← Back to CiCy

Privacy Policy

Last updated: March 15, 2026

1. Introduction

CiCy ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information: Email address, display name, and password hash when you register.

Usage Data: Feature usage patterns, AI call counts, and error logs to improve the Service.

Payment Information: Processed by our payment partner (Paddle). We do not store credit card numbers or payment details.

Third-Party Tokens: OAuth tokens for connected services (Notion, Google, etc.) are encrypted and stored securely. We use these tokens only to perform actions you request.

3. Information We Do NOT Collect

• We do not read or store your documents, files, or data from connected third-party services.
• We do not record your conversations with AI beyond what is needed for the current session.
• We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. How We Use Your Information

• To provide and maintain the Service.
• To authenticate your identity and manage your account.
• To process payments and manage subscriptions.
• To communicate with you about updates, security alerts, and support.
• To improve the Service based on aggregated, anonymized usage data.

5. Data Security

• All data is transmitted over HTTPS/TLS encryption.
• OAuth tokens are encrypted with AES-256 and stored in secure cloud infrastructure (GCP Secret Manager).
• Access to user data is restricted to authorized personnel only.
• We conduct regular security reviews of our infrastructure.

6. Third-Party Services

When you connect third-party services (Notion, Google, GitHub, etc.), you authorize CiCy to access those services on your behalf. Each connection uses OAuth 2.0 with scoped permissions. You can view and revoke any connection at any time in your account settings.

7. Data Retention

• Account data is retained while your account is active.
• Upon account deletion, all personal data is permanently removed within 30 days.
• OAuth tokens are immediately revoked upon disconnection or account deletion.
• Anonymized usage statistics may be retained for analytics.

8. Your Rights

• Access: Request a copy of your personal data.
• Correction: Update inaccurate personal information.
• Deletion: Delete your account and all associated data.
• Revocation: Disconnect any third-party service at any time.
• Export: Export your data in a standard format.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

12. Contact

For privacy-related questions, contact us at steve@cicy-ai.com.