Privacy Policy

* Account Information: Name, age, gender, and email address provided during registration.

* Phone Number: When phone verification is required for security, fraud prevention, or account recovery.

* User Content: All data, text, images, photographs, videos, voice recordings, audio files, diary entries, calendar entries, routine data, dietary information, and any other material you submit through the Service.

* Agent Customization Data: Profile photos, video assets, personality configurations, and voice samples you upload to customize your AI Agent.

* Voice Recordings for Voice Cloning: Audio recordings you upload to create a synthetic voice profile for your Agent. These may constitute biometric identifiers under applicable law (see Section 5).

* Designated Contact Information: Names, phone numbers, and/or email addresses of contacts you manually register within the Service for Agent-initiated communications.

* Feedback: Any suggestions, ideas, or recommendations you provide to us about the Service.

* Conversation Data: All text and voice communications between you and your Agent, including transcripts, audio recordings, and associated metadata.

* Location Data: Your device's geographic location when you interact with your Agent, subject to your device's permission settings. We use location data to provide location-aware features and local weather information.

* Weather Data: Local weather conditions derived from your location.

* Usage Data and Device Information: Log data, IP addresses, device type and model, operating system and version, browser type, referring URLs, pages and features accessed, timestamps, session duration, and other usage analytics.

* Metadata: System-generated data about your interactions with the Service, including frequency of use, feature engagement, and performance metrics.

* Transaction Data: Records of subscription purchases, subscription status, Pencil balances and transaction history, and billing receipts as provided by the Apple App Store or Google Play Store. The Company does not directly collect or store payment card numbers or bank account information; all payment processing is handled by the applicable platform.

* Calendar Data: If you connect a third-party calendar service (Apple Calendar, Samsung Calendar, or Google Calendar), we access, read, and write calendar data on your behalf solely to provide scheduling and calendar management features. See Section 7 for additional details on calendar data handling.

* Dietary Data from Third-Party APIs: If you use nutritional tracking features, we may retrieve food and nutrition data from third-party services such as the FatSecret API on your behalf.

The Service is not designed to collect, process, or store: protected health information (PHI) as defined under HIPAA; payment card industry (PCI) data; Social Security numbers; government-issued identification numbers; financial account numbers; or similarly regulated sensitive personal information. Please do not submit such information through the Service.

Additionally, certain information you provide through the Service—such as diary entries relating to your physical or mental wellbeing, dietary and nutritional logs, and routine or habit tracking data—may be considered ‘consumer health data’ under specific state laws, including the Washington My Health My Data Act (MHMDA), RCW 19.373. For information about your rights under such laws, please see Section 10.4.

* Operating your AI Agent, including generating text and voice responses, managing your routines, to-do lists, diary, and calendar;

* Processing voice recordings to create and maintain synthetic voice profiles;

* Sending Agent-initiated communications to you (voice calls, push notifications, and chat messages within the Service);

* Sending Agent-initiated communications to your Designated Contacts (only after obtaining their affirmative opt-in consent);

* Providing location-aware features and local weather information;

* Synchronizing with your connected third-party calendar services.

We use your preferences, usage patterns, and interaction history to personalize your Agent's behavior, recommendations, and responses.

We use your User Content—including text conversations, voice recordings, diary entries, routine data, dietary data, Agent interaction logs, and metadata—to train, validate, test, fine-tune, and improve our artificial intelligence and machine learning models, algorithms, and systems (including natural language processing, voice synthesis, recommendation engines, and predictive analytics). Such models may be used by the Company or its affiliates in connection with the Service or other products and services.

You acknowledge that once User Content has been incorporated into AI training datasets or used to train models, it may not be practicable to identify or remove individual contributions from such models.

We use information in aggregated, anonymized, or de-identified form to conduct research and development activities, produce analytics, benchmarks, and reports, and develop new features.

We use information to maintain, debug, and optimize the Service's performance; detect, investigate, and prevent fraud, abuse, and security incidents; and enforce our Terms of Service.

We use your contact information to send you service-related communications, including account verification, updates to our Terms of Service or this Privacy Policy, and responses to your inquiries. With your consent, we may also send you promotional or marketing communications; you may opt out of marketing communications at any time (see Section 10).

We use information as necessary to comply with applicable legal obligations, respond to lawful requests from government authorities, and establish, exercise, or defend legal claims.

