Cendi is a personal assistant application developed by Claris AI. This policy describes what data we collect, how we use it, and your rights regarding that data.
What Cendi Does
Cendi connects to your email and calendar accounts to provide daily briefings, help manage your schedule, plan travel, and assist with everyday tasks through a conversational interface. To do this, Cendi needs permission to read your email and calendar data.
Email Access
When you connect your Gmail account, Cendi requests read-only access to your inbox using the gmail.readonly scope. We use this access to:
- Generate your personalized morning briefing
- Summarize and prioritize recent emails when you ask
- Provide context for travel planning and scheduling
We fetch only the threads relevant to your request. Email content is passed to Anthropic's Claude API for processing and is not stored on our servers after the response is generated. We do not read, index, or mine your email for advertising or any purpose beyond the features you use.
We will never send email on your behalf without an explicit action from you.
Calendar Access
Cendi requests read-only access to your Google Calendar using the calendar.readonly scope. This allows us to include your schedule in morning briefings and to detect conflicts when planning trips or scheduling meetings. Calendar data is fetched in real time and is not stored on our servers.
We do not create, modify, or delete calendar events.
Data We Store
The following data is stored on our servers:
- Account information — your name, email address, and profile picture as provided by Google at sign-in.
- OAuth tokens — encrypted access and refresh tokens that allow us to call Gmail and Calendar APIs on your behalf. These are encrypted at rest using AES-128 (Fernet) with keys stored separately from the database.
- Preferences — travel preferences, dining preferences, and other settings you explicitly provide (airline loyalty numbers, home airport, etc.).
- Conversation history — your messages to Cendi, retained for 90 days to maintain context across sessions, then automatically deleted.
- Usage logs — request timestamps and error logs for debugging. These do not include email or calendar content.
Data We Do Not Store
Email content and calendar event details are fetched on demand, used to generate a response, and discarded. They are not written to our database or retained in any form after the request completes.
Third-Party Services
Cendi uses the following third-party services to operate:
- Anthropic (Claude API) — processes your messages and relevant context to generate AI responses. Governed by Anthropic's Privacy Policy.
- Google APIs — used to access Gmail and Calendar with your permission.
- Railway — hosts our backend infrastructure (SOC 2 compliant).
- ElevenLabs — provides text-to-speech for voice features.
Security
All communication between the Cendi app and our servers is encrypted using TLS. OAuth tokens are encrypted at rest. Authentication tokens on your device are stored in the iOS Keychain. We request only the minimum OAuth scopes necessary for the features you use.
We Do Not Sell Your Data
Claris AI does not sell, rent, or trade your personal information to third parties. We do not use your data for advertising or behavioral profiling.
Your Rights
You can revoke Cendi's access to your Gmail and Calendar at any time through your Google account settings.
To delete your Cendi account and all associated data, email michael@claris-ai.com with the subject line "Delete My Account." We will process your request within 30 days and permanently remove your user profile, stored tokens, preferences, and conversation history.
If you are located in the EU, you have additional rights under GDPR including the right to access, rectify, and port your data. You may also lodge a complaint with your local data protection authority. If you are a California resident, you have rights under CCPA including the right to know what data we collect and the right to opt out of data sales (we do not sell data).
Data Retention
- Account data is retained while your account is active.
- Email and calendar content is not persisted.
- Conversation history is deleted after 90 days.
- Server logs are retained for 30 days.
Changes to This Policy
We may update this policy from time to time. Material changes will be noted by updating the date at the top of this page. Continued use of Cendi after changes are posted constitutes acceptance of the updated policy.
Contact
Questions about this policy or your data can be directed to:
Claris AI
michael@claris-ai.com