Typrio Privacy Policy
This Privacy Policy describes how Typrio (“Company”, “we”, “us”, or “our”) collects, uses, processes, and protects personal data when you use our services, including the Typrio mobile application, web dashboard, and related services (collectively, the “Services”).
By using Typrio, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Services.
1. Scope of Services
Typrio provides:
- A mobile AI assistant application
- A web-based platform for creating AI-powered tools (“AI Apps”)
- A runtime system that executes user-defined actions via integrations and APIs
2. Data Controller and Processor Roles
Depending on the context:
Typrio acts as a Data Controller for:
- Account data
- Billing data
- Platform usage analytics
Typrio acts as a Data Processor for:
- AI Apps execution
- User-defined integrations
- External API interactions
Users remain responsible for the data they process through AI Apps, including ensuring they have a lawful basis for doing so.
3. Information We Collect
3.1 Account Information
- Email address
- Authentication credentials (OAuth tokens, session tokens)
- Profile metadata
3.2 Billing Information
- Subscription status
- Transaction identifiers
- Payment provider references
Note:Payment processing is handled by third-party providers (e.g., Stripe). Typrio does not store full payment card details. Stripe's privacy policy is available at https://stripe.com/privacy.
3.3 Usage Data
- Feature usage patterns
- Execution counts
- System diagnostics (non-sensitive)
3.4 AI App Data
- Tool configurations
- Workflow definitions
- Metadata associated with actions
3.5 Credentials
- API keys, tokens, and secrets provided by users
- Stored encrypted at rest; never logged in plain text
3.6 Cookies and Tracking Technologies
We use cookies and similar technologies on our web dashboard for the following purposes:
| Category | Purpose | Can be declined? |
|---|---|---|
| Strictly necessary | Session management, authentication | No |
| Functional | User preferences, language settings | Yes |
| Analytics | Aggregate usage statistics | Yes |
You can manage your cookie preferences via the cookie banner displayed on first visit. To change your choice later, clear the Typrio cookie-preferences entry in your browser storage, or use your browser settings. Disabling analytics cookies does not affect core functionality.
We do not use advertising or third-party tracking cookies.
4. Legal Basis for Processing (GDPR)
We process personal data under the following legal bases as defined in Article 6 of the GDPR:
| Processing activity | Legal basis |
|---|---|
| Providing and operating the Services | Contractual necessity (Art. 6(1)(b)) |
| Billing and fraud prevention | Contractual necessity / Legal obligation (Art. 6(1)(b)(c)) |
| Service improvement and security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Optional AI integrations and analytics | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5. Local-First Processing
Typrio is designed to operate locally where possible:
- AI interactions may run on-device
- Data remains local unless features requiring remote processing are explicitly used by you
We will always make clear when a feature requires data to leave your device.
6. AI Apps and Tool Execution
Users may create AI Apps that execute actions on their behalf.
When an AI App is executed:
- Requests may be sent to external services as configured by the user
- Data is processed strictly to fulfill user instructions
- Typrio does not independently use, analyse, or monetise this data
- Users are responsible for ensuring they have appropriate rights and consents for any data processed through their AI Apps
7. Third-Party Services and Subprocessors
Users may connect services such as OpenAI, Anthropic, Mistral, Stripe, Discord, and other APIs. When these integrations are used, data may be transferred to those providers and their privacy policies apply. Typrio is not responsible for third-party privacy practices.
Links to third-party privacy policies:
- OpenAI: https://openai.com/privacy
- Anthropic: https://www.anthropic.com/privacy
- Mistral: https://mistral.ai/privacy
- Stripe: https://stripe.com/privacy
- Discord: https://discord.com/privacy
We maintain a list of infrastructure subprocessors (e.g., cloud hosting providers) used in delivering the Services. You may request the current subprocessor list by contacting [email protected].
We will notify users of any material changes to our subprocessors with at least 10 days' notice before such changes take effect, providing an opportunity to object.
8. AI-Assisted Features
Typrio may process user prompts through AI providers to generate tools or suggest workflows. These features are always explicitly triggered by the user. We do not use your prompts to train AI models without your explicit consent.
9. Data Security
We implement appropriate technical and organisational safeguards, including:
- Encryption of data at rest and in transit (TLS 1.2+)
- Role-based access controls and least-privilege principles
- Multi-tenant isolation to prevent cross-user data access
- Secure credential handling (see Section 10)
- Regular security reviews
No system can guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.
10. Credentials Handling
- User-provided credentials (API keys, tokens, secrets) are encrypted at rest using industry-standard encryption
- Credentials are never logged in plain text
- Credentials are used exclusively during execution of user-defined actions
- Credentials are never shared with third parties beyond what is necessary to execute user-defined integrations
Users are responsible for revoking and rotating credentials if they believe they have been compromised.
11. Logging and Monitoring
We collect limited operational logs including:
- Execution status codes
- Timing and performance metadata
- System-level diagnostics
We do not log:
- API keys or secrets
- Authorization headers
- Sensitive payload data
Logs are retained for a maximum of 90 days and then automatically deleted.
12. Data Retention
We retain personal data only as long as necessary for the stated purpose:
| Data type | Retention period |
|---|---|
| Account data | For the duration of your account, plus 30 days after deletion |
| Billing records | 7 years (legal/tax obligation) |
| Usage analytics | 12 months, then aggregated/anonymised |
| Operational logs | 90 days |
| AI App configurations | Until deleted by user or account closure |
| Credentials | Until deleted by user or account closure |
You may request early deletion of your data at any time (see Section 15).
13. International Data Transfers
Typrio may process personal data in jurisdictions outside your country of residence, including countries that may not offer the same level of data protection as your home country.
Where such transfers occur, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
You may request information about the specific safeguards applicable to a transfer by contacting [email protected].
14. Data Processing Agreements (DPA)
Where Typrio acts as a Data Processor on behalf of business users (e.g., when executing AI Apps that process end-user personal data), a Data Processing Agreement is available upon request. Please contact [email protected] to obtain a DPA.
15. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data (“right to be forgotten”) |
| Restriction | Request that we limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent at any time where processing is consent-based |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing a request.
Supervisory Authority
If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority (DPA). A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
If you are based in Portugal, the relevant authority is the Comissão Nacional de Proteção de Dados (CNPD): https://www.cnpd.pt
16. Data Protection Officer
Based on our current scale and the nature of data we process, we are not required to appoint a Data Protection Officer under Article 37 of the GDPR. Privacy-related enquiries can be directed to [email protected].
17. Children's Privacy
The Services are not directed at or intended for use by children under the age of 13 (or the applicable minimum age in your jurisdiction, which may be higher). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will take steps to delete it.
18. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Notify you by email (to the address associated with your account) at least 14 days before the changes take effect
- Display a prominent notice within the Services
- Update the “Last updated” date at the top of this policy
Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes. If you do not agree to the updated policy, you should discontinue use and may request deletion of your account.
19. Contact
For privacy-related enquiries, requests, or complaints:
Email: [email protected]
We aim to respond to all requests within 30 days.
Summary
Typrio is designed to:
- Minimise data collection and retain data only as long as necessary
- Give users meaningful control and transparency over their data
- Enable powerful integrations responsibly, with clear subprocessor disclosure
- Comply with applicable data protection laws, including the GDPR