Last updated: March 8, 2026
This Privacy Policy explains how irel ("we", "us", or "our") collects, uses, discloses, and safeguards personal information when you use our websites, applications, and related services (collectively, the "Services"). By using the Services, you agree to this policy.
Data controller: irel, Zurich 8051. Contact: contact@irel.ai.
Payment processing is handled by Stripe. Stripe processes billing data as a payment processor on our behalf. See their privacy policy at stripe.com/privacy.
If you connect third-party providers (for example, Google Workspace/Gmail or Microsoft Outlook), we process data necessary to provide the Services you request (e.g., reading emails to triage, sending emails/messages on your behalf, managing calendar events). These integrations are facilitated through Composio, a secure integration platform that acts as an intermediary to connect your accounts. We do not store your third-party credentials directly; authentication is managed through Composio's secure OAuth flows.
irel's primary interface is WhatsApp. Messages you send to irel via WhatsApp are received and processed through Twilio's messaging infrastructure. We process message content to understand your requests and provide the Services (e.g., managing tasks, drafting emails, scheduling events). Message history is stored to maintain conversation context. Voice messages are transcribed using OpenAI's Whisper service and are not retained after transcription.
We generally do not require sensitive personal information. If you choose to provide it or if we process it incidentally to deliver requested features, we will handle it in accordance with applicable law and your consent where required. We do not use sensitive personal information to infer characteristics or for targeted advertising.
We collect personal information directly from you, from integrations you choose to connect (e.g., Google, Microsoft via Composio), from WhatsApp messages via Twilio, and automatically from your use of the Services (e.g., logs, cookies, and device data).
Where required by law, we process personal information under one or more legal bases, including consent, contract performance, legitimate interests, legal obligations, and vital interests.
We may share information with service providers and subprocessors that support our Services, including hosting, storage, analytics, messaging, and customer support tools. We may also disclose information to comply with law, in connection with a business transfer, or with your direction or consent.
We do not sell or share personal information as those terms are defined under California law (CPRA).
We engage these providers solely to operate and improve the Services. We require contractual protections and limit use to our instructions.
We use cookies and similar technologies strictly for authentication, security, and basic site functionality. We do not use analytics or marketing trackers, and we do not use Meta Pixel or similar advertising technologies. You can control cookies through your browser settings; disabling certain cookies may affect functionality.
Our Services use AI to help summarize, draft, classify, or prioritize communications and tasks. We use OpenAI as a third-party AI processor to provide these features. Your data sent to OpenAI is processed under our data processing agreement and is not used by OpenAI to train their models. We do not use your email or calendar data to train generalized AI/ML models. Where applicable, we will explain when automated decisions are made and provide ways to request human review, as required by law.
We collect and process only the personal information necessary to provide and improve the Services, and we limit access to personnel and subprocessors with a legitimate need.
We retain personal information as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data and our legitimate business needs.
We implement administrative, technical, and organizational safeguards designed to protect information, including row-level security on our database, encrypted connections, and secure authentication flows. However, no method of transmission or storage is completely secure.
If personal information is transferred internationally, we apply appropriate safeguards in accordance with applicable laws. Where required, we rely on transfer mechanisms such as the EU Standard Contractual Clauses (SCCs).
The Services are not directed to children under 13 (or as defined by local law), and we do not knowingly collect personal information from children.
Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. To exercise these rights, contact us using the details below. We may take steps to verify your request and identity consistent with applicable law.
If we deny your request, you may appeal by replying to our response and indicating the reason for your appeal. We will review and respond consistent with applicable law.
We do not sell or share personal information as defined by the CPRA, and we do not use sensitive personal information for purposes requiring a right to limit under the CPRA.
Authorized agents may submit requests on your behalf if they provide proof of authorization. We may request additional information to verify and process your request.
Some browsers include a Do Not Track (DNT) feature. Because no uniform standard exists, we do not currently respond to DNT signals. We will update this policy if a standard is adopted.
If you register or log in using a social account (e.g., Google or Apple), we receive limited profile details consistent with your settings with that provider.
When you connect third-party services through irel, your data from those services is handled in accordance with the following principles:
We may use aggregated, de-identified information for internal operations (for example, reliability and diagnostics).
You can disconnect your email or calendar integrations at any time from the irel dashboard. You can also revoke access from your provider's account settings (e.g., Google at myaccount.google.com/permissions, or Microsoft at account.live.com/consent/Manage). To delete your irel account and associated data, contact us at contact@irel.ai. We aim to delete account data within 30 days of a verified request; backups and logs are purged within 90 days where feasible and permitted by law.
We may update this Policy from time to time. The updated version will be indicated by the "Last updated" date above. Your continued use of the Services constitutes acceptance of the updated Policy.
Questions or requests? Contact us at contact@irel.ai | Postal: irel, Zurich 8051.