Privacy Policy

LifeOS is a personal productivity tool operated by Michael Cerda (Build Something LLC, Alamo, California, mc@bspg.build). It generates a daily editorial brief from your own Gmail and Google Calendar and delivers it via a private link sent to your phone.

LifeOS is in a free public beta. Each user connects their own Google account and verifies their own phone number. Your data is isolated from every other user by row-level security keyed to your account, and we never train models on the contents of your inbox.

• Google account profile (your email address and a unique account identifier) via OAuth.
• Gmail message metadata and content for messages received in the last thirty days, including subject, sender, recipients, body text, and timestamps. Used to compose the daily brief and to answer your questions in Ask Anything.
• Google Calendar events for the current day, including titles, times, and attendees. Used to compose the daily brief.
• Your mobile phone number, which you enter and verify yourself, stored encrypted at rest, for delivering the daily SMS link.
• Operational logs (cost of model calls, run duration, error messages) for monitoring and debugging.

Your Gmail, Calendar, and indexed message corpus are used solely to generate your personal daily brief, to stage reply drafts in your own Gmail Drafts folder, and to answer your questions in Ask Anything. We do not use your data to train any model, and we do not sell or share it for advertising.

LifeOS accesses certain data from your Google Account (Gmail and Google Calendar) to provide the morning brief service. This section describes how we handle that data, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

What we access:

• Gmail messages and metadata (via the gmail.readonly scope): we read the content of your inbox to synthesize the morning brief, identify items that need your attention, and draft replies on your behalf.
• Gmail drafts (via the gmail.compose scope): we create draft replies in your Gmail drafts folder. We do not send email autonomously. All drafts require your manual review and send action.
• Google Calendar events (via the calendar.readonly scope): we read your calendar to surface upcoming events in the brief and detect conflicts. We do not write to or modify your calendar.

How we use the data:

• To generate your daily morning brief.
• To draft replies to emails you would likely want to respond to.
• To detect time-sensitive items (meeting changes, flight changes, financial anomalies).

How we do NOT use the data:

• We do not sell or transfer Google user data to third parties for advertising, marketing, or any other purpose unrelated to providing the LifeOS service.
• We do not use Google user data to train, improve, or develop generalized AI or machine learning models. Any AI processing of your data is performed by third-party model providers (such as Anthropic or OpenAI) under contractual restrictions that prohibit them from using your data for model training.
• We do not allow humans to read your Google user data, except: (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized.

How long we keep the data:

• Cached email content and calendar event data are automatically purged 30 days after they were retrieved.
• OAuth tokens are encrypted at rest and rotated according to industry-standard practices.
• You can revoke LifeOS's access to your Google Account at any time via your Google Account permissions page.

LifeOS's use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

LifeOS relies on the following service providers. Your data passes through them only to operate the service. Each has its own privacy policy.

• Google for OAuth authentication, Gmail access, and Calendar access.
• Anthropic for synthesizing the daily brief and powering Ask Anything via the Claude API. Anthropic does not train on data sent through the paid API.
• Supabase for storing indexed messages, brief history, and OAuth tokens (encrypted at rest).
• Twilio for SMS delivery of the daily brief link.
• Vercel for application hosting.

You consent to receive SMS messages from LifeOS by signing in at life-os.build, entering your US mobile phone number on the Settings page, checking the consent box on that page, and completing the 6-digit verification code we send to your phone. Your consent record (timestamp, IP address, user agent, and the exact wording you agreed to) is stored in our audit log. You will receive at most one SMS per day, sent shortly after the daily brief is generated, containing a private link to that day's brief.

Reply STOP at any time to opt out. Reply HELP for assistance. Message and data rates may apply. To resume messages after opting out, reply START or re-verify your number on the Settings page.

We do not sell, rent, or share your personal information with third parties for marketing or advertising. Data is shared only with the subprocessors listed above, strictly to operate the service. SMS opt-in data and consent records are never shared with third parties for marketing purposes.

Indexed messages are retained while the service is active. Brief history is retained for record-keeping. You can request deletion of all your data at any time by contacting the address below. OAuth tokens are deleted when you revoke access in your Google account.

OAuth tokens are encrypted at rest. Database access is restricted to the application service role. Brief links are gated by random 32-byte tokens with a 24-hour expiry. The service runs over HTTPS.

You may request access to, correction of, or deletion of your data at any time by emailing the address below. You may also revoke Google access in your Google account settings, which immediately terminates the service's ability to read your mailbox.

LifeOS is not intended for use by anyone under 18. We do not knowingly collect data from minors.

We may update this policy. The date at the top reflects the most recent revision. Material changes will be communicated to the operator directly.

Questions, requests, or complaints: mc@bspg.build. Postal contact available on request.