted as necessary for Allfred's features.

5.2 Your Right to Delete

You can delete all of your data at any time through the Allfred app. When you request deletion:

• Your entire per-user database is permanently destroyed
• Connected service sessions (WhatsApp, Google) are terminated
• We retain no copies of your personal data after deletion
• Deletion is irreversible

5.3 Account Termination

If you terminate your account or we terminate it in accordance with our Terms of Service, all associated data is deleted as described above.

5.4 Waitlist Data

If you joined our waitlist, your email address is retained until you unsubscribe or request its removal by contacting us at privacy@allf.red.

6. Cookies and Analytics

6.1 Website (allf.red)

Our landing page uses Firebase Analytics to collect anonymized usage data, including:

• Pages visited and time spent
• Referral source
• Device and browser type
• Approximate geographic location

Firebase Analytics may use cookies or similar technologies. You can manage cookie preferences through your browser settings.

6.2 Mobile App

The Allfred mobile app does not use cookies. We collect usage analytics as described in Section 1.4.

7. Children's Privacy

Allfred is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@allf.red.

8. International Data Transfers

Allfred is operated by a company based in Tel Aviv, Israel. Your data may be processed and stored in Israel and in other jurisdictions where our cloud infrastructure providers (Microsoft Azure) operate data centers.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, please be aware that your data may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction.

Israel has been recognized by the European Commission as providing an adequate level of data protection.

9. Your Rights (GDPR and Applicable Law)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data.
• Right to Data Portability: You may request a machine-readable copy of your data.
• Right to Restrict Processing: You may request that we limit how we use your data.
• Right to Object: You may object to our processing of your data in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@allf.red. We will respond within 30 days of receiving your request.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via the Allfred app or email if the changes are significant
• Post the updated policy on our website

Your continued use of Allfred after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@allf.red

Mailing Address:
Allfred
Tel Aviv, Israel