Legal
Privacy Policy
Last updated: July 11, 2026
This Privacy Policy explains how irel ("we", "us", or "our") collects, uses, discloses, and safeguards personal information when you use our websites, applications, and related services (collectively, the "Services"). By using the Services, you agree to this policy.
Data controller: irel, Zurich 8051. Contact: contact@irel.ai.
Summary of Key Points
- Information we collect: Account data (name, email, phone), usage and device data, and data from integrations you connect (e.g., email/calendar providers).
- How we use it: Provide and improve the Services, secure accounts, communicate with you, and comply with law.
- Sharing: With service providers (e.g., hosting, email, telephony), to comply with law, in business transfers, or with your consent.
- Security: We apply technical and organizational measures but cannot guarantee absolute security.
- Your rights: Depending on where you live, you may access, correct, delete, or restrict processing of your personal information.
1. Information We Collect
Personal information you provide
- Account details such as name, email address, password, and phone number.
- Profile and preference settings, communication and support inquiries.
- Billing details if you subscribe to paid features.
Payment processing is handled by Stripe. Stripe processes billing data as a payment processor on our behalf. See their privacy policy at stripe.com/privacy.
Information from integrations you connect
If you connect third-party providers (for example, Google Workspace/Gmail or Microsoft Outlook), we process data necessary to provide the Services you request (e.g., reading emails to triage, sending emails/messages on your behalf, managing calendar events). These integrations are facilitated through Composio, a secure integration platform that acts as an intermediary to connect your accounts. We do not store your third-party credentials directly; authentication is managed through Composio's secure OAuth flows.
WhatsApp messaging
irel's primary interface is WhatsApp. Messages you send to irel via WhatsApp are received and processed through Twilio's messaging infrastructure. We process message content to understand your requests and provide the Services (e.g., managing tasks, drafting emails, scheduling events). Message history is stored to maintain conversation context. Voice messages are transcribed using OpenAI's Whisper service and are not retained after transcription.
Information collected automatically
- Log and usage data, IP address, device and browser type, and interaction events.
- Cookies and similar technologies for authentication, preferences, and security. We do not use marketing cookies.
Sensitive information
We generally do not require sensitive personal information. If you choose to provide it or if we process it incidentally to deliver requested features, we will handle it in accordance with applicable law and your consent where required. We do not use sensitive personal information to infer characteristics or for targeted advertising.
Sources of Personal Information
We collect personal information directly from you, from integrations you choose to connect (e.g., Google, Microsoft via Composio), from WhatsApp messages via Twilio, and automatically from your use of the Services (e.g., logs, cookies, and device data).
2. How We Use Personal Information
- Provide, operate, and maintain the Services and requested automations.
- Authenticate users, prevent fraud and abuse, and ensure platform security.
- Personalize and improve features, develop new functionality, and conduct analytics.
- Store long-term memory of your preferences and context to improve personalization.
- Communicate with you about updates, security alerts, and support.
- Comply with legal obligations and enforce terms.
3. Legal Bases for Processing
Where required by law, we process personal information under one or more legal bases, including consent, contract performance, legitimate interests, legal obligations, and vital interests.
4. Sharing and Disclosure
We may share information with service providers and subprocessors that support our Services, including hosting, storage, analytics, messaging, and customer support tools. We may also disclose information to comply with law, in connection with a business transfer, or with your direction or consent.
We do not sell or share personal information as those terms are defined under California law (CPRA).
Third-Party Providers (Summary)
- Application hosting and privacy-friendly, cookieless analytics: Vercel
- Database and authentication: Supabase (Postgres)
- WhatsApp messaging: Twilio
- Payments and billing: Stripe
- Email and calendar integrations: Composio (facilitates connections to Google Workspace and Microsoft Outlook)
- AI processing: OpenAI (as a processor for natural language understanding, drafting, and voice transcription)
- Product and onboarding emails: Loops
- Place search: Google Maps Platform (only when you ask for nearby places or locations)
Long-term memory and personalization data are stored in our own database (Supabase); we do not use a separate third-party memory service.
