Privacy Policy

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you register for an account, join our waitlist, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information we collect may include:

• names
• phone numbers
• email addresses
• job titles / roles
• company names (if provided)

Information automatically collected

In Short: Some information — such as your IP address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical information. We use Vercel Analytics and Speed Insights for this purpose.

In Short: When you connect third-party platforms to null0, we read data from those platforms to provide our core features. We never write to, modify, or delete data on any connected platform.

null0 integrates with the following platforms. For each, we describe exactly what data we access and why:

Gmail (Google)

Scope: gmail.readonly

What we read: Email message content, metadata (sender, recipient, subject, timestamps), and labels.

Why: To analyze your sent messages and build a per-platform writing style fingerprint (tone, formality, structure). We also read incoming messages to generate contextual draft replies within the null0 app.

What we never do: We never send, draft, modify, or delete emails via the Gmail API. Draft replies are created and displayed only within null0.

Google Calendar

Scope: calendar.readonly

What we read: Calendar event titles, times, attendees, and descriptions.

Why: To provide scheduling context when drafting replies. For example, if you receive a meeting request, null0 can reference your calendar availability.

What we never do: We never create, modify, or delete calendar events.

Google Drive

Scope: drive.readonly

What we read: File metadata (names, types, modification dates) and file content for search and context purposes.

Why: To provide cross-platform context when drafting communications. When a conversation references a document, null0 can retrieve relevant details.

What we never do: We never modify, delete, upload, or share files on Google Drive.

iMessage (macOS)

What we read: Message content and metadata from your local macOS Messages database, with your explicit permission.

Why: To learn your iMessage-specific writing style and provide context for draft replies.

What we never do: We never send iMessages or modify your Messages database.

Notion

What we read: Page content, database entries, and workspace metadata that you grant access to.

Why: To make your Notion content searchable alongside other platforms within null0.

What we never do: We never create, modify, or delete Notion pages or databases (beyond our own internal waitlist database).

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To provide our core features. We analyze your messages across connected platforms to build per-platform writing style profiles, generate contextual draft replies, maintain relationship memory, and provide cross-platform search.
• To create and manage your account. We process your registration and authentication information to create and maintain your null0 account.
• To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out at any time.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To ensure security and prevent fraud. We process information to maintain the security and integrity of our Services.

In Short: We do not sell your data or share it with third parties for advertising. We may share information only in the limited situations described below.

We may need to share your personal information in the following situations:

• AI Processing. To generate style profiles and draft replies, your message data may be processed by our AI infrastructure providers. This data is transmitted securely and used solely for generating your results — it is not used to train models or shared with other users.
• Business Transfers. We may share or transfer your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Legal Requirements. We may disclose your information where required to do so by law or in response to valid legal process.

In Short: We send automated SMS messages only to the registered account owner who has explicitly opted in inside the null0 macOS app. We never share your phone number or SMS opt-in data with third parties for marketing.

Program name: null0 Proactive Briefings.

What you receive: Automated text messages summarizing your own work activity from accounts you have connected — upcoming meetings, unanswered threads, pending commitments, and morning summaries. Content is never marketing or third-party content.

How you opt in (express written consent): SMS notifications are off by default. To opt in, the registered account owner must (1) enter their mobile phone number in the null0 macOS app under Settings → Profile, and (2) toggle "Proactive SMS" ON for a clone in the Clones screen. Before the toggle activates, the app displays this disclosure: "By enabling Proactive SMS, you agree to receive automated briefing messages from null0 at the phone number on your account (up to 5 msgs/day). Message and data rates may apply. Reply STOP to cancel, HELP for help. See Privacy Policy at null0.ai/privacy." Both steps are required, and either can be reversed at any time. Consent to receive SMS is not a condition of purchase or of using null0.

Frequency: Up to 5 messages per day, with quiet hours from 10:00 PM to 8:00 AM local time.

Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

Opt-out: Reply STOP to any message to unsubscribe immediately. You can also toggle "Proactive SMS" off inside the null0 app at any time.

