Privacy Policy

Last updated: November 14, 2025

Our Commitment to Your Privacy

Alfred AI ("we", "our", or "us") is committed to protecting your privacy and being completely transparent about what data we collect and how we use it. This Privacy Policy explains in detail how we collect, use, store, and safeguard your personal information when you use our AI butler service.

Quick Summary

Alfred only accesses data you explicitly grant permission for. We encrypt sensitive health data (medications, blood tests) and travel documents with AES-256-GCM encryption. We never sell your data. You can export or delete everything instantly. We're HIPAA and GDPR compliant.

Information We Collect

1. Account Information

  • Google Account Data: Name, email address, and profile picture via Google OAuth
  • Apple Account Data: Name and email via Apple Sign In (if you choose this option)
  • Session Data: Login timestamps, device information, IP address (for security)

2. Conversation Data

  • Chat Messages: All conversations you have with Alfred (text and voice transcriptions)
  • Agent Interactions: Requests sent to each of the 15 specialized agents
  • AI Responses: Alfred's responses and recommendations
  • Journal Entries: Any thoughts or notes you capture in the AI Journal

3. Task & Schedule Data

  • Tasks: Todo items, priorities, due dates, completion status, recurring task patterns
  • Events: Parties, birthdays, anniversaries, guest lists, RSVP tracking
  • Reminders: Notification preferences and reminder history
  • Calendar Integration: Google Calendar events (with your consent)

4. Health & Wellness Data (Encrypted)

HIPAA-Compliant Encryption

All health data is encrypted at rest using AES-256-GCM encryption with individual encryption keys.

  • Medications: Medication names, dosages, schedules (fully encrypted)
  • Medical Appointments: Doctor names, appointment times, medical conditions
  • Health Metrics: Weight, blood pressure, fitness data you manually log
  • Blood Test Results: Lab results you upload (fully encrypted)
  • Workouts: Exercise logs, fitness goals, workout plans
  • Nutrition Logs: Meals, calorie tracking, macro targets

5. Family & Contact Data

  • Contacts: Names, birthdays, relationships, dietary preferences
  • Gift History: Gifts you've given to track and avoid duplicates
  • Wish Lists: Gift ideas for family and friends
  • Communication History: When you last contacted someone (for relationship management)
  • Google Contacts Import: If you choose to import contacts

6. Meal Planning & Food Data

  • Meal Plans: Weekly meal plans, recipe selections, meal preferences
  • Dietary Preferences: Allergies, restrictions (vegetarian, vegan, gluten-free, etc.)
  • Recipes: Saved recipes, cocktails, ratings, cooking notes
  • Pantry Inventory: Items you have on hand, expiration dates
  • Shopping Lists: Grocery items, shopping history, store preferences

7. Travel Data (Partially Encrypted)

Sensitive Travel Documents Encrypted

Passport numbers, visa information, and travel documents are encrypted with AES-256-GCM.

  • Trips: Destinations, dates, travelers, budgets, activities
  • Flight Searches: Search queries sent to Amadeus API (not stored)
  • Hotel Searches: Search queries sent to Amadeus API (not stored)
  • Packing Lists: Items to pack, packing status
  • Travel Documents: Passport numbers, visa details (fully encrypted)
  • Travel Preferences: Seat preferences, hotel preferences

8. Home & Vehicle Maintenance

  • Home Maintenance: HVAC schedules, appliance service dates, contractor information
  • Vehicle Information: Make, model, year, VIN, mileage, service history
  • Service Providers: Contractor names, phone numbers, ratings
  • Warranty Information: Warranty details, purchase dates

9. Third-Party Service Data (With Your Consent)

  • Gmail: Email content (read-only access for summarization and drafting)
  • Google Calendar: Calendar events (read/write for scheduling)
  • Location Data: Only when you search for local businesses (restaurants, mechanics, etc.)