We share information with third-party service providers that perform services on our behalf or that we use to deliver Service features, including:

* AI and Voice Synthesis Providers: We transmit User Content (including text and voice data) to Google Gemini API, OpenAI ChatGPT 4o Transcribe API, and Fish Audio API to power AI Agent responses, transcription, and voice synthesis features. See Section 5.3 for important information about how Fish Audio processes voice data.

* Nutritional Data Providers: We transmit dietary-related queries to the FatSecret API to provide nutritional tracking features.

* Cloud Hosting and Infrastructure: We use third-party cloud service providers to host and store data.

* Analytics Providers: We may share usage data with analytics providers to help us understand how the Service is used.

Each third-party service provider operates under its own terms of service and privacy policy, which govern how it processes data received from the Service. We take commercially reasonable steps to select reputable service providers whose data handling practices are consistent with the purposes described in this Privacy Policy. We encourage you to review the terms and privacy policies of the third-party providers listed in Section 7.2. Where available, we seek to enter into data processing agreements or equivalent contractual arrangements with our service providers to further protect your information.

If you use the Designated Contact feature, your Agent may send communications (text messages, phone calls, or emails) to contacts you have registered. Before any communication is sent, the Company sends an opt-in request to each Designated Contact seeking their express consent. No communication will be sent to a Designated Contact who has not affirmatively opted in.

We may disclose your information if we believe in good faith that disclosure is necessary to: comply with a legal obligation, subpoena, court order, or governmental request; protect and defend the rights, property, or safety of the Company, our users, or the public; detect, prevent, or address fraud, security, or technical issues; or enforce our Terms of Service.

In the event of a merger, acquisition, corporate reorganization, bankruptcy, or sale of all or substantially all of the Company's assets, your information may be transferred to the acquiring entity. We will notify you via the Service or email of any such transfer and any changes to the applicable privacy terms.

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other purposes.

We do not sell your personal information to third parties as the term "sell" is defined under the California Consumer Privacy Act (CCPA) or other applicable state privacy laws. We do not share your personal information with third parties for cross-context behavioral advertising purposes as defined under the California Privacy Rights Act (CPRA).

When you use the Voice Cloning feature, you upload voice recordings that may be processed to generate voiceprints (mathematical representations of vocal characteristics). Under applicable law, voice recordings and voiceprints may constitute "biometric identifiers" or "biometric information."

For clarity, the Service also includes general voice-to-text transcription features (powered by the OpenAI ChatGPT 4o Transcribe API) that process audio solely to convert speech to text. These transcription features do not create, store, or derive voiceprints or other biometric identifiers from your voice. The biometric information disclosures and protections in this Section 5 apply exclusively to the Voice Cloning feature.

We collect and process voice recordings and voiceprints solely for the purpose of creating and maintaining a synthetic voice profile for your AI Agent within the Service.

To provide the Voice Cloning feature, voice recordings and derived voiceprints are transmitted to Fish Audio (operated by Hanabi AI Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States) ("Fish Audio") for voice synthesis processing.

* AI Model Training: Fish Audio's Terms of Use state that "Usage Data and Content may be used to develop, train, or enhance artificial intelligence or machine learning models that are part of Fish.Audio's products and services." This means that voice recordings you upload through the Service may be used by Fish Audio to train or improve Fish Audio's own AI models.

* Data Sharing by Fish Audio: Fish Audio's Privacy Policy indicates that User Content (which includes voice recordings) may be shared with Fish Audio's own service providers, advertising partners, analytics partners, and business partners.

* Data Retention by Fish Audio: Fish Audio's Privacy Policy states that it retains Content "as long as [it] need[s] it to ensure that [its] systems are working appropriately, effectively and efficiently." Fish Audio's retention period may differ from the retention and destruction schedule described in Section 5.5 of this Privacy Policy.

* No Separate Biometric Data Protections: As of the date of this Privacy Policy, Fish Audio's Privacy Policy does not include a separate biometric information policy, BIPA-specific disclosures, or a biometric data destruction schedule.

We strongly encourage you to review Fish Audio's Terms of Use and Privacy Policy before using the Voice Cloning feature. The Company is actively seeking to negotiate enhanced data protection terms with Fish Audio, including data processing restrictions and deletion capabilities, and will update this Privacy Policy if and when such terms are established.

