This Privacy Policy ("Policy") describes how Viloma LLC ("Viloma," "we," "our," or "us") collects, uses, shares, and protects information when you use our personal AI assistant application and services (the "Service"). By using Viloma, you consent to the practices described in this Policy.
⚠️ BETA TESTING PRIVACY NOTICE
This Service is currently in CLOSED BETA under active development.
Important considerations for beta participants:
- Developmental Nature: Data collection and privacy practices may change as we improve the product
- Enhanced Monitoring: We may collect additional diagnostic, usage, and performance data to identify and fix issues
- No Data Permanence: The beta may be discontinued at any time, and your data may be deleted without backup
- Limited Retention Guarantees: Data retention policies are subject to change during the beta period
- Testing Purposes: Your participation helps us test and improve the product before public release
- Feedback Use: Feedback, bug reports, and usage patterns may be analyzed to enhance features
- Subject to Change: This Privacy Policy may be updated frequently during the beta without prior notice
By participating in the beta, you consent to these terms and understand that data practices are still being refined.
📋 Quick Summary
- We collect information you provide and data from services you connect (Google Calendar, Contacts, Health data)
- We use third-party AI services to power your personalized assistant
- Your data is encrypted and stored securely in Firebase
- We never sell your personal information
- You can delete your data at any time
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, profile information
- Goals & Tasks: Your goals, tasks, notes, and conversations with the AI assistant
- Preferences: App settings, notification preferences, and personalization choices
- Communications: Messages you send to us for support or feedback
1.2 Connected Services Data
Google Calendar & Contacts Integration:
- Calendar Data: Events, appointments, availability, attendees, and meeting details. We can create, update, or delete calendar events when you ask.
- Contacts Data: Names, email addresses, phone numbers of your contacts. We can also create or update contacts when you ask.
- Purpose: To help schedule tasks, send meeting invites, coordinate with your contacts, and save new contacts at your request
- Storage: OAuth tokens are encrypted using AES-256-GCM and stored securely
- Control: You can revoke access at any time through the app or Google Account settings
🔒 Google API Limited Use Disclosure
Viloma's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only access the specific Calendar and Contacts data needed for core assistant features
- We do NOT use Google user data to train AI models or for advertising
- We do NOT sell or share Google user data with third parties except as disclosed in this policy
- All Google data transfers to third parties comply with disclosure requirements
1.3 Health & Wellness Data (iOS only)
HealthKit Integration:
- Data Accessed: Heart rate, steps, active calories (only during mindful activities)
- Purpose: To provide customized mindfulness and physical activity recommendations
- Storage & Sharing: Health data remains on your device and is synced to Apple Health. We do NOT send raw health data to our servers or third parties
- Control: Manage permissions in Settings → Health → Apps
1.4 Automatically Collected Information
- Usage Data: Features used, session duration, interaction patterns
- Device Information: Device type, operating system, app version, unique identifiers
- Log Data: IP address, access times, error logs, performance metrics
2. How We Use Your Information
2.1 Core Services
- Provide AI-powered personal assistance and goal management
- Process your conversations to generate intelligent responses
- Create, manage, and organize your goals, tasks, and notes
- Sync data across your devices
- Integrate with your calendar to schedule tasks and send meeting invites
2.2 Personalization & AI Processing
- Learn your preferences and adapt interaction styles
- Generate contextual suggestions and follow-up questions
- Categorize goals and tasks intelligently
- Provide personalized recommendations based on your history
2.3 Service Improvement
- Analyze usage patterns to improve features
- Debug technical issues and errors
- Conduct research and analytics (aggregated, de-identified data)
- Train and improve AI models (opt-in feedback only)
2.4 Communications
- Send service updates and important notifications
- Respond to your support requests
- Send promotional communications (with your consent, opt-out available)
3. Third-Party Service Providers
We partner with trusted service providers to deliver and improve the Service. These providers process data on our behalf under strict confidentiality agreements:
3.1 AI & Machine Learning Services
Viloma uses third-party artificial intelligence services to power the conversational assistant. Your conversations, goals, tasks, and context are processed by:
- Google Cloud AI Services (Vertex AI): Processes your conversations to generate AI responses
- Data shared: Conversation history, goals, tasks, user preferences
- Purpose: Generate intelligent, contextual responses and suggestions
- Models: We may use various AI models (such as Gemini) based on performance and features
- Privacy: Google Cloud Privacy Policy
- Data Processing Addendum: Google Cloud DPA
Important: We may update the specific AI models or providers we use to improve service quality and performance. Any changes will be reflected in updated versions of this policy.
