Privacy Policy

Last Updated: January 11, 2026 | Effective Date: January 5, 2026

1. Introduction

Welcome to Ally ("we," "our," or "us"). Ally Technologies Inc. operates the Ally application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using Ally, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Contact Information

Company: Ally Technologies Inc.

Email: hello@askally.io

Website: https://askally.io

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, name, profile picture, and timezone when you create an account.
  • Communication Data: Messages and instructions you send to our AI assistant.
  • Payment Information: Billing details processed securely through Lemon Squeezy (we do not store your full payment card details).

3.2 Information from Third-Party Services

  • Google Account: Basic profile information (name, email, profile picture) when you authenticate with Google.
  • Google Calendar: Calendar events, event details, and calendar settings to provide our core scheduling features.
  • Telegram: Telegram user ID, username, and chat messages when you link your Telegram account.
  • WhatsApp: Your phone number and chat messages when you interact with Ally via WhatsApp.

3.3 Automatically Collected Information

  • Device information and browser type
  • IP address and approximate location
  • Usage patterns and feature interactions
  • Error logs and performance data

4. Google User Data

This section specifically addresses how Ally accesses, uses, stores, and shares Google user data obtained through Google OAuth authentication.

4.1 Google Scopes We Request

Ally requests access to the following Google OAuth scopes. Each scope is necessary for specific features of our AI calendar assistant:

Authentication Scopes

ScopePurpose & Justification
openidRequired for secure authentication using OpenID Connect protocol
emailAccess your email address to create your account and send important notifications about your calendar
profileAccess your name and profile picture to personalize your Ally dashboard experience

Calendar Access Scopes

ScopePurpose & Justification
calendarFull calendar access: Required to create, edit, move, and delete events when you instruct Ally via chat. This is the core functionality of our AI assistant.
calendar.eventsEvent management: Enables Ally to create new events, update existing ones, and delete events across all your calendars based on your natural language instructions.
calendar.events.ownedYour owned events: Manage events that you own (created by you), ensuring Ally can properly handle event modifications and deletions.
calendar.events.owned.readonlyRead your owned events: View events you created to provide analytics, insights, and AI-powered schedule optimization suggestions.
calendar.readonlyView calendar data: Read your calendar to understand your schedule, detect conflicts, find available time slots, and provide intelligent scheduling suggestions.
calendar.calendarlistCalendar list access: View and manage your list of calendars so you can choose which calendars Ally should work with.
calendar.calendarlist.readonlyView calendar list: See all your calendars (work, personal, shared) to display them in your dashboard and let you select which ones to manage.
calendar.freebusyFree/busy information: Check when you're available or busy to help schedule new events at optimal times without conflicts.
calendar.app.createdApp-created calendars: Manage calendars that Ally creates on your behalf (if you request Ally to create a new calendar).

Why we need these permissions: Ally is a full-featured AI calendar assistant that manages your schedule through natural language. To understand commands like "Move my 3pm meeting to tomorrow" or "Find a free slot for a dentist appointment next week," we need comprehensive access to read your calendar and make changes on your behalf. You can revoke these permissions at any time.

4.2 How We Use Google Data

  • Calendar Management: Create, edit, move, and delete events based on your instructions to the AI assistant.
  • Schedule Analysis: Analyze your calendar to identify gaps, conflicts, and optimization opportunities.
  • AI Assistance: Provide context to our AI so it can understand your schedule and respond intelligently to your requests.
  • Notifications: Send you reminders and updates about your calendar events.

4.3 Google Data Storage

We store the following Google-related data in our secure database (Supabase):

  • OAuth access tokens and refresh tokens (encrypted)
  • Your Google profile information (name, email, profile picture)
  • Calendar metadata (calendar names, colors, timezone)
  • Event data necessary for AI context and gap analysis

4.4 No Human Access to Your Data

Ally employees and contractors do not read your Google Calendar data unless:

  • You explicitly request human support and grant permission
  • Required by law or to investigate security incidents
  • Necessary to enforce our Terms of Service

4.5 Google API Services User Data Policy Compliance

Ally's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. How We Use Your Information

  • Provide, maintain, and improve our Service
  • Process your AI assistant requests and calendar operations
  • Send you service-related communications
  • Analyze usage patterns to enhance user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

6. Third-Party Data Sharing

We share your data with the following third parties only as necessary to provide our Service:

OpenAI

Purpose: AI processing of your messages and calendar context to generate intelligent responses.

Data Shared: Your chat messages, event summaries (not full details), and conversation history.

Supabase

Purpose: Secure database hosting and authentication services.

Data Shared: All user data is stored in Supabase's PostgreSQL database with Row-Level Security enabled.

Lemon Squeezy

Purpose: Payment processing for subscription plans.

Data Shared: Email, name, and payment information required for transactions.

Telegram Bot API

Purpose: Enable chat-based calendar management via Telegram.

Data Shared: Your Telegram user ID, messages sent to the bot, and AI responses.

WhatsApp Business API (Meta)

Purpose: Enable chat-based calendar management via WhatsApp messaging.

Data Shared: Your WhatsApp phone number, messages sent to our business number, and AI responses.

Note: WhatsApp messages are processed through Meta's WhatsApp Business Platform. See WhatsApp's Privacy Policy for details on their data handling.

We do not sell your personal data to third parties.

7. Data Retention

  • Account Data: Retained while your account is active and for up to 30 days after deletion request.
  • Conversation History: Retained for 90 days to provide context for AI interactions, then automatically summarized and archived.
  • OAuth Tokens: Retained while your account is active; immediately revoked upon disconnection or account deletion.
  • AI Session Data: Automatically expired and cleaned up after session completion.
  • Gap Analysis Data: Pending gaps are automatically cleaned up after 7 days.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and revocation of Google access.
  • Portability: Request your data in a machine-readable format.
  • Disconnect Google: Revoke Ally's access to your Google Calendar at any time from your dashboard or Google Account settings.

To exercise these rights, contact us at hello@askally.io.

9. Security

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all data in transit
  • Encrypted storage for OAuth tokens and sensitive data
  • Row-Level Security (RLS) policies in our database
  • Rate limiting and abuse prevention
  • Regular security audits and monitoring
  • HTTP-only cookies for session management

10. Children's Privacy

Ally is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately at hello@askally.io.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@askally.io

Company: Ally Technologies Inc.

← Back to Home