Introduction
This Privacy Policy describes how Keus S.r.l. ("we", "us", or "our") collects, uses, and protects your personal data when you use SayNo (the "Service"), accessible at https://sayno.dev and https://app.sayno.dev.
SayNo is a productivity application that helps founders and executives prioritize tasks using the Signal/Noise framework, with AI-powered auto-scheduling to Google Calendar.
Owner and Data Controller:
Keus S.r.l.
Via Vincenzo Stefano Breda 36
35010 Limena (PD), Italy
Email: hello@keus.dev
Data We Collect
Account Information
When you create an account, we collect:
- Name and email address (provided via Google OAuth)
- Google account identifier (for authentication)
- Subscription status and payment information (processed by Stripe)
Data You Provide
When using the Service, you may provide:
- Tasks and goals you create
- Time estimates and deadlines for tasks
- Journal entries and notes
- Operative time slots (your preferred working hours)
- Telegram ID (if you connect the Telegram bot)
- Voice notes sent via Telegram (transcribed and processed)
Google Calendar Data
To provide automatic task scheduling, we access your Google Calendar through the Google Calendar API. Specifically, we access:
- Calendar event titles, times, and duration from calendars you select
- Free/busy availability information
- Calendar list (names and IDs of your calendars)
Purpose: This data is used solely to identify available time slots and automatically schedule your tasks during your preferred working hours.
What we do NOT access:
- Event descriptions or notes
- Attendee information or email addresses
- Calendar sharing settings
- Any calendars you have not explicitly selected
Automatically Collected Data
When you use the Service, we automatically collect:
- IP address and approximate location
- Browser type and device information
- Usage data (pages visited, features used, timestamps)
- Error logs for troubleshooting
How We Use Your Data
We use your data for the following purposes:
Core Service Functionality
- Authentication: Verifying your identity via Google OAuth
- Task Management: Storing and displaying your tasks, goals, and journal entries
- Calendar Integration: Reading your calendar events to find available time slots
- Auto-Scheduling: Creating calendar events for your scheduled tasks
- Telegram Bot: Processing voice notes and messages to create tasks
- Reminders: Sending daily task reminders via Telegram (if enabled)
AI-Powered Features
- Intelligent Scheduling: Analyzing your calendar availability and task priorities to suggest optimal scheduling
- Voice Transcription: Converting voice notes to text
- Journal Analysis: Extracting structure, mood, and mentions from journal entries
Service Improvement
- Analytics: Understanding how users interact with the Service
- Error Tracking: Identifying and fixing technical issues
- Feature Development: Improving existing features and developing new ones
Third-Party Services
We use the following third-party services to operate SayNo:
Google APIs
| Services used | Google OAuth 2.0, Google Calendar API |
| Data shared | Your email, name, and calendar data (events, availability) |
| Purpose | Authentication and calendar integration for auto-scheduling |
| Your control | Revoke access at myaccount.google.com/permissions |
Our use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Stripe
| Data shared | Email address, subscription status, payment method |
| Purpose | Processing subscription payments and managing billing |
| Privacy policy | stripe.com/privacy |
Anthropic (Claude AI)
| Data shared | Task titles, time estimates, calendar availability, journal text |
| Purpose | AI-powered scheduling, transcription, journal analysis |
| Privacy policy | anthropic.com/privacy |
Telegram
| Data shared | Your Telegram user ID, messages and voice notes |
| Purpose | Voice note capture, task creation, daily reminders |
| Privacy policy | telegram.org/privacy |
Amazon Web Services (AWS)
| Services used | Lambda, DynamoDB, S3, CloudFront, EventBridge, SES |
| Data stored | All account data, tasks, goals, and journal entries |
| Location | EU (Frankfurt) region |
| Privacy policy | aws.amazon.com/privacy |
Mixpanel
| Data shared | Anonymous usage events, user ID (hashed) |
| Purpose | Product analytics and feature usage tracking |
| Privacy policy | mixpanel.com/legal/privacy-policy |
Intercom
| Data shared | Name, email, usage context |
| Purpose | Customer support and in-app messaging |
| Privacy policy | intercom.com/legal/privacy |
Data Storage and Security
Where We Store Data
Your data is stored on Amazon Web Services (AWS) servers located in the European Union (Frankfurt region). Data may be transferred to and processed by third-party services listed above, some of which are located outside the EU.
How We Protect Data
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit: All data is transmitted over HTTPS/TLS
- Encryption at rest: Data stored in DynamoDB is encrypted
- Access controls: Only authorized personnel can access production systems
- Token security: Google OAuth tokens are encrypted before storage
- No password storage: We use Google OAuth exclusively
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While active + 30 days after deletion |
| Tasks and goals | While account is active |
| Calendar cache | Temporary, deleted within 24 hours |
| Voice notes | Deleted immediately after transcription |
| Analytics data | Up to 12 months |
| Payment records | As required by law (7-10 years) |
Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
| Right | Description |
|---|---|
| Access | Request a copy of all personal data we hold about you |
| Rectification | Request correction of inaccurate personal data |
| Erasure | Request deletion of your personal data |
| Restriction | Request that we limit how we use your data |
| Data Portability | Request your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time where processing is based on it |
To exercise any of these rights, contact us at hello@keus.dev. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In Italy, this is the Garante per la protezione dei dati personali.
Legal Basis for Processing
We process your data based on the following legal grounds:
| Data Type | Legal Basis |
|---|---|
| Account information | Contract performance |
| Tasks, goals, journal | Contract performance |
| Google Calendar data | Consent (OAuth authorization) |
| Payment information | Contract performance, legal obligation |
| Usage analytics | Legitimate interest |
| Voice notes | Consent (sending to bot) |
Cookies and Tracking
We use essential cookies for authentication and preferences, and analytics cookies (with your consent) to understand how users interact with the Service.
For detailed information about cookies, see our Cookie Policy.
Children's Privacy
SayNo is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@keus.dev.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated effective date, and sending an email notification for material changes.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
Email: hello@keus.dev
Address: Keus S.r.l., Via Vincenzo Stefano Breda 36, 35010 Limena (PD), Italy
Google API Disclosure
SayNo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request access to the Google Calendar scopes necessary for the Service to function
- We do not use Google user data for advertising purposes
- We do not sell Google user data to third parties
- We do not use Google user data to determine creditworthiness or for lending purposes
- We limit our use of Google user data to providing and improving the Service