Privacy Policy


1. Introduction

Eliza AI ("we," "our," or "us") is committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect information when you use our email management application through Microsoft Outlook and other supported platforms.

By using Eliza AI, you consent to the practices described in this Privacy Policy.

2. Information We Collect


2.1 Email Data

When you connect Eliza AI to your Microsoft Outlook account, we collect and process:

  • Full text content of your email messages for analysis and insight generation

  • Sender and recipient information, subject lines, timestamps, and conversation IDs

  • Related email messages grouped by conversation for thread analysis

  • Metadata about email attachments (we do not store the content of attachments)


2.2 Account Information

We collect:

  • Your Microsoft 365 user ID, email address, and display name

  • OAuth access and refresh tokens to maintain secure API connections

  • Your preferences and configuration settings within the app


2.3 Technical and Usage Data

  • System logs for debugging and performance monitoring

  • Anonymized and aggregated usage analytics

  • Device and environment information such as browser type, operating system, and Outlook version

  • System performance metrics including response times and error rates


2.4 AI-Generated Insights

  • AI-generated summaries and recommendations based on your email content

  • Follow-up tracking and reminder data

  • Contextual business analysis of conversation patterns and relationships

3. How We Use Your Information


3.1 Core Service Functions

  • Analyze emails to identify follow-up opportunities

  • Organize emails into threads and track their status

  • Generate summaries and insights to help you stay on top of important conversations

  • Notify you in real-time about email activity and changes


3.2 Service Improvement

  • Improve performance and reliability

  • Guide feature development

  • Resolve bugs

  • Monitor and improve system security


3.3 Communication

  • Inform you about feature updates or service changes

  • Provide customer support

  • Send security alerts when relevant

4. Data Storage and Security


4.1 Storage Infrastructure

  • Your data is stored in a PostgreSQL database hosted on secure cloud infrastructure

  • Authentication is handled via Supabase for secure login and session management

  • All systems are hosted with enterprise-grade cloud providers offering redundancy and backup


4.2 Security Measures

  • All data is encrypted in transit using TLS 1.3 and at rest using AES-256

  • Access is strictly limited to authorized personnel using role-based controls

  • Admin access is protected by multi-factor authentication

  • We perform regular security audits and vulnerability testing

  • We follow a comprehensive incident response plan


4.3 Data Retention

  • Data is retained while your account remains active

  • Upon account deletion, your data will be erased within 30 days

  • Some data may be retained if required by law

  • Backups are encrypted and follow the same retention timelines

5. Data Sharing and Disclosure


5.1 No Third-Party Sharing

We do not sell, rent, or share your personal data or email content with third parties for their commercial use.


5.2 Service Providers

We may share limited data with trusted vendors that support our service, including:

  • Cloud infrastructure and database management providers

  • AI service providers (e.g., OpenAI) with strict data handling agreements

  • Analytics platforms (only anonymized usage data)


5.3 Legal Requirements

We may disclose data if required to:

  • Comply with legal obligations or court orders

  • Protect our rights and property

  • Ensure user safety

  • Prevent abuse or fraud

6. Microsoft Integration and Compliance


6.1 Microsoft Graph API

  • We access Microsoft data only via the official Graph API

  • We request only the permissions you explicitly grant (e.g., Mail.Read, offline_access, openid, email)

  • We comply fully with Microsoft’s data privacy and usage guidelines


6.2 Office Add-in Framework

  • Built using Microsoft’s certified Office Add-in development framework

  • Compliant with Microsoft Store policies and security requirements

  • Undergoes regular certification and review processes


6.3 Data Processing Agreements

  • Our integration is governed by formal data processing agreements with Microsoft

  • We perform regular compliance checks to maintain alignment with Microsoft standards

7. AI and Machine Learning


7.1 AI Processing Disclosure

  • AI is used solely for enhancing your experience through insights and reminders

  • Your data is not used to train general-purpose AI models

  • All analysis is contextual and limited to your own data

  • Data from one user is never combined with another’s for training or analytics

7.2 AI Service Providers

  • We use OpenAI for some insights, under strict contractual agreements

  • Alternative systems are in place when AI is unavailable

  • We minimize what data is sent to third-party AI providers, and delete it after processing

8. Your Rights and Choices


8.1 Access and Control

You may:

  • Request a copy of your data

  • Correct any inaccurate information

  • Delete your account and associated data

  • Export your data in a standard format

8.2 Service Controls

You can:

  • Revoke access via the Microsoft 365 admin center

  • Uninstall the add-in from Outlook anytime

  • Choose which folders or accounts to sync

  • Enable or disable specific AI features

8.3 Communication Preferences

  • Adjust email and in-app notification settings

  • Opt out of marketing communications (note: essential service messages will still be sent)

  • Choose how you receive critical service updates

9. International Data Transfers

When your data is transferred outside your country, we ensure it is protected via:

  • Transfers only to countries with adequate data protection laws

  • Use of EU-approved Standard Contractual Clauses

  • Participation in recognized privacy certification programs

10. Children’s Privacy

Eliza AI is intended for business use only. We do not knowingly collect information from children under 13 (or under 16 in the EU). If such data is discovered, it will be deleted immediately.

11. Changes to This Privacy Policy

We may update this policy due to:

  • Changes in laws or services

  • Industry best practices

  • User feedback

We will notify users of any material changes at least 30 days in advance via email or in-app messages.

12. Regional Privacy Rights


12.1 European Union (GDPR)

If you reside in the EU, you have rights to:

  • Access, correct, and delete your data

  • Object to or restrict processing

  • Request data portability

  • File complaints with a local data authority


12.2 California (CCPA)

California residents have the right to:

  • Know what data we collect and how it’s used

  • Delete personal information

  • Opt out of data sales (we do not sell data)

  • Be treated fairly regardless of your privacy choices


12.3 Other Regions

We comply with privacy regulations in all jurisdictions where we operate.

13. Contact Information

If you have questions about this Privacy Policy or your data, please contact us: