PRIVACY POLICY

Last Updated: March 2026

1. General Information

We take the protection of your personal data very seriously. This Privacy Policy informs you about how AsIfThatWorks & ThatsBuiltByPham by Ký Anh Pham ("we", "us", or "asifthatworks") collects, uses, and protects your data when you use our SaaS platform and our AI agents (JARVI, Grim, Murphy, Forge, and Chronicles).

Controller: AsIfThatWorks & ThatsBuiltByPham by Ký Anh Pham
Brückenstraße 12, 12439 Berlin, Germany
Email: support@asifthatworks.com

2. Data Collection and Purposes

We process personal data only as far as necessary to provide a functional website and our services (Art. 6 para. 1 lit. b GDPR).

• Account Data: Name, email address, phone number, and authentication data.
• User Content: Preferences, goals, personal notes, milestones, and voice memos.
• Contextual Data: Location data and time zones.
• Integration Data: Data from Google Calendar and Google Tasks (if connected).

2b. Messaging Platform Data

JARVI operates across multiple messaging platforms. When you interact with JARVI through any of the following platforms, we collect and process:

Telegram:
• Your Telegram user ID, username, and display name.
• Message content you send to the JARVI bot.

Facebook Messenger:
• Your Page-Scoped ID (PSID) as provided by Meta.
• Your display name and profile picture URL (as provided by Meta's API).
• Message content you send to JARVI via Messenger.

Instagram Direct Messages:
• Your Instagram-Scoped ID (IGSID) as provided by Meta.
• Your Instagram username.
• Message content and comments you send to JARVI via Instagram.

WhatsApp:
• Your phone number as provided by Meta's WhatsApp Business API.
• Your WhatsApp display name.
• Message content you send to JARVI via WhatsApp.

Purpose: This data is used solely to provide the JARVI service — processing your requests, managing your calendar, tasks, goals, and memory. We do not sell, share, or use this data for advertising purposes.

3. Google API Disclosure (Limited Use)

Our application uses Google APIs to provide core features.

• Usage: We access your Google Calendar and Google Tasks to read, create, or modify entries as requested by you through our AI agents.
• Limited Use: Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• Privacy: We do not use your Google user data to display advertisements, and we do not sell this data to third parties.

4. Artificial Intelligence and Data Privacy

To provide our intelligent services, your inputs are processed by advanced Large Language Models (LLMs). We prioritize your privacy above all else through Sovereign Architecture:

• 100% Local Text Processing: Your daily conversations, calendar planning, private notes, and goal tracking are orchestrated entirely by our sovereign Local AI models (via Ollama). Your personal text data never leaves our secure EU-based servers.
• Cloud Providers (Opt-In): External providers like OpenAI or Google Gemini are strictly reserved for heavy multimodal tasks (such as Voice Memo transcription or Image analysis), or as an emergency fallback to preserve uptime during extreme load.

5. Third-Party Services and Subprocessors

• Hosting: Hostinger (EU-based servers).
• Payments: Stripe (Subscription processing).
• Email: Hostinger email services.
• Meta Platforms, Inc.: Messenger API, Instagram Graph API, and WhatsApp Business API for receiving and sending messages on Meta platforms.
• Telegram: Telegram Bot API for receiving and sending messages on Telegram.

6. International Data Transfers

Data transfer to the USA is based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We store your data as long as your account is active. Chat history and memory data are retained to provide continuity of service across sessions.

You may request deletion of your data at any time. Upon deletion, all account data, chat history, integration tokens, goal data, and memory entries will be permanently removed within 30 days.

8. Your Rights

Under the GDPR, you have the right to access, rectification, erasure, data portability, and objection. Contact support@asifthatworks.com to exercise these rights.

9. Data Security

We implement state-of-the-art technical measures (e.g., SSL/TLS encryption) to protect your data.

10. Data Deletion

You can request the complete deletion of your personal data at any time. For detailed instructions, please visit our Data Deletion Instructions page or email support@asifthatworks.com with the subject "Data Deletion Request".