Privacy Policy
Effective Date: 02.02.2026 Last Updated: 02.02.2026 Version: 1.0
Privacy in Plain Language
Your messages are processed by AI (Google Gemini) - this is how the app works. To give you smart responses, your messages are sent to Google's Gemini API. Google does not use this data to train their AI models.
Your data is stored securely in the cloud. We use Supabase (hosted in the EU) to store your events, tasks, and conversation history.
Data deletion and export are coming soon. We're building features to let you delete all your data and export it. For now, email us at henrikhildre@gmail.com and we'll handle it manually within 30 days.
The solo developer has database access. Like most small services, the developer can technically access your data for debugging. We minimize this and never read your content without good reason.
Full Privacy Policy
1. Introduction
This Privacy Policy explains how Maybe Later ("we", "us", or "the Service") collects, uses, and protects your personal data when you use our AI-powered personal assistant mobile app.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Norwegian data protection law.
2. Data Controller
The data controller responsible for your personal data is:
Henrik Hildre ENK Aslakveien 22C 0753, Oslo Norway
Contact: henrikhildre@gmail.com
3. What Data We Collect
We collect and process the following categories of personal data:
3.1 Account & Identity Data
- Email address or phone number (for authentication)
- User ID (internal identifier)
- Display name (if provided)
3.2 Calendar & Task Data
- Events you create (title, date/time, location, notes)
- Tasks you create (title, due date, priority, notes)
- Scheduled reminders and messages
3.3 Conversation Data
- Messages you send to the assistant
- Assistant responses
- Uploaded files (PDFs, documents, images) - processed temporarily
3.4 AI-Generated Observations
- Notes the AI creates about your preferences and habits to provide better assistance (may include personal details you share, including sensitive information such as health, relationships, or beliefs)
- Conversation summaries used to maintain context
3.5 Device & Usage Data
- Push notification tokens (for sending reminders)
- Timezone preference
- Quiet hours settings
- Basic usage statistics (for service operation)
3.6 Location Data (Optional)
- Location names you provide for weather queries or event locations
- We do not track GPS or real-time location
4. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the assistant service (managing events, tasks, reminders) | Contract performance |
| Sending push notifications for reminders | Contract performance |
| Maintaining conversation context for personalized assistance | Legitimate interest |
| Generating AI observations to improve your experience | Legitimate interest |
| Service operation and debugging | Legitimate interest |
| Responding to support requests | Legitimate interest |
| Complying with legal obligations | Legal obligation |
5. Third-Party Data Processors
We use the following third-party services to operate Maybe Later:
5.1 Google Gemini API (Google LLC)
- Purpose: AI processing of your messages and generating responses
- Data Shared: Message content, uploaded files, conversation context
- Location: United States
- Safeguards: Google's Data Processing Addendum with Standard Contractual Clauses (SCCs)
- Privacy Policy: https://policies.google.com/privacy
5.2 Supabase Inc.
- Purpose: Database storage and user authentication
- Data Shared: All user data (events, tasks, conversations, account info)
- Location: European Union (Frankfurt)
- Privacy Policy: https://supabase.com/privacy
5.3 Expo (650 Industries, Inc.)
- Purpose: Push notification delivery
- Data Shared: Device push tokens, notification content
- Location: United States
- Privacy Policy: https://expo.dev/privacy
5.4 Sentry (Functional Software, Inc.)
- Purpose: Error tracking and performance monitoring
- Data Shared: Error logs, stack traces (may include message content in error context)
- Location: European Union
- Privacy Policy: https://sentry.io/privacy/
5.5 OpenStreetMap/Nominatim
- Purpose: Location name geocoding (for weather queries)
- Data Shared: Location names only (no personal data)
- Privacy Policy: https://osmfoundation.org/wiki/Privacy_Policy
5.6 YR/MET Norway
- Purpose: Weather forecast data
- Data Shared: Geographic coordinates only (no personal data)
- Terms: https://developer.yr.no/doc/TermsOfService/
5.7 DigitalOcean (Server Hosting)
- Purpose: Hosting the service infrastructure
- Location: European Union
- Privacy Policy: https://www.digitalocean.com/legal/privacy-policy
6. International Data Transfers
Your data is primarily stored on servers in the European Union (Supabase Frankfurt, DigitalOcean EU). However, some processing occurs outside the EU:
- Google Gemini API: United States (Standard Contractual Clauses)
- Expo Push Notifications: United States
We ensure appropriate safeguards are in place for all international transfers.
7. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Recent conversations | 24 hours | Short-term context only |
| Conversation summaries | Ongoing (progressively compressed) | Long-term context continuity |
| Events and tasks | Until you delete them | User-controlled data |
| AI-generated notes | Ongoing | Long-term personalization |
| Usage statistics | 90 days | Service operation |
You can request deletion of all your data at any time (see Section 8).
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
8.1 Right to Access
You can request a copy of all personal data we hold about you.
- How: Email henrikhildre@gmail.com
- Note: In-app export feature coming soon
8.2 Right to Deletion ("Right to be Forgotten")
You can request deletion of all your personal data.
- How: Email henrikhildre@gmail.com
- Effect: All your events, tasks, conversations, and AI notes will be permanently deleted
- Note: In-app deletion feature coming soon
8.3 Right to Rectification
You can correct inaccurate personal data.
- How: Edit events and tasks in the app, or contact us for other data
8.4 Right to Data Portability
You can receive your data in a structured, machine-readable format.
- How: Email henrikhildre@gmail.com to request a JSON export
8.5 Right to Object
You can object to processing based on legitimate interest.
- How: Contact us at henrikhildre@gmail.com
8.6 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
- How: Stop using the app and request data deletion
8.7 Right to Lodge a Complaint
You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):
- Website: https://www.datatilsynet.no/
- Address: Datatilsynet, Postboks 458 Sentrum, 0105 Oslo, Norway
Response Time: We aim to respond to all requests within 30 days as required by GDPR.
9. Developer Access & Debugging
As a small-scale service operated by a solo developer, the developer has technical access to the database for operational purposes.
What This Means
- The developer can query the database for debugging and support
- We minimize access to user content and only look at what's necessary
- Error logs may contain metadata about your usage (not message content)
Automated Tools
The developer may use automated tools and AI assistants (such as Claude Code or similar development tools) for debugging and development.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted over HTTPS/TLS
- Secure Authentication: Supabase handles authentication securely
- Access Controls: Database access restricted to the developer
- EU Hosting: Primary data stored in the European Union (Supabase Frankfurt)
11. Children's Privacy
Maybe Later is not intended for use by children under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Sending a push notification through the app
- Updating the "Last Updated" date at the top of this policy
Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy or to exercise your rights, contact us at:
Email: henrikhildre@gmail.com
14. Current Limitations
We believe in transparency. Here's what's not yet available:
| Feature | Status |
|---|---|
| In-app data export | Coming soon (email us for now) |
| In-app data deletion | Coming soon (email us for now) |
| In-app privacy settings | Coming soon |
We're a small team working to add these features. In the meantime, email requests are handled manually within 30 days.