3.2 Infrastructure & Database
- Google Firebase: Authentication, database, hosting
- Data stored: Account data, goals, tasks, messages, OAuth tokens
- Location: United States (multi-region)
- Security: Industry-standard encryption at rest and in transit
- Privacy: Firebase Privacy
3.3 Data Processing Principles
- All third-party processors are bound by data processing agreements
- We only share the minimum data necessary for each service
- Providers may not use your data for their own purposes
- We regularly audit provider security and compliance practices
4. Data Storage & Security
4.1 Storage Location
Your data is primarily stored in the United States using Google Firebase infrastructure. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States.
4.2 Security Measures
- Encryption: Data encrypted at rest and in transit (TLS 1.3, AES-256)
- OAuth Token Security: Google tokens encrypted using AES-256-GCM with initialization vectors
- Access Controls: Role-based access, least-privilege principles
- Authentication: Firebase Authentication with secure session management
- Monitoring: Continuous security monitoring and logging
- Incident Response: Documented breach notification procedures
4.3 Data Retention
- Active Account Data: Retained while your account is active
- Deleted Account Data: Deleted within 30 days of account deletion request
- Backups: Backup data deleted within 90 days
- Legal Obligations: Some data retained longer if legally required
- Anonymized Analytics: Aggregated, de-identified data may be retained indefinitely
5. Your Rights & Choices
5.1 Access & Portability
- Access: Request a copy of your personal data
- Export: Download your goals, tasks, and conversation history
- Portability: Receive data in machine-readable format
5.2 Correction & Deletion
- Correction: Update inaccurate information in your profile
- Deletion: Delete specific goals, tasks, or conversations
- Account Deletion: Permanently delete your account and all associated data
5.3 Privacy Controls
- Google Calendar/Contacts: Revoke access via app settings or Google Account
- Health Data: Manage permissions in iOS Settings → Health → Apps
- Notifications: Control email and push notification preferences
- Marketing: Opt out of promotional emails via unsubscribe link
5.4 California Residents (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to opt-out of sale of personal information (we do NOT sell your information)
- Right to non-discrimination for exercising your privacy rights
5.5 European Residents (GDPR)
If you are in the European Economic Area, you have rights under GDPR:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
5.6 Exercising Your Rights
To exercise any of these rights, contact us at privacy@viloma.com. We will respond within 30 days of verification of your identity.
6. Children's Privacy
Viloma is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 18, you may only use the Service with permission from a parent or guardian.
If we discover we have collected information from a child under 13, we will delete it immediately. Parents who believe we have collected information from their child should contact us at privacy@viloma.com.
7. Data Sharing & Disclosure
7.1 We Do NOT Sell Your Information
Viloma does not sell, rent, or lease your personal information to third parties for their marketing purposes.
7.2 When We Share Information
We may share your information only in these limited circumstances:
- Service Providers: With trusted vendors who process data on our behalf (AI providers, hosting services)
- Legal Requirements: When required by law, court order, or government request
- Safety & Security: To protect rights, property, or safety of Viloma, users, or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
- With Your Consent: When you explicitly authorize sharing
8. International Data Transfers
If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers and service providers are located. By using the Service, you consent to this transfer.
We implement appropriate safeguards for international transfers, including:
- Standard contractual clauses approved by the European Commission
- Ensuring third-party processors comply with privacy shield principles
- Conducting regular data protection impact assessments
9. Cookies & Tracking Technologies
Viloma uses limited tracking technologies:
- Essential Cookies: Required for authentication and core functionality
- Analytics: Aggregated usage statistics to improve the Service
- Local Storage: Cached data for offline functionality and performance
We do NOT use third-party advertising cookies or tracking pixels.
10. Security Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Describe the nature of the breach and data affected
- Explain steps taken to address the breach
- Provide guidance on protective measures you can take
- Comply with applicable breach notification laws
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Update the "Last Updated" date at the top
- Notify you via email to your registered address
- Display a prominent notice in the app
- Request your consent for material changes
Your continued use of the Service after changes indicates acceptance of the updated Policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Viloma LLC
Suite 202, 2006 Broadway
Boulder, Colorado 80302
United States
Email: privacy@viloma.com
General Inquiries: info@viloma.com
Phone: (303) 416-5785