Before activating the Voice Cloning feature, we will present you with a standalone Biometric Information Consent Form that discloses:

* (a) The specific purpose for which your biometric identifiers or biometric information will be collected, stored, and used;

* (b) The duration for which your biometric data will be retained on the Company's servers;

* (c) That your voice data will be transmitted to Fish Audio for voice synthesis processing;

* (d) That Fish Audio may use your voice data to train or improve its own AI models, and may share your voice data with its own advertising partners, analytics partners, and business partners, in accordance with Fish Audio's own Terms of Use and Privacy Policy;

* (e) That the Company cannot guarantee the deletion of voice data that has been transmitted to and processed by Fish Audio; and

* (f) Your right to revoke consent at any time by disabling the Voice Cloning feature or deleting your account.

Your use of the Voice Cloning feature is conditioned upon your execution of this separate written consent.

If you upload voice recordings of a person other than yourself, you represent and warrant that you have obtained explicit, informed, written consent from that individual authorizing the collection, storage, and use of their voice data as described herein—including the transmission to and processing by Fish Audio as described in Section 5.3—in compliance with BIPA § 15(b) and all other applicable biometric privacy laws. You bear sole responsibility for obtaining and maintaining such consent.

Company's Servers. We retain voice recordings and voiceprints on the Company's own servers and systems for as long as your account is active and the Voice Cloning feature is enabled. Upon the earliest of the following events, we will permanently destroy your biometric data from the Company's servers within ninety (90) days:

* You disable the Voice Cloning feature;

* You delete your account;

* You revoke your biometric data consent; or

* Three (3) years have elapsed since your last interaction with the Voice Cloning feature.

The Company will not retain biometric identifiers or biometric information on its own servers beyond the earlier of: (a) the date on which the initial purpose for collecting the data has been satisfied; or (b) three (3) years from the individual's last interaction with the Service, unless a longer retention period is required by a valid warrant, subpoena, or court order.

Fish Audio's Systems. The retention and destruction schedule described above applies to data stored on the Company's own servers and systems. Voice data that has been transmitted to Fish Audio is subject to Fish Audio's own data retention policies. When a destruction trigger described above is met, the Company will submit a deletion request to Fish Audio for the applicable voice data. However, the Company cannot guarantee the timing or completeness of data deletion by Fish Audio, as Fish Audio processes data in accordance with its own Terms of Use and Privacy Policy. For information about Fish Audio's data retention practices, please refer to Fish Audio's Privacy Policy at https://fish.audio/privacy/.

On the Company's Servers. Biometric data stored on the Company's servers is protected using a standard of care no less protective than the measures we use for other confidential and sensitive information. Specific safeguards include encryption in transit (TLS 1.2 or higher) and encryption at rest, and access controls limiting personnel access to biometric data on a need-to-know basis.

During Transmission and on Third-Party Systems. Voice data is transmitted to Fish Audio via encrypted connections (HTTPS/TLS). Once received by Fish Audio, the data is protected in accordance with Fish Audio's own security practices as described in its Privacy Policy. The Company does not control and cannot guarantee the security measures employed by Fish Audio.

The Company will not sell, lease, trade, or otherwise profit from your biometric identifiers or biometric information. The Company does not disclose biometric data to any third party except: (a) as described in Section 5.3 (transmission to Fish Audio for voice synthesis processing); or (b) as required by law.

For clarity: The Company's commitment not to sell, lease, or trade biometric data applies to the Company's own handling of such data. Once voice data is transmitted to Fish Audio, Fish Audio's handling of that data is governed by Fish Audio's own policies. As described in Section 5.3, Fish Audio's Privacy Policy indicates that it may share User Content with advertising partners, analytics partners, and business partners.

You may revoke your biometric data consent at any time by disabling the Voice Cloning feature in your account settings or by deleting your account. Upon revocation, the Company will destroy your biometric data from the Company's servers in accordance with the schedule described in Section 5.5 and will submit a deletion request to Fish Audio. Please note the limitations on Fish Audio's deletion described in Section 5.5.

By using the Voice Cloning feature, you acknowledge and agree that:

* (a) Voice data will be transmitted to Fish Audio, an independent third party, and will be subject to Fish Audio's own terms and policies;

* (b) The Company has no contractual authority to restrict Fish Audio's use of data beyond what is provided in Fish Audio's standard terms of service;

* (c) Fish Audio may use your voice data for purposes beyond providing voice synthesis to the Company, including training its own AI models;

* (d) The Company cannot guarantee the deletion, return, or restriction of voice data once it has been received and processed by Fish Audio; and

* (e) The Company will use commercially reasonable efforts to negotiate enhanced data protection terms with Fish Audio and will update this Privacy Policy to reflect any improvements in data protection obtained through such negotiations.

If you choose to connect a third-party calendar service, you authorize us to access, read, and write calendar data on your behalf. We use this data solely to provide the Service's scheduling and calendar management features.

