Privacy Policy

Last updated: May 2026

Overview

Actura is a personal productivity tool for managing tasks, notes, and calendar events through WhatsApp and the web. This policy describes the data we access, how we use it, with whom we share it, how we protect it, and how long we keep it. A dedicated section below covers our use of Google APIs.

Account & Messaging Data

When you sign up we collect your email address and password (stored hashed by Supabase Auth) and, if you choose to connect WhatsApp, the phone number you verify. We process WhatsApp messages received from your verified phone number to convert them into tasks, notes, and calendar events on your behalf. We never read messages from numbers you have not verified to your account. Your tasks, notes, messages, and account data are stored in a private Postgres database with row-level security so each account can only access its own rows. We do not sell your data, share it with advertisers, or use it to train AI models on your behalf.

Google API Services User Data Policy

Actura's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to others except as necessary to provide or improve user-facing features that are prominent in our application's user interface, do not use Google user data for serving advertisements, do not allow humans to read Google user data (except where required for security, with your explicit consent, or to comply with applicable law), and do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models.

Data Accessed (Google APIs)

Actura connects to a single Google API — Google Calendar — only after you click "Connect Google" in Settings or during onboarding. We request the following OAuth scopes:

From those scopes we read the following event fields when fetching: event ID, summary (title), description, start and end times, location, attendees (email and response status), and conference data (e.g. Google Meet links). We do not request and do not access Gmail, Google Drive, Google Contacts, Google Tasks, or any other Google API.

Data Usage (Google APIs)

Calendar data is used only for the following user-facing features:

We do not use Google user data for any other purpose. We do not use it to serve advertising, profile users, or train AI models.

Data Sharing (Google APIs and other personal data)

We do not sell, rent, or share your Google user data with third parties for their own purposes. We rely on the following sub-processors strictly to operate Actura:

We will disclose data only if required by law, to protect user safety, or to comply with a valid legal process. We do not transfer Google user data to any other party.

Data Storage & Protection

Account, tasks, and notes are stored in a private Postgres database (Supabase, hosted in the EU-West-1 region) protected by per-user row-level security policies. All connections use TLS in transit. Google OAuth refresh tokens are stored encrypted at rest using pgcrypto AES, with the encryption key held outside the database. Google Calendar event content is not persisted — events are fetched live from the Google Calendar API on each request and discarded after the response is rendered. Connection metadata we do retain for an active Google connection: your Actura user ID, your Google account email, the granted scopes, and the timestamp the connection was created. Access to production systems is restricted to the developer with two-factor authentication, and changes are audited via Git history and platform logs.

Data Retention & Deletion

You can remove your data at any time:

Contact

For questions about this privacy policy or to request data deletion, contact er.admin.manager@gmail.com.

← Back to actura.app