Privacy Policy

This Privacy Policy explains how Common Intelligence Technologies Inc. ("Common Intelligence", "Senra", "we", "our", or "us"), a corporation incorporated under the Canada Business Corporations Act with its registered office in British Columbia, Canada, collects, uses, discloses, and otherwise processes personal information in connection with Senra and any related products, services, applications, or websites that reference or link to this Privacy Policy (collectively, the "Service").

We may also choose, or be required by law, to provide additional disclosures relating to the processing of personal information about residents of certain countries, regions, provinces, or states. Please refer to the Region-Specific Disclosures section for additional disclosures that may apply to you.

This Privacy Policy does not address our practices relating to job applicants, employees, or other employment-related individuals, nor does it apply to data that is not subject to applicable data protection laws (such as deidentified or publicly available information). This Privacy Policy is not a contract and does not create legal rights or obligations not otherwise provided by law.

If you do not agree with this Privacy Policy, please do not use the Service.

What Senra Is

Senra is an AI assistant that operates across the surfaces you already use, including a desktop application, web application, iMessage, and email. To act on your behalf, Senra connects to third-party services you authorize (such as Gmail, Google Calendar, Notion, Linear, Railway, GitHub, and others) and reads, writes, or otherwise interacts with information in those services in line with your instructions.

This Privacy Policy describes what we collect to provide that experience, how we use it, and the choices you have.

Personal Information We Collect

The categories of personal information we collect depend on how you interact with the Service.

Information You Provide Directly

• Account Information, including your first and last name, email address, phone number, account credentials, one-time passcodes, and the products or services you have signed up for, used, or expressed interest in. We use this primarily to administer your account, provide the Service, communicate with you about your account, and provide customer support.
• Contact Information, including name, email address, phone number, and communication preferences. We use this primarily to communicate with you and to send you service-related notices.
• Payment Information, including billing address and payment-card details. Payment-card numbers and similar financial information are provided directly to our third-party payment processor (currently Stripe) and are not retained by us. The processor's use of your information is governed by its own privacy policy.
• Connected-Account Authorizations, including OAuth tokens, refresh tokens, and scope grants you authorize when you connect a third-party service (Gmail, Google Calendar, Notion, Linear, Railway, GitHub, and others). We store these tokens securely (encrypted at rest, with keys managed in a key management service) and use them only to perform the actions you have asked Senra to perform within the scopes you granted.
• Connected-Account Content, including the contents of email messages, calendar events, documents, project notes, code, files, attachments, and any other content within third-party services you connect to Senra. We access this content to act on your instructions and to maintain the personal context that makes the Service useful (for example, drafting a reply to an email you received, summarizing a meeting, or finding a file you described).
• Customer Content, including any text, files, audio, images, or other data you upload, attach, dictate, or otherwise share with Senra during conversations or tasks. We use this content to provide the Service, fulfill your requests, and support and improve the Service.
• Sensitive Information, including any information that may be revealed through your connected-account content or your conversations with Senra. We do not specifically solicit sensitive information, but it may appear in messages, attachments, or documents you ask Senra to act on. See the Sensitive Information section below.
• Feedback and Support Information, including the contents of messages you send through chat, email, or support channels, as well as recordings of calls with us where permitted by law. We use this to investigate and respond to your inquiries and to improve the Service.

Information Collected Automatically

We and our third-party providers may collect the following automatically when you use the Service:

• Information About Your Device and Network, including device type, operating system, IP address, browser type, internet service provider, and unique identifiers associated with you, your device, or your network.
• Information About How You Use the Service, including the pages and screens you visit, the actions you take, the conversations you have with Senra, the tools and integrations you invoke, the features you use, and other browsing and usage behavior. We may use third-party analytics tools to collect this information.
• Approximate Location, derived from your IP address. We do not collect precise GPS location.
• Cookies and Similar Technologies (only on our websites), used to keep you signed in, to remember preferences, to measure how the Service is used, and to detect and prevent abuse.

