PRIVACY POLICY
Last Updated: March 2026
1. General Information
We take the protection of your personal data very seriously. This Privacy Policy informs you about how
AsIfThatWorks & ThatsBuiltByPham by Ký Anh Pham ("we", "us", or "asifthatworks") collects, uses, and protects
your data when you use our SaaS platform and our AI agents (Jarvi, Grim, Murphy, Forge, and
Chronicles).
Controller: AsIfThatWorks & ThatsBuiltByPham by Ký Anh Pham
Brückenstraße 12, 12439 Berlin, Germany
Email: support@asifthatworks.com
2. Data Collection and Purposes
We process personal data only as far as necessary to provide a functional website and our services (Art.
6 para. 1 lit. b GDPR).
• Account Data: Name, email address, phone number, and authentication data.
• User Content: Preferences, goals, personal notes, milestones, and voice memos.
• Contextual Data: Location data and time zones.
• Integration Data: Data from Google Calendar and Google Tasks (if connected).
2b. Messaging Platform Data
Jarvi operates across multiple messaging platforms. When you interact with Jarvi through any of the
following platforms, we collect and process:
Telegram:
• Your Telegram user ID, username, and display name.
• Message content you send to the Jarvi bot.
Facebook Messenger:
• Your Page-Scoped ID (PSID) as provided by Meta.
• Your display name and profile picture URL (as provided by Meta's API).
• Message content you send to Jarvi via Messenger.
Instagram Direct Messages:
• Your Instagram-Scoped ID (IGSID) as provided by Meta.
• Your Instagram username.
• Message content and comments you send to Jarvi via Instagram.
WhatsApp:
• Your phone number as provided by Meta's WhatsApp Business API.
• Your WhatsApp display name.
• Message content you send to Jarvi via WhatsApp.
Purpose: This data is used solely to provide the Jarvi service — processing your
requests, managing your calendar, tasks, goals, and memory. We do not sell, share, or use this data
for advertising purposes.
3. Google API Services User Data Policy & Compliance
AsIfThatWorks integrates with Google APIs to provide intelligent calendar scheduling and task management through our AI agents (Grim and Murphy). We strictly adhere to the Google API Services User Data Policy across all Google integrations.
3.1 Data Accessed (Google OAuth Scopes)
When you choose to connect your Google account, AsIfThatWorks requests explicit access only to the scopes necessary to perform the requested scheduling and task management actions:
• Google Calendar API (https://www.googleapis.com/auth/calendar / calendar.events): Allows reading your upcoming events, detecting schedule conflicts, and creating or updating events on your monitored calendars.
• Google Tasks API (https://www.googleapis.com/auth/tasks): Allows reading your task lists, creating new action items, and marking tasks completed.
• User Identification (openid, email, profile): Used solely to authenticate your Google connection and display your connected account address in your settings dashboard.
3.2 Data Usage (How Google Data is Processed)
We process Google user data exclusively to deliver functionality requested by you:
• Grim (Scheduling Agent): Reads your Google Calendar events strictly when you query your schedule or when proactive conflict monitoring checks for overlapping events. When requested, Grim inserts or modifies calendar events on your behalf.
• Murphy (Execution Agent): Reads and updates your Google Tasks lists to synchronize action items created during your productivity workflows.
• We do not use Google Calendar or Google Tasks data for user profiling, advertising, behavioral targeting, or surveillance.
3.3 Data Sharing & Disclosure
• No Third-Party Sharing: AsIfThatWorks does not share, sell, transfer, or disclose Google user data (including Calendar events, Tasks, or OAuth tokens) to any third-party advertisers, data brokers, or external analytics platforms.
• No Base Model Pre-Training: Information obtained via Google APIs is never used to pre-train, fine-tune, or train foundational AI base models.
3.4 Data Storage & Protection
• Encryption at Rest: All Google OAuth access tokens, refresh tokens, and synchronization metadata are encrypted at rest inside our secure EU-based database cluster.
• Encryption in Transit: All communication between your device, our backend servers, and Google APIs uses HTTPS with TLS 1.3 encryption.
• Account Isolation: Your Google OAuth tokens and synced data are strictly bound to your individual user account and inaccessible to any other user.
3.5 Data Retention & Deletion
• Retention Policy: We retain your Google OAuth credentials and synced data only for as long as your Google account remains actively connected to AsIfThatWorks.
• Instant Access Revocation: You can disconnect your Google Account at any time via your Dashboard settings or directly revoke access at Google Account Security Permissions.
• Data Deletion Process: You may request permanent deletion of your account and all associated Google user data at any time via Dashboard > Profile > Delete Account or by visiting our Data Deletion Page or emailing support@asifthatworks.com. Upon deletion, all Google OAuth tokens and associated calendar/task records are permanently wiped from our systems within 24 hours.
3.6 Mandatory Google API Services Limited Use Compliance Statement
AsIfThatWorks' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4. Artificial Intelligence and Data Privacy
To provide our intelligent services, your inputs are processed by advanced Large Language Models (LLMs).
We prioritize your privacy through a Hybrid Neural Architecture:
• Cloud Orchestration: We utilize enterprise-grade instances of OpenAI and Google Gemini
to perform multi-agent reasoning. Data processed through these providers is handled under Data Processing
Addendums (DPAs) that prohibit the use of your data for training their base models.
• Local Shield (Ollama):local shield Local models are maintained as an emergency fallback
and for highly sensitive, low-latency processing on our secure EU-based servers.
5. Third-Party Services and Subprocessors
• Hosting: Hostinger (EU-based servers).
• Payments: Stripe (Subscription processing).
• Email: Hostinger email services.
• Meta Platforms, Inc.: Messenger API, Instagram Graph API, and WhatsApp Business API
for receiving and sending messages on Meta platforms.
• Telegram: Telegram Bot API for receiving and sending messages on Telegram.
6. International Data Transfers
Data transfer to the USA is based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Data Retention
We store your data as long as your account is active. Chat history and memory data are retained to
provide continuity of service across sessions.
You may request deletion of your data at any time. Upon deletion, all account data, chat history,
integration tokens, goal data, and memory entries will be permanently removed within 30 days.
8. Your Rights
Under the GDPR, you have the right to access, rectification, erasure, data portability, and objection. Contact support@asifthatworks.com to exercise these rights.
9. Data Security
We implement state-of-the-art technical measures (e.g., SSL/TLS encryption) to protect your data.
10. Data Deletion
You have the right to absolute erasure. You can trigger this at any time through your Dashboard > Profile > Delete Account. This action is irreversible and immediately wipes all tasks, memories, messages, and integration tokens from our live systems. Alternatively, email support@asifthatworks.com.