Privacy Policy

1. Introduction

Amulet ("we", "our", or "us") is a productivity assistant that helps you manage tasks and schedules across multiple platforms. This Privacy Policy explains how we collect, use, and protect your information when you use our service at useamulet.dev.

2. Information We Collect

We collect the following information:

• Account information: Your name, email address, and password (hashed) when you register.
• Task and calendar data: Tasks, events, and schedules from your connected apps (Todoist, Notion, Google Calendar, Trello, Microsoft To Do).
• Chat messages: Conversations you have with the Amulet AI assistant.
• OAuth tokens: Access and refresh tokens for connected third-party services, stored encrypted.
• Usage data: Timezone, check-in preferences, and notification subscriptions.

3. How We Use Your Information

We use your information solely to provide and operate the Amulet service. Specifically:

• To manage your tasks, schedule, and reminders, and to sync them between the apps you have connected.
• To send transactional emails (verification codes, trial expiry notices, receipts).
• To send push notifications for reminders and check-ins you have opted into.
• To pass your chat messages to the AI assistant so it can respond to your request.
• To process payments through Stripe (we do not receive or store your payment card details).

We do notuse your data — including data from Google APIs — for advertising, to build user profiles for marketing, or to train, fine-tune, or improve any generalized or large language / AI model. We do not sell or rent your data to anyone.

4. Third-Party Services

Amulet only shares your data with third parties to the minimum extent needed to deliver the feature you are using. Each provider below receives only the data required for that specific function:

• Google Calendar: To read your calendar events and to create, update, or delete events on your behalf when you ask Amulet to schedule, reschedule, or clear time. We request only the Google Calendar scope required for these features and no other Google data.
• Todoist, Notion, Trello, Microsoft To Do: To read and sync tasks between the platforms you have connected.
• Slack: To read or post messages and list channels on your behalf, only when you explicitly ask Amulet to do so.
• Groq and Together AI (LLM providers): When you send a chat message, Amulet sends that message — along with only the minimum relevant context (for example, the meeting title or task description) — to these providers so they can generate a response. These providers act as data processors on our behalf under their respective API terms and do not use this data to train their models. We do not send bulk exports of your Google, Todoist, Notion, Trello, or Microsoft data to any AI model provider.
• Stripe: To handle subscription payments. Payment card details are submitted directly to Stripe and never touch our servers.
• Resend: To deliver transactional emails (your email address and the message contents).
• Railway: Our application and PostgreSQL database are hosted on Railway.

5. Google API Services User Data Policy

Amulet's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Amulet only accesses Google Calendar. Data that Amulet receives from the Google Calendar API is:

• Used only to provide or improve user-facing features that are prominent in the Amulet product — that is, viewing, creating, updating, and deleting your calendar events when you ask the assistant to schedule, reschedule, or clear time.
• Never used for serving ads, for building advertising profiles, or for any purpose unrelated to the features you have activated.
• Never used to develop, improve, or train generalized or large language / AI models.
• Never transferred to third parties except (i) as necessary to provide or improve these user-facing features, (ii) to comply with applicable law, or (iii) as part of a merger, acquisition, or sale of assets with notice to users.
• Never read by humans unless we have your explicit consent, it is needed for security purposes (e.g. investigating abuse), it is needed to comply with applicable law, or the data has been aggregated and anonymized for internal operations.

6. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway. Passwords are hashed using bcrypt. OAuth tokens are stored encrypted in the database. All connections to Amulet and to third-party APIs use HTTPS/TLS. We do not sell your data to third parties.

7. Data Retention and Deletion

We retain your data for as long as your account is active. Chat history is kept for the duration of your account so the assistant can reference prior context in your conversations. Job queue entries are automatically cleaned after 24 hours. You can disconnect any integration at any time from the Integrations page, which revokes Amulet's stored token and stops further access. You can request deletion of your account and all associated data (including any data received from Google APIs) by emailing us at the address below; we will complete deletion within 30 days of the request.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request deletion of your account and data.
• Disconnect any third-party integration at any time.
• Disable notifications and check-ins in settings.
• Revoke Amulet's access to your Google account at any time via your Google account permissions page.

9. Contact

For questions about this Privacy Policy, to exercise any of the rights above, or to report a security concern, contact us at mohanadsaeed5@gmail.com.