Privacy Policy
Effective date: 10 May 2026 Last updated: 10 May 2026
A plain-language summary
We built YourEase to feel like ease — and that starts with respecting your data. Here's the short version:
- What we collect: your account info, what you tell Ease (chats, files, voice, images), data from connectors you choose to authorize (e.g. Google Calendar), and basic usage data so the product works.
- What we don't do: we don't sell your data, we don't use it to train third-party AI models, and we don't show you ads.
- Where it lives: primarily on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region). Encrypted in transit and at rest.
- What you control: view your memory, delete it, export your data, use Incognito mode, withdraw consent — all from inside the product or by writing to us.
- Who runs this: YourEase Technologies (OPC) Private Limited, an Indian company recognized by DPIIT (DIPP226697).
The detailed sections below are the legally operative version. If anything is ever unclear, write to us and we'll explain in plain English.
1. Who we are
This Privacy Policy ("Policy") governs how YourEase Technologies (OPC) Private Limited ("YourEase", "we", "us", "our") — a One Person Company incorporated under the laws of India on 23 September 2025 (CIN: U62013MH2025OPC457800) and recognized by the Department for Promotion of Industry and Internal Trade (DPIIT recognition number DIPP226697) — collects, uses, stores, shares, and protects your personal data in connection with the YourEase service available at yourease.io and any related applications, APIs, or interfaces (collectively, the "Service").
By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.
This Policy is published in English. In compliance with Section 6(3) of the DPDP Act, 2023, you may request a copy of this Policy in any of the languages specified in the Eighth Schedule to the Constitution of India by writing to privacy@yourease.io.
2. Definitions
- "Personal data" means any information relating to an identified or identifiable individual.
- "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
- "You" or "User" means the individual who creates an account on, or otherwise uses, the Service.
- "Connector" means an optional third-party integration you authorize (such as Google Calendar or Google Drive).
- "Memory" means the durable and episodic information YourEase retains about your preferences, facts, and prior conversations to personalize Ease's behavior.
- "Ease" means the AI assistant that operates the Service on your behalf.
3. Personal data we collect
3.1 Information you provide directly
- Account information: your name, email address, profile photo (if you provide one), and authentication identifiers when you sign up via Google OAuth.
- Conversational content: messages, prompts, files (documents, spreadsheets, PDFs, images), voice recordings, and any other content you send to Ease or upload to the Service.
- Memory entries: facts, preferences, goals, and relationships you ask Ease to remember, or which Ease infers from your usage and confirms with you.
- Profile and onboarding inputs: the name you tell Ease to call you, domain selections (Personal, Business), and other preferences captured during onboarding.
- Support and communication content: anything you send to us via email or in-product feedback.
3.2 Information collected automatically
- Usage data: features used, energy consumption metering, conversation counts, agent invocations, timestamps.
- Device and technical data: IP address, browser type, operating system, device identifiers, language preference, time zone, pages visited within the Service.
- Cookies and similar technologies: strictly necessary cookies for authentication and session management. We do not use advertising or third-party tracking cookies. See Section 11.
3.3 Information from connectors
When you authorize a Connector, we receive only the specific data covered by the OAuth scope you grant. Current Connectors and the scopes they request:
| Connector | Scope | What we receive |
|---|---|---|
| Google Calendar | calendar.events, calendar.readonly | Calendar events you create, view, or modify in connection with your requests to Ease |
| Google Drive | drive.file | Only the specific files you choose to share with YourEase from within the Drive picker — not your entire Drive |
| Tavily (web search) | n/a (we send queries; no user account linked) | Search results returned to your queries |
We do not request and do not receive scopes beyond those listed. If we add a new Connector or change a scope, we will update this Policy.
3.4 Payment data
When you subscribe to a paid plan, payments are processed by our payment partner Razorpay (Razorpay Software Pvt. Ltd.). We do not receive or store your full card number, CVV, UPI PIN, or bank credentials. We receive only a transaction reference, payment status, and the last four digits of the instrument used (where applicable). The payment partner's privacy policy applies to their handling of payment data.
3.5 What we do not collect
- We do not collect biometric data (face scans, fingerprints, etc.).
- We do not collect precise location data beyond what your IP address reveals.
- We do not access your contacts, photos, or device storage outside of files you explicitly upload.
- We do not collect data from the broader web on your behalf except via search Connectors you invoke.
4. How we use personal data
We process your personal data for the following purposes, each with a stated lawful basis under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and, where applicable, the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"):
| Purpose | Lawful basis |
|---|---|
| Authenticating you and operating your account | Performance of contract |
| Generating Ease's responses, including running AI inference on your inputs | Performance of contract |
| Storing and recalling your Memory to personalize Ease | Performance of contract; your consent for sensitive memories |
| Connecting and using authorized Connectors | Your consent (granted at OAuth time); performance of contract |
| Processing payments and preventing fraud | Performance of contract; legitimate interest |
| Sending transactional communications (e.g. account, security, billing) | Performance of contract |
| Sending marketing communications | Your consent (you can withdraw at any time) |
| Improving the Service through aggregate, de-identified analytics | Legitimate interest |
| Investigating misuse, security incidents, and policy violations | Legitimate interest; legal obligation |
| Complying with applicable law | Legal obligation |
We do not use your personal data for behavioral advertising. We do not display third-party ads in the Service. We do not sell personal data.
