Privacy Policy
This policy explains what information Aan ("Aan", "we", "us") collects from you when you use the WhatsApp-based assistant at aan.live, how we use it, and what choices you have. Aan is operated as a personal service; we do not sell or monetize user data.
1. What we collect
Information you send in WhatsApp
When you message Aan on WhatsApp, we receive: your WhatsApp chat ID (a phone number formatted as {number}@c.us), the text or voice note you send, and — for voice notes and images — the media file so the assistant can transcribe or analyze it. We store a rolling history of messages to keep the conversation coherent across turns.
Information you give Aan during setup
During onboarding you tell Aan your display name, timezone, preferred language, your routines (tasks with times), optional goals, and optional "not-to-do" rules. This information is stored so Aan can remind you at the right time and give context-aware replies.
Information Aan derives from your use
A log of which routine you completed or skipped each day, streak counters, and internal timing metadata for reminders.
Information from Google (only if you explicitly connect your Google Calendar)
If you tap the "connect calendar" link and grant consent, Google returns an OAuth refresh token and access token to Aan. Aan uses these tokens solely to fetch a read-only view of your upcoming calendar events (the https://www.googleapis.com/auth/calendar.readonly scope). For each enabled calendar, Aan stores a cached copy of events within a sliding 7-day window — event title, location, start/end time, whether it is an all-day event, whether it is private, and your RSVP status. Aan never writes to your calendar.
2. How we use your information
- To operate the service: deliver reminders at scheduled times, answer your queries, compile daily and weekly summaries.
- To surface calendar events: if you connected Google Calendar, include today's events in the morning briefing and send a WhatsApp message when an event starts.
- To improve quality: anonymized, aggregated usage stats to detect bugs and prioritize fixes.
We do not use your messages, routines, logs, or calendar data to train machine-learning models, show advertising, or build a profile of you.
3. Google API Services User Data Policy — Limited Use disclosure
Aan's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Aan:
- Uses Google user data only to provide and improve the user-facing features described above (showing your calendar events in WhatsApp).
- Does not transfer Google user data to third parties, except as necessary to provide the service or comply with applicable law.
- Does not use Google user data for serving advertisements.
- Does not allow humans to read Google user data unless we have your explicit consent, it is necessary for security (e.g., investigating abuse), to comply with law, or the data has been aggregated and anonymized for internal operations.
4. Where your data is stored
All data is stored in Cloudflare D1 (SQLite), encrypted at rest by Cloudflare. The Worker processing your messages runs on Cloudflare's edge network. No data is stored on our personal machines. We do not operate traditional servers.
5. Third-party sub-processors
To run the service, Aan passes specific information to the following providers:
- Cloudflare — hosts the Worker and the database.
- Green API — bridges WhatsApp messages into Aan (WhatsApp's Business Platform partner).
- Google (Gemini API) — parses natural language. Only the text of your message plus a small context window is sent; your Google Calendar data is never sent to Gemini.
- Google (Calendar API) — only if you connected your calendar; used to fetch your events.
6. How long we keep your data
- Calendar events: cached for 7 days forward; older events are auto-pruned each night.
- Message history: last 90 days, older messages are auto-purged after a daily summary covers them.
- Google OAuth refresh token: kept until you disconnect. On disconnect, Aan revokes the token with Google and deletes the local copy immediately.
- Routines, logs, streaks, goals: kept until you ask for deletion.
7. Your choices
- Disconnect Google Calendar: send
disconnect calendarin WhatsApp. All credentials and cached events are deleted and the refresh token is revoked with Google. - Delete your account: email company@aan.live with the subject "delete my data". All your data — messages, routines, logs, credentials — will be deleted within 7 days.
- Export your data: on request (same email), we will send you a JSON export of all your data within 30 days.
- Revoke Google access directly: visit myaccount.google.com/permissions, find Aan, and click Remove access. The next time Aan tries to sync, it will detect the revocation and delete the local copy.
8. Security
We follow industry-standard practices: HTTPS for all transport, encrypted storage at rest, signed OAuth state tokens with short TTL (10 minutes), and the minimum OAuth scope needed (calendar.readonly — read-only, no write permissions). We do not have a SOC 2 report; this is a solo-operator service.
9. Children
Aan is not intended for children under 13. Do not connect a child's Google account.
10. Changes to this policy
If we change this policy materially, we will send a notification via WhatsApp to each user and update the "Last updated" date at the top. Continued use after notification constitutes acceptance.
11. Contact
Questions, requests, complaints: company@aan.live.