Privacy Policy

Last updated: March 21, 2026

1. Introduction

Avery Technologies LLC (“Company,” “we,” “us,” or “our”) operates Avery, an AI-powered scheduling assistant (the “Service”). This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use the Service. It also describes your rights and choices regarding your personal information.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, you should not use the Service.

This Privacy Policy applies to all users of the Service, regardless of location. Where specific laws grant additional rights to users in certain jurisdictions (such as California, the European Economic Area, or the United Kingdom), those additional rights are described in the applicable sections below.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: When you create an account, we collect your name and email address. You may register using a third-party authentication provider, in which case we receive your name and email from that provider.
  • Profile and preferences: You may provide additional information such as your timezone, job title, scheduling preferences (availability windows, meeting durations, buffer times), video conferencing preferences, and notification settings.
  • Contact information: Information about people you communicate with through the Service, including names, email addresses, and any notes or preferences you associate with those contacts.
  • Communications: Messages you send through the Service’s chat interface, instructions you provide to the scheduling assistant, and any feedback or support requests you submit.

2.2 Information Collected Through Integrations

  • Email communications: When inbound messages are routed to the Service, we receive and process the full content of those messages, including sender and recipient information, subject lines, message bodies, and metadata. We also generate and send messages on your behalf.
  • Calendar data: When you connect a calendar service, we access availability information (free/busy status) and create calendar events on your behalf. We store connection credentials in encrypted form. We query calendar data in real time and do not maintain a persistent copy of your full calendar.
  • Contacts data: When you connect a Google account, we access your contacts to infer timezone information, enrich scheduling context, and identify participants in scheduling conversations. We do not bulk-export or persistently mirror your full contacts list.

2.3 Information Collected Automatically

  • Usage data: We maintain internal activity logs that record actions taken within the Service, such as messages sent, scheduling decisions made, and processing outcomes. These logs are used for debugging, service improvement, and providing you with an activity history.
  • Session data: We use authentication cookies to maintain your session. These are strictly functional and are not used for advertising or cross-site tracking.

2.4 Information We Do Not Collect

We do not use third-party analytics, advertising trackers, or pixel-based tracking technologies. We do not collect biometric data, precise geolocation, or financial information directly.

3. How We Use Your Information

We use your information for the following purposes:

PurposeCategories of Data Used
Providing the Service — processing scheduling requests, generating communications, coordinating meetings, managing your preferencesAccount info, profile/preferences, email content, calendar data, contacts, chat messages
AI processing — analyzing scheduling-related communications, generating draft responses, determining availability, making scheduling recommendationsEmail content, calendar data, contacts, profile/preferences
Service improvement — diagnosing errors, improving reliability, debugging processing failuresActivity logs, processing logs, usage data
Communication — sending you notifications about scheduling actions, service updates, and account-related informationAccount info, notification preferences
Security and compliance — detecting abuse, preventing fraud, complying with legal obligationsAccount info, usage data, session data

We do not use your personal information for advertising, profiling for marketing purposes, or selling to third parties.

4. Artificial Intelligence and Automated Processing

4.1 How AI Is Used

The Service uses third-party artificial intelligence and machine learning models to analyze scheduling-related communications, interpret intent, check calendar availability, generate draft responses, and make scheduling recommendations. This processing is core to the Service’s functionality.

4.2 Data Sent to AI Providers

To provide the Service, the following categories of data may be transmitted to our third-party AI provider for processing:

  • Content of scheduling-related communications (subject lines, message bodies, participant information)
  • Your scheduling preferences and availability information
  • Contact context relevant to the scheduling interaction
  • Instructions you have configured for the scheduling assistant

4.3 AI Training

We contractually prohibit our AI providers from using your data to train general-purpose or foundational AI models. Data sent to AI providers is used solely for the purpose of generating responses to your specific requests within the Service.

4.4 Automated Decision-Making

The Service may take automated actions on your behalf, including sending scheduling communications, based on your configured preferences and autonomy settings. You control the level of automation through your account settings and can require manual approval of all actions. You have the right to review and override any automated decision before it takes effect, or to adjust your settings to require manual approval for all scheduling actions.

5. Third-Party Service Providers

We share your information with the following categories of third-party service providers, solely for the purpose of providing and supporting the Service:

Provider CategoryPurposeData Shared
Cloud infrastructure and databaseHosting, data storage, user authenticationAll data stored by the Service
AI processingNatural language understanding, response generationCommunication content, scheduling context, user preferences
Email infrastructureSending and receiving scheduling communicationsEmail content, sender/recipient addresses
Calendar servicesAvailability queries, event creationCalendar connection tokens (encrypted), event details

We require all third-party service providers to process your data only as necessary to provide their services to us, to maintain appropriate security measures, and to comply with applicable data protection laws. We maintain data processing agreements with our service providers.