How We Use Your Information

We use your data exclusively to provide Alfred's services:

  • Personalized AI Assistance: Tailor Alfred's responses to your preferences and context
  • Agent Coordination: Enable the 15 specialized agents to work together (e.g., meal plan → shopping list)
  • Reminders & Notifications: Send timely alerts for tasks, appointments, medications, birthdays
  • Proactive Suggestions: Suggest gift ideas 3 weeks before birthdays, medication refills at 5 pills remaining
  • Daily Briefs: Generate personalized morning summaries with your tasks, weather, news
  • Pattern Learning: Learn your preferences to make better recommendations over time
  • Service Improvement: Analyze usage patterns to improve Alfred's capabilities (anonymized data only)

AI Processing & Third-Party Services

Anthropic Claude AI

Your conversations with Alfred are processed using Anthropic's Claude Sonnet 4 AI model. We send your messages to Anthropic's API for:

  • Natural language understanding and response generation
  • Intent detection and agent routing
  • Complex task coordination

Anthropic does not use your data to train their models. See Anthropic's Privacy Policy for details.

External APIs We Use

We integrate with these trusted services:

  • Amadeus: Flight and hotel searches (queries not stored)
  • Edamam: Recipe and nutrition data (queries not stored)
  • Google Places: Local business search (location data temporary)
  • OpenWeatherMap: Weather forecasts (location data temporary)
  • NewsAPI: Personalized news (interest categories only)
  • Google Search: Web research (queries not stored)
  • ElevenLabs: Voice synthesis (text-to-speech, no data stored)

Data Security & Encryption

Encryption Standards

  • In Transit: All data transmitted over HTTPS with TLS 1.3 encryption
  • At Rest (Sensitive Data): AES-256-GCM encryption for:
    • Medications and dosages
    • Blood test results and medical records
    • Passport numbers and visa information
    • Any other health-related data
  • OAuth Tokens: Securely stored with encryption in our database
  • Encryption Keys: Individual keys per user, never stored in plain text

Security Measures

  • Regular security audits and penetration testing
  • Database backups with encryption
  • Access controls and monitoring
  • Automatic session expiration
  • Server-side validation and input sanitization
  • CSRF and XSS protection

Compliance

HIPAA Compliance

We encrypt all Protected Health Information (PHI) including medications, medical appointments, and health records using AES-256-GCM encryption.

GDPR Compliance

Full data portability, right to deletion, consent tracking, and transparent data processing for all EU users.

Your Rights & Controls

You have control over your data:

  • Access: Export all your data anytime in Settings → Account Management
  • Correction: Update or correct information through the app settings
  • Deletion: Delete your account and all data instantly in Settings → Account Management
  • Export: Download all your data in JSON format (Settings → Export All My Data)
  • Revoke Access: Disconnect Gmail or Calendar through your Google Account settings
  • Opt-Out: Disable specific agents in Settings
  • Notification Control: Manage notification preferences in Settings

Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: All data is permanently deleted within 30 days of account deletion
  • Backups: Encrypted backups are retained for 90 days for disaster recovery
  • Legal Requirements: We may retain data longer if required by law

Data Sharing

We do NOT sell, rent, or share your personal data with third parties, except:

  • With Your Consent: When you explicitly authorize sharing (e.g., Gmail access)
  • Service Providers: Cloud hosting (Vercel, Supabase) and AI processing (Anthropic) under strict data agreements
  • Legal Requirements: If required by law, court order, or government request
  • Aggregated Data: Anonymous, aggregated statistics for product improvement (no personal identifiers)

Children's Privacy

Alfred is designed for adults 18 years and older. We do not knowingly collect personal information from children under 18. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page with an updated "Last updated" date
  • Sending an email notification to your registered email address
  • Showing an in-app notification on your next login

Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices:

Email: privacy@hey-alfred.app

Support: support@hey-alfred.app

Contact Form:

Our Privacy Promise

  • ✅ We encrypt sensitive health and travel data with military-grade AES-256-GCM
  • ✅ We never sell your data to anyone, ever
  • ✅ You can export or delete all your data instantly in Settings
  • ✅ We're transparent about what we collect and why
  • ✅ We're HIPAA and GDPR compliant
  • ✅ You have complete control and full transparency