Privacy Policy

Last updated: May 2026

1. Who we are

MySecry ("we", "our", "us") provides an AI-powered personal assistant service via WhatsApp and our web application. Contact email: privacy@proassist.app.

2. What we collect

  • Account data — name, email, phone number (WhatsApp), timezone, and language.
  • Messages — text and voice messages, AI-parsed intents, events, and reminders.
  • Calendar data — events, reminders, and sync tokens you optionally connect.
  • Billing data — subscription plan, payment status (Stripe handles PCI).
  • Usage data — aggregated AI metrics, feature flags, engagement statistics.
  • Technical data — IP address, device type, browser UA (fraud prevention + analytics).

3. Why we collect it

  • To provide the assistant service (parsing messages, scheduling events, sending reminders).
  • To process payments and manage your subscription.
  • To improve the service through aggregate analytics.
  • To send transactional emails (welcome, trial, receipts).
  • To detect and prevent fraud and abuse.

4. Legal basis (GDPR)

We process your data on the following bases:

  • Contract performance — necessary to deliver the service.
  • Legitimate interest — fraud prevention, security, aggregate analytics.
  • Consent — marketing communications (withdraw at any time).
  • Legal obligation — where required by applicable law.

5. Third-party processors

We share data only with:

  • Stripe — payment processing (USA, Standard Contractual Clauses).
  • OpenAI — AI text parsing (USA, SCC). Only message text, no identity.
  • Anthropic — AI fallback (USA, SCC).
  • Google — OAuth + Calendar + Tasks (USA, SCC, optional).
  • Resend — transactional email (USA, SCC).
  • WhatsApp/Meta — messaging (USA, SCC).
  • We do NOT sell your data to third parties.

6. Retention

Data retained while your account is active. After deletion:

  • Personal identifiers anonymised immediately.
  • Events and messages soft-deleted (anonymised) for 90 days, then hard-deleted.
  • Payment records kept for 7 years per financial regulation.

7. Your rights (GDPR Articles 15-22)

You have the right to:

  • Access — request a full export via Settings → Privacy → Export data.
  • Erasure — Settings → Account → Delete account.
  • Rectification — correct profile data in Settings.
  • Portability — JSON export.
  • Objection — opt out of marketing emails via unsubscribe link.

To exercise any right, email privacy@proassist.app.

8. Cookies

Strictly necessary cookies for session management (HttpOnly JWT). See Cookie Policy (/cookies).

9. Security

All data encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM for sensitive fields). Regular security reviews + incident response procedures.

10. Changes

Material changes notified by email 30 days in advance. Continued use after the effective date constitutes acceptance.

11. Contact

Data Controller: MySecry

Email: privacy@proassist.app

DPO: not appointed (< 250 employees).