tobiBack

Privacy Policy

Last updated: December 6, 2025

Overview

Tobi ("we", "our", or "the Service") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information.

Information We Collect

Account Information

  • Email address (from Google OAuth)
  • Name (from Google OAuth)
  • Profile preferences you set in the app

User Content

  • Tasks, projects, and notes you create
  • Email content synced from Gmail (with your permission)
  • Calendar events synced from Google Calendar (with your permission)
  • Files and attachments you upload

Usage Information

  • Feature usage patterns (anonymized)
  • Error logs for debugging

How We Use Your Information

  • To provide and improve the Service
  • To generate AI insights and suggestions personalized to you
  • To send transactional emails (account, billing)
  • To provide customer support
  • To detect and prevent abuse

AI Processing

Your data is processed by AI on Cloudflare's secure infrastructure.

  • We use Cloudflare Workers AI (Llama models) - not OpenAI, Anthropic, or other third parties
  • Your data never leaves Cloudflare's network for AI processing
  • AI models are pre-trained - we do not train on your data
  • All AI queries are scoped to your account only

Data Storage & Security

  • All data is stored on Cloudflare's edge network
  • Data is encrypted in transit (TLS) and at rest
  • We use industry-standard security practices
  • Database queries are always scoped by user ID - you can only access your own data

Third-Party Services

We use the following third-party services:

  • Google OAuth - For authentication
  • Gmail API - To sync emails (with your permission)
  • Google Calendar API - To sync events (with your permission)
  • Stripe - For payment processing
  • Cloudflare - For hosting and AI processing

Data Sharing

We do NOT sell your data. We share data only:

  • With service providers necessary to operate the Service
  • When required by law or legal process
  • To protect our rights or prevent fraud

Your Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Revoke OAuth permissions at any time

To exercise these rights, contact us at privacy@tobiai.app.

Data Retention

We retain your data as long as your account is active. When you delete your account, we delete your data within 30 days. Some anonymized usage data may be retained for analytics.

Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

Children's Privacy

The Service is not intended for users under 13. We do not knowingly collect data from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

Contact

For privacy questions or concerns, contact us at privacy@tobiai.app.