5. How AI processing works inside YourEase
When you send a message, upload a file, or speak to Ease:
- Your input is transmitted over an encrypted (HTTPS / TLS) connection to our infrastructure on AWS.
- The input is routed to one or more AI models hosted on Amazon Bedrock (currently Anthropic Claude family models for text and reasoning, and Stability AI models for image generation), all running within the AWS us-east-1 region or AWS regions in the United States.
- The model produces a response, which is returned to you.
- Selected portions of the conversation may be written to your Memory store so future conversations are personalized. Memory writes happen with explicit confirmation patterns ("show your math") so you can see what is being remembered.
- Conversation transcripts are retained in your account so you can return to them.
Important facts about AI processing:
- Your inputs and outputs are not used to train Anthropic's, Stability AI's, or any third-party foundation models. We use the AWS Bedrock service under terms that prohibit such training use.
- Voice processing: when you speak to Ease, audio is transcribed via Amazon services (Polly, Nova) and the transcript is treated as conversational content under this Policy.
- Code execution: when Ease runs code on your behalf via AgentCore Code Interpreter, the code and its outputs are processed within an isolated AWS environment associated with your session and are deleted after the session ends, unless you save outputs to your account.
- Tool calls to Connectors: when Ease takes an action on a Connector (e.g. reading a calendar event), the data returned by the Connector is treated as conversational content for that turn, and is stored in conversation history if relevant.
We may update the underlying models used to provide the Service from time to time as the state of the art evolves. We will continue to ensure that any model provider we use is bound by terms equivalent to those described in this Section.
6. How we share personal data
We share personal data only as described below.
6.1 With service providers
We share personal data with vendors who help us operate the Service, under written contracts that limit them to processing the data for our purposes. Current categories of service providers include:
| Vendor | Role | Location |
|---|---|---|
| Amazon Web Services, Inc. | Cloud infrastructure (compute, storage, AI inference, identity) | United States |
| Google LLC | OAuth identity, Connector APIs (only when you authorize) | United States |
| Razorpay Software Pvt. Ltd. | Payment processing | India |
| Anthropic, PBC | AI model provider (accessed indirectly via AWS Bedrock) | United States |
| Stability AI Ltd. | Image-generation model provider (accessed indirectly via AWS Bedrock) | United Kingdom |
| Tavily Inc. | Web search Connector | United States |
6.2 With Connectors you authorize
When you grant a Connector access, data flows directly between the Connector's provider and our service under the OAuth grant you authorize. You can revoke a Connector at any time from Settings → Integrations or from the third party's account settings.
6.3 For legal reasons
We may disclose personal data where we believe in good faith that disclosure is necessary to:
- comply with applicable law, regulation, or a valid legal request from a government authority of competent jurisdiction;
- enforce our Terms of Service;
- protect the rights, property, or safety of YourEase, our users, or the public; or
- detect, prevent, or address fraud, security, or technical issues.
We will challenge requests we believe are overbroad or unlawful and will, where legally permitted, notify you of requests for your data.
6.4 In a business transfer
If YourEase undergoes a merger, acquisition, financing, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you and provide you with options before your data is subject to a different privacy policy.
6.5 With your direction
We share your data with third parties when you instruct us to — for example, when you ask Ease to email a draft to someone or schedule a meeting through a Connector.
6.6 We do not sell or share personal data
We do not sell personal data within the meaning of the CCPA, the DPDP Act, or any equivalent law. We have not sold personal data in the preceding 12 months and do not intend to. We also do not "share" personal data for cross-context behavioral advertising (as that term is defined under the CCPA) or for any equivalent advertising-related purpose under any other law.
7. Data retention
- Account data: retained while your account is active. After you delete your account, we erase your account data from production systems within 30 days. The 30-day window exists solely to allow you to recover an accidentally deleted account on request. Backup copies are purged within a further 30 days.
- Conversation history: retained while your account is active. You can delete individual conversations at any time. Deleted conversations are removed from production within 24 hours and from backups within 30 days.
- Memory entries: retained until you delete them or your account. You can review and edit Memory at any time from the Privacy Dashboard.
- Incognito conversations: not written to Memory and not retained beyond the active session. An "active session" ends when you toggle Incognito off, close the browser tab or app, or remain inactive for more than 60 minutes — whichever happens first.
- Payment records: retained as required by Indian tax and accounting law (typically 7 years from the end of the relevant financial year).
