Your stuff is yours.

The 60-second version: We read what you ask us to read. We don't sell your data. We don't train AI models on it. You can delete everything with one text. If something goes wrong, we'll tell you in 72 hours.

The short version

• We collect only what's needed. Your name, phone, the conversations between you and Ezra, and the data from services you connect.
• We do not sell your data. Not to anyone, ever.
• We do not train AI models on your data. Yours or anyone else's. We use Anthropic's Claude API, which doesn't train on inputs by default.
• Ezra only reads what you ask him to. He doesn't browse your inbox in the background.
• Delete everything with one text. "Delete me" wipes your account within 24 hours.
• Security incidents: 72-hour notification. Policy changes: iMessage notice before they take effect.

1. What we read and why

From you

• Your name and phone — so we know who's talking to Ezra
• Your messages to Ezra — every iMessage you send
• Anything you paste in — links, content, anything you choose to share
• Subscription/billing info — handled by Stripe; we never see your full card

From services you connect

• Only the specific data Ezra needs to do the task you asked
• Only at the moment you ask him to do it
• Read with the permissions you authorized — never broader

What we don't collect

• Browsing history outside our service
• Your contact list (unless you explicitly share contacts)
• Location data beyond country-level
• Microphone or camera data
• Anything from connected services beyond what you authorized

2. What Ezra remembers (and what he forgets)

What we keep

• Your conversation history with Ezra — default 90 days, then auto-deleted. Adjustable from 24 hours to 1 year.
• Profile facts about you — name, role, key contacts, preferences. You can see and edit any time.
• OAuth tokens — encrypted at rest, deleted instantly when you disconnect a service.
• Subscription state — kept while active, deleted within 30 days of cancellation.

What we don't keep

• The contents of emails, calendar events, or documents Ezra reads. We process in real-time, then drop.
• Past task details beyond your conversation history.
• Anything older than your retention setting.

Your right to delete

• "Delete me" → full account wipe in 24 hours, backups in 30 days.
• "Forget [topic]" → targeted removal of specific items.
• Email us → any other deletion request.

3. Who else touches your data

Anthropic (Claude AI): When Ezra processes a request, we send relevant text to Anthropic's Claude API. We use the API mode that doesn't train on your data. Round trip is 1–3 seconds, then it's gone.

iMessage relay: Your iMessages flow through relay infrastructure (BlueBubbles on dedicated Macs). Apple's iMessage encryption applies between you and the Apple ID Ezra uses.

Stripe (payments): When paid features exist, Stripe handles billing. We never see your full card details.

Connected services: When you connect Gmail, Notion, etc., your agent communicates with them via OAuth. Their privacy policies govern their handling of your data.

We do not share your data with advertisers, marketers, data brokers, or anyone else not listed above.

4. What we will never do

• We will never sell your data.
• We will never use your data to train AI models.
• We will never read messages or services beyond what you explicitly ask.
• We will never share your data with advertisers or marketers.
• We will never collect biometric data.
• We will never sell or transfer your data in a corporate acquisition without notifying you in advance.
• We will tell you about security incidents within 72 hours of confirming them.
• We will tell you about meaningful policy changes via iMessage before they take effect.
• We will never penalize you for exercising any of your privacy rights.

5. Your rights

You have rights over your data. Some come from law (GDPR, CCPA/CPRA, similar). All of them, we honor for everyone, regardless of where you live.

• Right to access: "Show me my data" or "Export my data."
• Right to deletion: "Delete me" or "Forget [item]."
• Right to correction: Just tell Ezra what's wrong.
• Right to portability: Full JSON export on request.
• Right to opt out of sale: We don't sell, but the right is yours.
• Right to non-discrimination: We won't penalize you for using these rights.

6. Security

• All data encrypted in transit (TLS 1.3) and at rest (AES-256).
• OAuth tokens stored with additional encryption layers.
• iMessage messages encrypted by Apple's iMessage encryption.
• Production database access requires multi-factor auth.
• Backups encrypted, retained 30 days, then permanently deleted.
• SOC 2 Type 1 audit on the roadmap.

7. Children

Ezra is not intended for users under 18. We do not knowingly collect data from minors. Contact us if you believe a minor signed up; we'll delete the account immediately.

8. International users

Data is stored in the United States. By using the service, you consent to this transfer. We comply with GDPR for EU/UK users and similar laws elsewhere. EU/UK users have additional rights, including the right to lodge a complaint with a supervisory authority.

9. State-specific rights

California (CCPA/CPRA): California residents have all the rights described above, plus the right to know what categories of personal information we collect, use, and share, and the right to limit use of sensitive personal information.

Other states (Virginia, Colorado, Connecticut, Utah, Texas): Residents of states with similar privacy laws have substantially the same rights, which we honor.

10. Changes to this policy

Material changes: we'll send you an iMessage at least 7 days before they take effect.

Minor changes (clarifications, typos): "last updated" date is updated.

Continued use after changes take effect means you accept the updated policy. If you don't accept, text "delete me" or email us before the effective date.

11. Contact

For privacy questions, data requests, or anything else: email privacy@ezra.example. We aim to respond within 7 days.

This policy was last updated on May 7, 2026.