COYLCOYL
Back to home

Privacy Policy

Last updated: April 9, 2026

COYL ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the COYL platform ("the Service") at coyl.ai and our mobile applications.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, and profile data provided through Clerk authentication (including Google, Apple, or email/password sign-in)
  • Task data: Tasks, descriptions, due dates, priorities, follow-up schedules, project assignments, and tags you create within the Service
  • AI interactions: Messages you send in chat sessions (morning planning, night reviews, assessments) to power AI-generated responses
  • Preferences: Timezone, notification settings, briefing preferences, and reminder intensity
  • Payment information: Billing details processed and stored by Stripe. We do not store credit card numbers on our servers.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, session duration, and interaction patterns
  • Device information: Browser type, operating system, device type, and screen resolution
  • Log data: IP address, access times, and referring URLs
  • Cookies: Authentication cookies and preferences (see our Cookie Policy for details)

2. How We Use Your Information

We use your information to:

  • Provide the Service: Store and display your tasks, generate AI responses, send briefings and reminders
  • Personalize your experience: Tailor morning/night reviews, generate performance assessments based on your task history
  • Process payments: Manage subscriptions through Stripe
  • Send communications: Daily email briefings (when enabled), service announcements, and account notifications
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access

3. AI Data Processing

When you use AI features (chat, morning/night reviews, performance assessments), your task data and messages are sent to our AI provider (Anthropic) to generate responses. Specifically:

  • Your open tasks, completion history, and follow-up data are included as context in AI prompts
  • Performance assessments analyze 30 days of task data (completion rates, priority distribution, overdue patterns)
  • AI conversations are logged for service quality but are not used to train AI models
  • Anthropic processes data in accordance with their data processing agreement and does not use your data to train their models

4. Third-Party Services

We share your information with the following third-party services:

ServicePurposeData Shared
ClerkAuthenticationEmail, name, profile, session tokens
StripePaymentsEmail, billing address, payment method
Anthropic (Claude)AI featuresTask data, chat messages (per-session, not stored)
ResendEmail deliveryEmail address, briefing content
VercelHostingIP address, request logs
SupabaseDatabaseAll user and task data (encrypted at rest)
UpstashRate limitingUser IDs (for rate limit counters only)

We do not sell your personal information to third parties. We do not share your data with advertisers or data brokers.

5. Data Retention

  • Active accounts: Your data is retained for as long as your account is active
  • Deleted accounts: Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records for tax compliance)
  • AI interaction logs: Chat logs are retained for up to 90 days for service quality, then deleted
  • Billing records: Retained for 7 years as required by tax law

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Authentication is managed by Clerk with support for multi-factor authentication
  • API endpoints are protected with rate limiting and input validation
  • Database access is restricted to authorized services only
  • We conduct regular security reviews of our codebase

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@coyl.ai. We will respond within 30 days.

8. GDPR (European Users)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Improving the Service, preventing fraud, and ensuring security
  • Consent: Where you have given explicit consent (e.g., email briefings)

Data is transferred to the United States where our services are hosted. We rely on Standard Contractual Clauses (SCCs) and our processors' data protection agreements to ensure adequate protection.

9. CCPA (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To submit a CCPA request, email privacy@coyl.ai.

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new date and, where required, by email. Your continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your data rights:
Email: privacy@coyl.ai
COYL
United States