- Logs and security records: retained for up to 12 months for security and abuse detection.
8. Storage location and international transfers
Your personal data is stored primarily on Amazon Web Services infrastructure in the United States (us-east-1 region). Some image generation may occur in the AWS us-west-2 region.
If you are located outside the United States, your data will be transferred to and processed in the United States. The United States may not provide the same level of data protection as your home jurisdiction.
For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on the Standard Contractual Clauses approved by the European Commission as the lawful transfer mechanism, supplemented where necessary by additional safeguards.
For users in India, we comply with cross-border data transfer requirements under the DPDP Act, including any restrictions the Central Government may notify from time to time.
9. Your rights
Subject to applicable law, you have the following rights with respect to your personal data:
- Right to access: request a copy of the personal data we hold about you.
- Right to correction: request correction of inaccurate or incomplete data.
- Right to deletion ("right to be forgotten"): request deletion of your personal data, subject to retention obligations.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time.
- Right to object / restrict processing: object to or restrict certain processing activities.
- Right to nominate (DPDP Act): nominate another individual to exercise rights on your behalf in case of death or incapacity.
- Right to grievance redressal: lodge a complaint with our Grievance Officer (Section 13) and, if unresolved, with the Data Protection Board of India or your local supervisory authority.
You can exercise most of these rights directly inside the Service via Settings → Privacy. For others, write to privacy@yourease.io. We will respond within 30 days (or sooner where required by applicable law).
We may need to verify your identity before fulfilling a request.
10. Security
We protect your data through layered measures, including:
- Encryption in transit: TLS 1.2 or higher for all communication.
- Encryption at rest: AES-256 encryption for data stored in DynamoDB, S3, and Amazon Bedrock.
- Authentication: Amazon Cognito with support for OAuth and passkeys.
- Access control: least-privilege IAM roles, isolated environments per user where applicable, Cedar-based policy enforcement for sensitive operations.
- Monitoring: continuous logging, anomaly detection, and rate limiting.
- Incident response: documented procedures to investigate and respond to security incidents and notify affected users where required by law.
No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you without undue delay and as required by applicable law.
11. Cookies and similar technologies
We use only strictly necessary cookies and local storage:
- Authentication cookies / tokens: to keep you signed in.
- Session storage: to preserve your in-progress state (e.g. a conversation you are typing).
- Preference storage: to remember non-sensitive choices like theme or domain selection.
We do not use third-party advertising cookies, behavioral tracking pixels, or similar technologies. You can disable cookies in your browser settings, but the Service may not function correctly without authentication cookies.
12. Children
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. We rely on a combination of (a) the age signal provided by your authentication provider (Google), (b) your representation at signup that you are at least 18 years old, and (c) human review where flagged content suggests an underage user. If you believe a child has provided us personal data, please contact us at privacy@yourease.io and we will delete it without delay.
13. Grievance Officer (DPDP Act)
In accordance with the DPDP Act, 2023, the contact details of our Grievance Officer are:
Name: Anmol Agrawal Designation: Founder & CEO, YourEase Technologies (OPC) Private Limited Email: grievance@yourease.io Address: Flat No. 103, Honey Lisha Apartment, 207, Ghas Bazar Lakadganj, Bagadganj, Nagpur — 440008, Maharashtra, India Working hours: Monday to Friday, 10:00 to 18:00 IST
The Grievance Officer will acknowledge complaints within 48 hours and resolve them within 30 days.
14. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will notify you at least 15 days in advance by email and through an in-product notice. The "Effective date" at the top of this Policy will reflect the most recent update. Your continued use of the Service after the effective date of an updated Policy means you accept the changes.
15. Contact us
If you have questions about this Policy or about how YourEase handles personal data, write to us:
YourEase Technologies (OPC) Private Limited CIN: U62013MH2025OPC457800 Email (general privacy questions): privacy@yourease.io Email (Grievance Officer / DPDP complaints): grievance@yourease.io Email (general support): support@yourease.io Postal address: Flat No. 103, Honey Lisha Apartment, 207, Ghas Bazar Lakadganj, Bagadganj, Nagpur — 440008, Maharashtra, India
16. Google API Services User Data Policy — Limited Use
YourEase's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, with respect to data accessed through Google Calendar and Google Drive scopes:
- We use Google user data only to provide and improve the user-facing features of YourEase that you have explicitly enabled.
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use Google user data for serving advertisements, including retargeted, personalized, or interest-based advertising.
- We do not use or transfer Google user data to determine credit-worthiness or for lending purposes.
- We do not allow humans to read Google user data, except with your affirmative agreement for specific messages, when necessary for security (such as investigating abuse), to comply with applicable law, or for internal operations limited to data that has been aggregated and anonymized.
- We do not use Google user data to train or improve generalized or non-personalized AI or machine-learning models. Your Google data is used only within your session to generate the response you requested.
YourEase. Imagine Otherwise.