Help: Reply HELP for assistance or contact us at amaardevx@gmail.com.

No third-party sharing of mobile opt-in data: Phone numbers, SMS opt-in consent, and SMS message content are never shared with third parties or affiliates for marketing or promotional purposes. We use Twilio as our SMS delivery provider; Twilio processes your phone number solely to deliver messages on our behalf.

Recipients: SMS messages are sent only to the registered account owner's verified phone number — never to third parties.

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We use Vercel Analytics and Speed Insights to understand how visitors interact with our website. These tools collect anonymous usage data and do not use cookies for cross-site tracking.

In Short: Yes. null0's core features are powered by AI, including writing style analysis, draft reply generation, and relationship memory.

As part of our Services, we offer features powered by artificial intelligence and machine learning. These include:

• Writing style analysis: AI analyzes your sent messages on each connected platform to build a writing fingerprint — tracking tone, formality, directness, warmth, humor, and brevity per platform.
• Draft reply generation: AI generates contextual draft replies within the null0 app that match your writing style for the relevant platform. These drafts are never sent automatically — they always require your explicit approval.
• Relationship memory: AI tracks the people you communicate with and remembers facts, topics, and history across platforms to provide better context.
• Cross-platform search: AI-powered search across all connected platforms from a single interface.

All personal information processed by our AI features is handled in accordance with this Privacy Notice. Your data is not used to train general-purpose AI models and is not accessible to other users.

In Short: We keep your information for as long as your account is active and for a reasonable period thereafter, unless you request deletion.

We retain your personal information for as long as it is necessary for the purposes set out in this Privacy Notice:

• Account data: Retained while your account is active and for up to 30 days after deletion to allow for recovery.
• Message data and style profiles: Retained while your account is active. When you disconnect a platform or delete your account, associated data is deleted within 30 days.
• OAuth tokens: Stored encrypted (AES-256-GCM) while the platform connection is active. Immediately revoked and deleted when you disconnect a platform.
• Waitlist data: Retained until you request removal or your account is created.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

In Short: We use industry-standard encryption and access controls to protect your data.

We have implemented the following security measures:

• Encryption at rest and in transit: All message data and personal information is encrypted using TLS in transit and AES-256 at rest.
• OAuth token encryption: Third-party OAuth tokens are encrypted with AES-256-GCM before storage.
• Row Level Security: We use Supabase with Row Level Security (RLS) to ensure your data is isolated to your account and cannot be accessed by other users.
• No data selling: We never sell your personal information or share it with third parties for advertising purposes.

Despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

In Short: Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

null0's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google user data (Gmail messages, Calendar events, Drive files) to provide and improve null0's user-facing features as described in this policy.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
• We do not transfer Google user data to third parties except as necessary to provide our Services, as required by law, or in connection with a merger or acquisition (with user notification).

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor. If you become aware of any data we may have collected from children under age 18, please contact us at amaardevx@gmail.com.

In Short: You may disconnect platforms, request data deletion, or revoke access at any time.

Disconnecting platforms: You can disconnect any connected platform (Gmail, Google Calendar, Google Drive, Notion, iMessage) at any time from within the null0 app. When you disconnect a platform, we revoke the OAuth token and delete associated data within 30 days.

Revoking Google access: You can also revoke null0's access to your Google account at any time by visiting Google Account Permissions.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us.

Deleting your account: You can request full account deletion by contacting us at amaardevx@gmail.com. Upon deletion, all personal data, style profiles, message data, and OAuth tokens are permanently removed within 30 days.

Opting out of marketing: You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails we send, or by contacting us.

If you have questions about your privacy rights, email us at amaardevx@gmail.com.

Most web browsers include a Do-Not-Track ("DNT") feature or setting. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will inform you in a revised version of this Privacy Notice.

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top. If we make material changes, we may notify you either by prominently posting a notice or by directly sending you a notification.

If you have questions or comments about this notice, you may email us at amaardevx@gmail.com or contact us by post at:

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent. To request to review, update, or delete your personal information, please contact us at amaardevx@gmail.com.