Information from Other Sources

• Third-Party Services You Connect.When you connect a third-party service to Senra, we receive content and metadata from that service as described above. We do not receive your password to that service when you sign in via a single sign-on protocol (such as "Sign in with Google"); we receive identity tokens that confirm you successfully authenticated.
• Other People. Other people may share information about you with us, including by adding you to a calendar invite, sending you an email that you forward to Senra, or otherwise interacting with the Service in ways that include your information.
• Service Providers and Analytics Partners, who provide services on our behalf and may share usage and diagnostic information with us.
• Inferences. We may generate inferences about you (for example, your habits, your preferences, the people you correspond with most, or the topics you care about) based on the information described above, in order to make the Service more useful and personal to you.

How We Use Personal Information

We use personal information for the following purposes:

• To provide the Service, including running tasks you ask Senra to perform, drafting messages, executing automations, accessing your connected accounts, and surfacing relevant context.
• To remember context that is useful to you, including building and maintaining a personal memory layer about your preferences, projects, recurring contacts, and patterns, so the Service gets more useful over time. You can review and clear this memory at any time.
• To administer your account, verify your identity, fulfill billing and subscription obligations, and provide customer support.
• To improve and develop the Service, including diagnosing and fixing problems, monitoring performance, conducting analytics, and developing new features. We use de-identified or aggregated data wherever feasible for this purpose.
• To communicate with you, including sending service notices (such as security alerts, billing receipts, and important updates), and, with your consent or as otherwise permitted by law, marketing communications you can opt out of at any time.
• To detect and prevent fraud, abuse, and security incidents, and to protect the rights and property of Senra, our users, and others.
• To comply with legal obligations, including tax, accounting, and recordkeeping requirements, and to respond to lawful requests from authorities.
• To enforce our Terms of Service and other agreements, and to defend, protect, and exercise our legal rights.
• For any other purpose disclosed to you at the point of collection or with your consent.

A Note on AI Training and Google User Data

We do not train, fine-tune, or otherwise use AI models on the contents of your Google user data, your connected-account content, or your conversations with Senra. All model calls are routed through Vercel AI Gateway with the no-training flag set, which means the upstream model providers in the routing pool (such as OpenAI and Anthropic) are contractually prohibited from training on your prompts or completions. This commitment matches Google's Limited Use requirements for Google API services and applies to all of your data, not just data covered by Google's Limited Use rules.

We may use de-identified or aggregated information that cannot reasonably be used to identify you (for example, anonymized usage statistics) to evaluate and improve the Service.

How We Share Personal Information

We disclose personal information in the following ways:

• Service Providers and Subprocessors. We use third-party providers to host, operate, and support the Service, including cloud hosting, database, AI model routing, AI model providers, authentication, error monitoring, product analytics, background execution, transactional email, per-user inbox provisioning, iMessage delivery, and payment processing. A current list of our subprocessors is available on our Subprocessors page or by request. These providers process personal information on our behalf only as needed to provide their services, and we require them to protect your information consistent with this Policy.
• Connected Third-Party Services You Authorize. When you ask Senra to perform an action in a connected third-party service (for example, send an email, create a calendar event, file an issue, or commit a change), we transmit the necessary information to that service to carry out your request. Your use of those third-party services is governed by their own terms and privacy policies.
• People You Direct Us to Share With. When you ask Senra to send a message, email, calendar invite, or other content to a recipient, the contents of that communication are delivered to the recipient.
• Legal and Safety. We may disclose personal information to comply with applicable law, lawful requests, court orders, and legal process; to enforce our Terms; to protect our rights, property, and safety, and the rights, property, and safety of our users and others; and to detect, investigate, or prevent fraud and security incidents.
• Business Transactions. We may transfer personal information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction. Any successor entity will be bound by terms substantially similar to this Policy with respect to your information.
• With Your Consent or Direction. We may share personal information when you direct us to or with your consent.

We do not sell your personal information for money, and we do not use it to serve you third-party targeted advertising.

Sensitive Information

Senra is not designed for, and you should not use Senra to store, transmit, or process, the following types of sensitive information:

• Special categories of personal data under EU/UK data protection law, including health data, biometric data, genetic data, racial or ethnic origin, political opinions, religious beliefs, trade-union membership, and data concerning sex life or sexual orientation;
• Protected health information under HIPAA;
• Government identification numbers, such as social insurance numbers, social security numbers, driver's license numbers, or passport numbers;
• Financial account numbers other than the payment information described above;
• Information subject to specific regulatory regimes such as the Children's Online Privacy Protection Act (COPPA) or the Gramm-Leach-Bliley Act (GLBA); or
• Other information protected under specific laws not otherwise covered.

