Privacy Policy

Summary

Mayvis is a family logistics assistant. To do that job, we read your incoming school, activity, and provider email — with your explicit permission — and turn it into a shared calendar and task list. This page explains exactly what data we touch, who we share it with, and what controls you have.

We never sell your data. We never use your emails to train external AI models. We only retain what we need to keep Mayvis useful.

1. What we collect

• Account info: name, email, and (if you sign up with one) a password hash.
• Family data you enter: family members, providers, manual events, manual tasks, notification preferences.
• Connected-inbox content: when you connect Gmail or Outlook, we read and store the subset of messages relevant to family logistics (parsed events, parsed tasks, attachments, sender, subject, body). We do not read messages outside the scopes you grant.
• OAuth tokens: stored encrypted at rest. Used only to fetch your inbox and add events to your calendar.
• Usage / diagnostics: error reports, page-view counts, and Core Web Vitals (via Vercel Analytics + Sentry). No third-party tracking pixels, no advertising tags.

2. Sub-processors

Mayvis runs on a small set of vendors. Each sees only the data they need to do their job. Current list:

• Supabase — database + auth + file storage
• Vercel — hosting, function runtime, analytics
• OpenAI — parsing emails into events/tasks (zero data retention enabled)
• Resend — outgoing transactional + summary emails
• Twilio — outgoing SMS notifications
• Google + Microsoft — OAuth + Gmail/Outlook/Calendar APIs (read with your permission)
• Upstash — rate-limit state
• Sentry — error tracking (PII scrubbing on)

3. Retention & deletion

You can delete your account at any time from Settings → Delete Account. We remove every family-scoped row (events, tasks, messages, attachments, providers, settings, collaborators), every file from storage (signatures, attachments), and your auth credentials. We do not keep a copy.

Backups are encrypted, retained for 30 days, and then permanently purged.

4. Your controls

• Disconnect inbox at any time — Settings → Connected Accounts.
• Unsubscribe from emails — every transactional email has a one-click unsubscribe in the footer.
• Adjust notifications — Settings → Notifications for per-channel toggles.
• Export your data — coming soon. Email privacy@mayvis.com in the meantime.

5. Google API Services & Limited Use

When you connect a Google account, Mayvis requests read-only access to your Gmail messages (gmail.readonly) and permission to create and manage calendar events (calendar.events). We use this access for one purpose: to detect family-logistics details in your incoming mail (school notices, activity sign-ups, appointment reminders, forms, payments) and turn them into the events and tasks you see in Mayvis, and to write events you confirm back to your Google Calendar.

Mayvis's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google user data for advertising; we do not sell it; we do not transfer or use it to develop, improve, or train generalized or third-party AI/ML models; and humans do not read it except where you explicitly ask us to, where needed for security or to comply with the law, or on aggregated and anonymized data for internal operations.

6. Contact

Questions about how we handle your data — or to invoke any rights under GDPR, CCPA, or similar laws — email privacy@mayvis.com.