Google Calendar and Google API Services User Data Policy: Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

* We only use Google Calendar data to provide and improve the calendar management features of the Service that the user has authorized.

* We do not use Google Calendar data for serving advertisements.

* We do not allow humans to read Google Calendar data unless: (a) we have obtained the user's affirmative consent; (b) it is necessary for security purposes (e.g., investigating abuse); (c) it is necessary to comply with applicable law; or (d) our use is limited to internal operations and the data has been aggregated and anonymized.

* We do not transfer Google Calendar data to third parties except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or asset sale (with user notification).

You may revoke calendar access at any time through your device or account settings. Revoking access may limit certain Service functionality.

The Service integrates with the following third-party APIs. When you use the Service, certain data may be transmitted to these providers to deliver Service features:

* Google Gemini API (AI Agent conversation processing) — Privacy Policy: https://policies.google.com/privacy

* OpenAI ChatGPT 4o Transcribe API (voice-to-text transcription) — Privacy Policy: https://openai.com/privacy

* Fish Audio API (voice synthesis and voice cloning) — operated by Hanabi AI Inc. — Terms of Use: https://fish.audio/terms/ — Privacy Policy: https://fish.audio/privacy/ — See Section 5.3 for important details about Fish Audio's data practices.

* FatSecret API (nutritional and dietary data retrieval) — Privacy Policy: https://www.fatsecret.com/privacy-policy

Each of these third-party services operates under its own terms of service and privacy policy. We take commercially reasonable steps to select reputable providers, but we do not control and are not responsible for their data practices, security measures, or reliability. We encourage you to review their terms and policies.

The Service is distributed through the Apple App Store and Google Play Store. Your use of the Service is also subject to the applicable platform's terms and privacy policies. All subscription and purchase transactions are processed by the respective platform; we do not directly collect or process payment card information.

Regardless of your location, you have the following choices with respect to your information:

* Account Settings: You can update your account information at any time through the Service.

* Location Data: You can disable location services at any time through your device settings.

* Agent-Initiated Communications: You can adjust the frequency and types of Agent-initiated communications in your account settings.

* Calendar Integration: You can disconnect third-party calendar services at any time through your device or account settings.

* Voice Cloning: You can disable the Voice Cloning feature or request deletion of your voice data at any time. Disabling Voice Cloning will trigger the destruction of your biometric data on the Company's servers (see Section 5.5) and a deletion request to Fish Audio.

* Marketing Communications: You can opt out of promotional emails by following the unsubscribe instructions in any marketing email or through your account settings.

* Account Deletion: You can delete your account at any time through the account deletion feature in the Service or by contacting us at support@interultimate.com. Note that deleting the app does not delete your account, and neither deleting the app nor deleting your account automatically cancels any active subscription. You must cancel subscriptions separately through the applicable platform (Apple App Store or Google Play Store). See our Terms of Service, Section 10.4(c), for cancellation instructions.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

* Right to Know: You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.

* Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions provided by law.

* Right to Correct: You have the right to request correction of inaccurate personal information.

* Right to Opt Out of Sale or Sharing: We do not sell your personal information or share it for cross-context behavioral advertising. However, you may still submit such a request and we will honor it.

* Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information (such as voice recordings), you have the right to limit our use and disclosure of such information to purposes necessary to provide the Service.

* Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us at privacy@interultimate.com or by mail at the address provided in Section 16. We will verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf.

CCPA Categories of Personal Information: In the preceding twelve (12) months, we have collected the following categories of personal information as defined by Cal. Civ. Code § 1798.140(v): identifiers; personal information categories listed in Cal. Civ. Code §1798.80(e); commercial information, including records of subscriptions, virtual currency (Pencil) purchases, and transaction history; internet or other electronic network activity information; geolocation data; audio, electronic, visual, or similar information; and inferences drawn from the above.

If you are an Illinois resident, you have specific rights under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., including the right to receive a written policy establishing a retention schedule and guidelines for permanent destruction of biometric data (see Section 5), and the right to provide written consent before collection of biometric data. For additional information, see Section 5 of this Privacy Policy.

Residents of states with consumer privacy legislation—including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), Tennessee (TIPA), and Washington (WPA; My Health My Data Act)—may have additional rights, such as the rights to access, delete, correct, and opt out of certain processing activities.

To exercise any state-specific privacy rights, please contact us at privacy@interultimate.com. We will process your request in accordance with applicable law and verify your identity before fulfilling the request.