Leo

Privacy Policy — Leo

Effective date: June 13, 2026

Operator: Valdrium ("we", "us")

Contact: support@valdrium.com

Leo is a personal assistant mobile app. This policy describes what information Leo collects, why, where it is sent, and the choices you have about it. We have written it in plain language; if anything is unclear, email us at the address above.

1. What Leo collects and why

Leo only collects what it needs to do the work you ask of it. Each item below is requested at the point of use, and you can revoke it at any time.

DataWhen collectedWhy
Email address and name When you sign in with Google or Microsoft To identify your account
Email message content and metadata (Gmail or Outlook) Only if you grant mail access in the Connections screen So Leo can summarize incoming mail and surface things worth doing
Calendar events (Google Calendar or Microsoft Calendar) Only if you grant calendar access So Leo can answer scheduling questions and propose calendar invites
Device contacts (name, phone, email) Only if you grant the Contacts permission Used locally on the device to prefill recipients in draft messages. Contacts are not uploaded to our servers in bulk; only the specific recipient you approve for a message is sent.
Approximate location (latitude/longitude) Only if you grant Location permission Used once to show local weather in the morning brief; we do not track continuous location.
Voice recordings Only when you tap the microphone Transcribed on-device by Android’s SpeechRecognizer and discarded after the recognizer returns text. No audio is sent to our servers or any third party.
Notification content from other apps (e.g. SMS, WhatsApp) Only if you enable Notification Access So Leo can draft replies to incoming messages on your behalf.
Push-notification token (FCM) Automatically when you sign in So we can deliver the morning brief and action notifications.
Subscription status When you subscribe via Google Play So we know whether to enable Pro features.
Support form submissions When you submit feedback or report a bug Routed to our issue tracker or support inbox.

We do not collect: precise location, advertising identifiers, biometrics, financial account numbers, browser history, files outside the data you explicitly share, or data from other apps beyond enabled notifications.

2. Who we share data with

We use a small number of vendors to operate the app. Each one only receives the data it needs to do its specific job.

We do not sell personal information. We do not share data with advertisers or data brokers.

3. Google user data — Limited Use disclosure

Leo’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Which Google scopes Leo requests and how each is used

ScopeWhat it grantsHow Leo uses it
openid, userinfo.email, userinfo.profile Stable identifier, email, name, avatar URL Identifies your account at sign-in; shown in the app header so you know which account is active.
gmail.readonly Read access to your Gmail messages and metadata Summarizes incoming mail in the morning brief; extracts action items (RSVPs, bill payment links, follow-up nudges) and proposes them as action cards you approve before anything happens; reads the List-Unsubscribe header when you tap Unsubscribe on a marketing email.
gmail.send Permission to send mail from your account Sends replies, follow-up messages, and one-line unsubscribe emails that you have explicitly approved by tapping Send on an action card. We never send automatically.
calendar Full read/write on your Google Calendar Reads upcoming events for scheduling answers and the morning brief; creates / updates events you approve on an action card.

Leo does not request, and does not have access to, Gmail’s modify scopes (label, archive, trash) or any other Google API beyond the ones above.

Affirmations (verbatim from the Google API Services User Data Policy)

How long Leo retains Google user data

4. How long we keep data

5. Your rights

You can:

Residents of California (CCPA), the European Economic Area, and the UK (GDPR) have additional rights including the right to object, restrict processing, and lodge complaints with a supervisory authority. To exercise these rights, email support@valdrium.com.

6. Children

Leo is not directed at children under 13 (under 16 in the EEA/UK) and we do not knowingly collect data from them. If you believe a child has provided us with personal information, email us and we will delete it.

7. Security

We follow industry-standard practices to protect your data:

No system is perfectly secure, but we work to keep Leo’s surface small and its data flows narrow.

8. International transfers

We are based in the United States and our backend runs in U.S. data centers. If you use Leo from outside the U.S., your data will be transferred to and processed in the U.S. By using Leo you consent to this transfer.

9. Changes to this policy

If we make material changes, we will notify you in the app and update the effective date at the top. Continued use after a change means you accept the updated policy. Prior versions are available on request.

10. Contact

Questions, requests, or complaints: support@valdrium.com.

© Valdrium. Leo is a product of Valdrium.