6. Google API Services Compliance

The Service’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data to provide and improve user-facing features of the Service that are prominent in the Service’s interface;
  • We do not transfer Google user data to third parties except as necessary to provide the Service, as required by law, or as part of a merger or acquisition with adequate user notice;
  • We do not use Google user data for advertising, market research, or to train general-purpose AI/ML models;
  • We do not allow humans to read Google user data except with your affirmative consent, for security investigation, to comply with applicable law, or where the data is aggregated and anonymized for internal operations;
  • Calendar connection tokens are encrypted at rest using AES-256-GCM encryption.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:

  • Encryption in transit: All data transmitted between your browser and the Service, and between the Service and third-party providers, is encrypted using TLS/HTTPS;
  • Encryption at rest: Sensitive credentials, including calendar service tokens, are encrypted using AES-256-GCM before storage;
  • Access controls: Row-level security policies ensure that users can only access their own data. Administrative access is strictly controlled;
  • Authentication: Session tokens are stored in HTTP-only, secure cookies with SameSite attributes to prevent cross-site attacks;
  • Rate limiting: Communication sending is rate-limited to prevent abuse.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and profile data: Retained for the duration of your account;
  • Communication content: Retained for the duration of your account to maintain conversation context and scheduling history;
  • Processing logs: Retained for debugging and service improvement purposes for the duration of your account;
  • Activity logs: Retained for the duration of your account to provide you with an activity history.

Upon account termination, we will delete or anonymize your personal information within a commercially reasonable timeframe, except where retention is required by applicable law, for legitimate business purposes (such as resolving disputes or enforcing our agreements), or for backup and archival purposes.

You may request deletion of your data at any time by contacting us at the email address below. See Section 10 for more information about your data rights.

9. Cookies and Tracking Technologies

The Service uses only strictly necessary cookies for authentication and session management. We do not use:

  • Advertising or marketing cookies
  • Third-party analytics cookies
  • Cross-site tracking technologies
  • Pixel tags or web beacons

Because we use only essential cookies required for the Service to function, no cookie consent banner is presented. You may configure your browser to refuse cookies, but this may prevent you from using the Service.

10. Your Rights and Choices

10.1 All Users

Regardless of your location, you may:

  • Access your data: View and export your account information, scheduling history, and contacts through the Service interface;
  • Correct your data: Update your profile, preferences, and contact information at any time through your account settings;
  • Delete your data: Request deletion of your account and associated data by contacting us;
  • Disconnect integrations: Revoke calendar service connections at any time through your account settings, which immediately removes stored credentials;
  • Control automation: Adjust your autonomy settings to require manual approval of all scheduling actions.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”):

  • Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share personal information;
  • Right to delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions;
  • Right to correct: You have the right to request correction of inaccurate personal information;
  • Right to opt out: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, no opt-out mechanism is required;
  • Right to limit use of sensitive personal information: We use sensitive personal information (such as email content) only as necessary to provide the Service. We do not use it for purposes beyond those disclosed in this Privacy Policy;
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights;
  • Automated decision-making: You have the right to opt out of automated decision-making technology as described in Section 4.4 above. You can exercise this right by adjusting your autonomy settings to require manual approval of all actions.

To exercise your CCPA rights, contact us at the email address below. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, subject to identity verification.

Categories of personal information collected in the preceding 12 months: Identifiers (name, email address); professional information (job title); internet or electronic network activity (usage logs); content of communications processed by the Service; inferences drawn from the above (scheduling preferences, contact patterns). We do not sell any categories of personal information.

10.3 European Economic Area and United Kingdom Residents (GDPR/UK GDPR)

If you are located in the EEA or UK, the following provisions apply in addition to the rest of this Privacy Policy:

Legal bases for processing: We process your personal data on the following legal bases:

  • Contractual necessity: Processing necessary to perform our contract with you (providing the Service) — this includes processing account data, scheduling communications, and calendar data;
  • Legitimate interest: Processing necessary for our legitimate interests that are not overridden by your rights — this includes service improvement, security, and debugging;
  • Consent: Where required, we obtain your consent for specific processing activities. You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

Your additional rights:

  • Right of access: Obtain a copy of your personal data;
  • Right to rectification: Correct inaccurate or incomplete personal data;
  • Right to erasure: Request deletion of your personal data in certain circumstances;
  • Right to restriction: Request restriction of processing in certain circumstances;
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format;
  • Right to object: Object to processing based on legitimate interests;
  • Rights related to automated decision-making: Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects;
  • Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at the email address below. We will respond within 30 days.

10.4 International Data Transfers

The Service is operated from the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States. We rely on the following mechanisms to ensure adequate protection for international data transfers:

  • The EU-U.S. Data Privacy Framework, where applicable;
  • Standard Contractual Clauses approved by the European Commission, where applicable;
  • Your consent to the transfer, as provided when you use the Service.

11. Children’s Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at the email address below.

12. Do Not Track Signals

The Service does not track users across third-party websites and does not use advertising or analytics cookies. Because we do not engage in tracking, the Service does not respond to Do Not Track (“DNT”) browser signals, as no tracking behavior would change in response. We honor Global Privacy Control (“GPC”) signals where required by applicable law.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law. Where required, we will provide notification within 72 hours of becoming aware of the breach, and will include a description of the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email or through a prominent notice within the Service at least thirty (30) days before the changes take effect. We will not make retroactive changes that reduce your rights without your explicit consent. Your continued use of the Service after the effective date constitutes your acceptance of the revised Privacy Policy.

15. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us at:

Avery Technologies LLC
6 Liberty Square, Boston, MA 02109
privacy@helloavery.com

For GDPR-related inquiries, you may also contact our Data Protection Officer at: privacy@helloavery.com

We will respond to all data rights requests within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the extension and the reasons for the delay.