Privacy Policy — Leo
Leo is a personal assistant mobile app. This policy describes what information Leo collects, why, where it is sent, and the choices you have about it. We have written it in plain language; if anything is unclear, email us at the address above.
1. What Leo collects and why
Leo only collects what it needs to do the work you ask of it. Each item below is requested at the point of use, and you can revoke it at any time.
| Data | When collected | Why |
|---|---|---|
| Email address and name | When you sign in with Google | To identify your account |
| Gmail message content and metadata | Only if you grant Gmail access in the Connections screen | So Leo can summarize incoming mail and surface things worth doing |
| Google Calendar events | Only if you grant Calendar access | So Leo can answer scheduling questions and propose calendar invites |
| Device contacts (name, phone, email) | Only if you grant the Contacts permission | Used locally on the device to prefill recipients in draft messages. Contacts are not uploaded to our servers in bulk; only the specific recipient you approve for a message is sent. |
| Approximate location (latitude/longitude) | Only if you grant Location permission | Used once to show local weather in the morning brief; we do not track continuous location. |
| Voice recordings | Only when you tap the microphone | Transcribed on-device by Android’s SpeechRecognizer and discarded after the recognizer returns text. No audio is sent to our servers or any third party. |
| Notification content from other apps (e.g. SMS, WhatsApp) | Only if you enable Notification Access | So Leo can draft replies to incoming messages on your behalf. |
| Push-notification token (FCM) | Automatically when you sign in | So we can deliver the morning brief and action notifications. |
| Subscription status | When you subscribe via Google Play | So we know whether to enable Pro features. |
| Support form submissions | When you submit feedback or report a bug | Routed to our issue tracker or support inbox. |
We do not collect: precise location, advertising identifiers, biometrics, financial account numbers, browser history, files outside the data you explicitly share, or data from other apps beyond enabled notifications.
2. Who we share data with
We use a small number of vendors to operate the app. Each one only receives the data it needs to do its specific job.
- Anthropic (anthropic.com) — Receives messages, voice transcripts (text only — audio is transcribed on your device and never leaves it), and email/calendar context required to generate Leo’s responses. Before any content reaches Anthropic, our backend automatically redacts (i) email addresses, phone numbers, payment-card numbers, and government-ID-format strings, and (ii) the names of your contacts (display names, aliases, and unambiguous first names matched against your contact list). Each is replaced with an abstract token; the original values are reconstructed in your view before you see Leo's reply. Anthropic does not train models on the data we send per their API terms.
- Google (google.com) — Receives the OAuth scopes you grant for Gmail and Calendar; delivers push notifications via Firebase Cloud Messaging; processes payments via Google Play Billing.
- RevenueCat (revenuecat.com) — Receives subscription events from Google Play to update your entitlements.
- Resend (resend.com) — Sends transactional email (e.g. support replies). Receives only the recipient address and message body.
- Railway (railway.app) — Hosts our backend infrastructure; data is stored in encrypted Postgres.
We do not sell personal information. We do not share data with advertisers or data brokers.
3. How long we keep data
- Account data: until you delete your account, then up to 90 days more (see "Your rights" below).
- Conversation history: until you tap "Clear chat" or delete your account.
- Email/calendar context: cached briefly to answer immediate questions; not retained beyond the working session.
- Voice recordings: not retained after transcription.
- Logs: retained for up to 30 days for debugging and abuse prevention.
4. Your rights
You can:
- Access the data Leo holds about you: email support@valdrium.com.
-
Delete your account in two ways:
- In the app: Settings → Delete account.
- On the web: https://www.valdrium.com/delete-account.
Either path schedules your account for deletion. You are signed out immediately, your push notifications stop, and your Google access tokens are revoked. Your account row and all associated data (messages, contacts, follow-ups, OAuth tokens, etc.) are permanently erased no later than 90 days from the deletion request. The 90-day window exists so you can email support@valdrium.com to restore the account if you change your mind; after 90 days the deletion is irreversible.
- Revoke any permission (Gmail, Calendar, Contacts, Location, Notifications) at any time in the app or your device settings.
- Export your data: email support@valdrium.com.
Residents of California (CCPA), the European Economic Area, and the UK (GDPR) have additional rights including the right to object, restrict processing, and lodge complaints with a supervisory authority. To exercise these rights, email support@valdrium.com.
5. Children
Leo is not directed at children under 13 (under 16 in the EEA/UK) and we do not knowingly collect data from them. If you believe a child has provided us with personal information, email us and we will delete it.
6. Security
All data is transmitted over HTTPS / TLS — between the app and our backend, and between our backend and every third-party service we use (Google, Anthropic, RevenueCat, Resend). Backend storage is encrypted at rest. Access to the production database is restricted to authorized operators. We follow industry-standard practices but no system is perfectly secure; if we discover a breach affecting your data, we will notify you within 72 hours.
7. International transfers
We are based in the United States and our backend runs in U.S. data centers. If you use Leo from outside the U.S., your data will be transferred to and processed in the U.S. By using Leo you consent to this transfer.
8. Changes to this policy
If we make material changes, we will notify you in the app and update the effective date at the top. Continued use after a change means you accept the updated policy.
9. Contact
Questions, requests, or complaints: support@valdrium.com.
© Valdrium. Leo is a product of Valdrium.