We acknowledge that Senra may incidentally encounter sensitive information when reading content in your connected accounts (for example, an email mentioning health information). We handle that content as described in this Policy and apply the same security and confidentiality standards to it.

Your Choices

Account Settings

You can review and update most of your account information, manage your connected accounts, review and clear Senra's memory of you, set spending caps, and adjust notification preferences directly in the Service.

Disconnecting Third-Party Services

You can disconnect any third-party service you have linked to Senra at any time, either from within the Service or from the third-party service's own settings (for example, by revoking Senra's access in your Google Account or GitHub settings). When you disconnect a service, we stop accessing it on your behalf and delete the associated tokens. Content we already processed and stored as part of providing the Service may be retained as described in Data Retention below until you delete it or close your account.

Communication Preferences

• Marketing Email.You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing message we send. We may still send you transactional and service-related emails (such as security alerts, billing receipts, and important updates).
• Push and SMS Notifications. You can manage push and SMS notifications in your device settings or by replying STOP to any promotional SMS message.

Cookies and Tracking Technologies

You can control cookies and similar technologies through your browser settings. Blocking cookies may impact your ability to use certain features of the Service.

Modifying or Deleting Your Personal Information

You can request access to, correction of, or deletion of your personal information by contacting us at the email address in the Contact Us section. We may not be able to modify or delete personal information in all circumstances (for example, where retention is required by law or for legitimate business purposes).

Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the nature of the information and the purposes for which it was collected.

When you close your account, we will delete or de-identify personal information associated with your account within a commercially reasonable period, except where retention is required by law (for example, for tax and accounting recordkeeping) or where the information has been de-identified or aggregated such that it can no longer reasonably be associated with you.

You can request deletion of specific information at any time by contacting us, subject to the limits described above.

Security

We implement reasonable physical, technical, and organizational safeguards to protect personal information. These include encryption in transit (TLS), encryption at rest, field-level encryption for sensitive credentials such as OAuth tokens, role-based access control, audit logging, and ongoing security review. We require service providers to maintain commensurate safeguards.

No security measure is perfect, and we cannot guarantee that personal information will not be accessed, disclosed, altered, or destroyed without authorization. You are responsible for maintaining the security of your account credentials.

Children

The Service is not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or under 16 in jurisdictions where that is the relevant age). If you believe a child has provided personal information to us, please contact us and we will take steps to delete it.

International Data Transfers

We are based in Canada, and we use service providers in Canada, the United States, and other jurisdictions. When we transfer personal information across borders, we rely on appropriate safeguards under applicable law, including standard contractual clauses, adequacy decisions, and the EU-U.S. Data Privacy Framework where applicable.

Region-Specific Disclosures

Canada (PIPEDA / British Columbia PIPA)

We process personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, British Columbia's Personal Information Protection Act (PIPA). You have the right to access and correct personal information we hold about you, and to make a complaint to the Office of the Privacy Commissioner of Canada or, where applicable, the Office of the Information and Privacy Commissioner for British Columbia.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing personal information are:

• Contract, where processing is necessary to provide the Service to you under our Terms of Service;
• Legitimate interests, where processing is necessary for our legitimate interests (for example, to operate, secure, and improve the Service), and those interests are not overridden by your rights and interests;
• Consent, where you have given us specific consent (for example, for marketing communications);
• Legal obligation, where processing is necessary to comply with applicable law.

You have the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent, subject to applicable limits. You may also lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at the email below.

The data controller is Common Intelligence Technologies Inc.

California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect about you, the right to access and delete that information, the right to correct inaccurate information, the right to opt out of "sale" or "sharing" of personal information (we do not sell or share your personal information for cross-context behavioral advertising), and the right not to be discriminated against for exercising these rights. To exercise any of these rights, contact us at the email below. We will verify your request by matching the information you provide to information we hold about you.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this Policy. If we make material changes, we will notify you by email, by prominent posting in the Service, or through other appropriate communication channels. The updated Policy is effective on the date of publication unless otherwise stated.

Contact Us

If you have questions or requests about this Privacy Policy or our privacy practices, please contact us at:

Common Intelligence Technologies Inc.
631 Barnham Road, West Vancouver, British Columbia, Canada V7S 1T6
Email: privacy@trysenra.com