We engage these providers solely to operate and improve the Services. We require contractual protections and limit use to our instructions.
5. Cookies and Similar Technologies
We use cookies and similar technologies strictly for authentication, security, and basic site functionality. We do not use marketing trackers, and we do not use Meta Pixel or similar advertising technologies. We use privacy-friendly, cookieless analytics (Vercel Analytics) to understand aggregate site usage; it does not track you across sites. You can control cookies through your browser settings; disabling certain cookies may affect functionality.
6. AI and Automated Processing
Our Services use AI to help summarize, draft, classify, or prioritize communications and tasks. We use OpenAI as a third-party AI processor to provide these features. Your data sent to OpenAI is processed under our data processing agreement and is not used by OpenAI to train their models. We do not use your email or calendar data to train generalized AI/ML models. Where applicable, we will explain when automated decisions are made and provide ways to request human review, as required by law.
7. Data Minimization
We collect and process only the personal information necessary to provide and improve the Services, and we limit access to personnel and subprocessors with a legitimate need.
8. Data Retention
We retain personal information as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data and our legitimate business needs.
9. Security
We implement administrative, technical, and organizational safeguards designed to protect information, including row-level security on our database, encrypted connections, and secure authentication flows. However, no method of transmission or storage is completely secure.
10. International Transfers
If personal information is transferred internationally, we apply appropriate safeguards in accordance with applicable laws. Where required, we rely on transfer mechanisms such as the EU Standard Contractual Clauses (SCCs).
11. Children's Privacy
The Services are not directed to children under 13 (or as defined by local law), and we do not knowingly collect personal information from children.
12. Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. To exercise these rights, contact us using the details below. We may take steps to verify your request and identity consistent with applicable law.
If we deny your request, you may appeal by replying to our response and indicating the reason for your appeal. We will review and respond consistent with applicable law.
US State Privacy Rights
- Right to know/access what personal information we process about you.
- Right to delete personal information, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to obtain a copy of information you provided to us.
- Right to opt out of targeted advertising, sale, or certain profiling.
We do not sell or share personal information as defined by the CPRA, and we do not use sensitive personal information for purposes requiring a right to limit under the CPRA.
Authorized agents may submit requests on your behalf if they provide proof of authorization. We may request additional information to verify and process your request.
Do Not Track
Some browsers include a Do Not Track (DNT) feature. Because no uniform standard exists, we do not currently respond to DNT signals. We will update this policy if a standard is adopted.
Social Logins
If you register or log in using a social account (e.g., Google), we receive limited profile details consistent with your settings with that provider.
13. Third-Party Integration Data Policies
When you connect third-party services through irel, your data from those services is handled in accordance with the following principles:
- We access only the data necessary to provide the features you request.
- We do not use your email, calendar, or other integration data to train generalized AI/ML models.
- We do not sell or transfer integration data except as necessary to provide the Services.
- We do not use integration data for advertising or retargeting.
- No humans read your integration data unless: (a) you have given explicit consent to view specific items; (b) it is necessary for security or abuse prevention, or to comply with law; or (c) to meet applicable legal requirements.
We may use aggregated, de-identified information for internal operations (for example, reliability and diagnostics).
Google API Services — Limited Use
irel's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
14. Revocation & Deletion
You can disconnect your email or calendar integrations at any time from the irel dashboard. You can also revoke access from your provider's account settings (e.g., Google at myaccount.google.com/permissions, or Microsoft at account.live.com/consent/Manage). To delete your irel account and associated data, contact us at contact@irel.ai. We aim to delete account data within 30 days of a verified request; backups and logs are purged within 90 days where feasible and permitted by law.
15. Changes to This Policy
We may update this Policy from time to time. The updated version will be indicated by the "Last updated" date above. Your continued use of the Services constitutes acceptance of the updated Policy.
16. Contact Us
Questions or requests? Contact us at contact@irel.ai | Postal: irel, Zurich 8051.