Privacy Policy

Last Updated: December 4, 2025

1. Introduction

SmartAgentics ("Company," "we," "our," or "us"), a North Carolina company, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Lori AI Assistant ("Service"), our AI-powered meeting scheduling assistant.

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

Account Information
  • Name and email address
  • Microsoft Office 365 account credentials (via OAuth 2.0 - we never see or store your password)
  • Organization and company information
  • Scheduling preferences and settings
  • Subscription and billing information
Calendar and Email Data

To provide our scheduling services, we access:

  • Calendar availability, events, and meeting details
  • Email content related to meeting coordination
  • Contact information for meeting participants
  • Email metadata (sender, recipients, timestamps)
Usage and Technical Data
  • Feature usage patterns and interaction data
  • Response times and scheduling metrics
  • Device information, browser type, and IP address
  • Error logs and diagnostic information

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Consent: When you authorize access to your Microsoft account and email data
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Legal Obligations: When required to comply with applicable laws

4. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the scheduling Service
  • Analyze emails and generate AI-powered responses on your behalf
  • Coordinate meetings and manage calendar invitations
  • Improve and personalize your experience
  • Communicate service updates, security alerts, and support messages
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

5. AI Processing and Third-Party AI Services

How AI Processes Your Data:

Our AI system analyzes email content to understand scheduling requests, generate appropriate responses, and coordinate meeting times. This processing includes:

  • Natural language understanding of email content
  • Intent classification (scheduling requests, confirmations, declines)
  • Response generation for meeting coordination
  • Pattern learning for your communication preferences (per-user only)

Third-Party AI Provider:

We use OpenAI as our AI processing provider. When you use the Service:

  • Email content and context are transmitted to OpenAI's API for processing
  • OpenAI processes data according to their Privacy Policy and API Data Usage Policy
  • We use OpenAI's API with data retention disabled where available
  • OpenAI does not use API data to train their models (per their API terms)

AI Training:

  • Your data is NOT used to train general AI models shared across users
  • We may use anonymized, aggregated data to improve Service quality
  • Per-user learning is isolated to your account only

6. Automated Decision Making

The Service uses automated processing to:

  • Classify email intent (scheduling request, confirmation, decline)
  • Generate suggested email responses
  • Recommend optimal meeting times
  • Prioritize follow-up actions

These automated processes assist in scheduling but do not make legally significant decisions about you. You retain control over all emails sent on your behalf and can review AI-generated content before sending.

7. Data Sharing and Sub-processors

We do not sell your personal information.

We share data with the following categories of recipients:

Sub-processors
Provider Purpose Location
OpenAI AI/ML processing for email analysis and response generation United States
Microsoft Email and calendar integration via Graph API United States
Replit Application hosting and infrastructure United States
PostgreSQL (Neon) Database services United States
Other Disclosures
  • Legal Requirements: When required by law, subpoena, or legal process
  • Protection of Rights: To protect our rights, property, or safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

8. Cookies and Tracking Technologies

We use the following technologies:

  • Essential Cookies: Required for authentication and session management
  • Functional Cookies: Remember your preferences and settings

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings.

9. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Secure OAuth 2.0 authentication with Microsoft
  • Regular security monitoring and vulnerability assessments
  • Access controls and role-based permissions
  • Secure infrastructure hosted on Replit

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • Email Content: Processed in real-time; not permanently stored beyond coordination needs
  • Coordination Records: Retained for 90 days for service continuity
  • Usage Logs: Retained for 12 months for security and improvement purposes

You can request earlier deletion by contacting us.

11. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent at any time (including Microsoft account access)

To exercise these rights, contact us at info@smartagentics.ai. We will respond within 30 days.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell or share your personal information as defined by the CCPA/CPRA.

To submit a request, email info@smartagentics.ai with "California Privacy Request" in the subject line.

13. International Data Transfers

Your data is primarily processed in the United States. If you are located outside the United States, your data will be transferred to and processed in the U.S.

For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our sub-processors

14. Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify affected users within 72 hours of discovery (or as required by law)
  • Notification will include the nature of the breach, data affected, and remediation steps
  • We will notify relevant supervisory authorities as required

15. Children's Privacy

The Service is intended for business professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will promptly delete it.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

  • Update the "Last Updated" date at the top of this page
  • Notify you of material changes via email or in-app notification at least 30 days in advance
  • Obtain consent for significant changes where required by law

Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us:

SmartAgentics
North Carolina, United States

Email: info@smartagentics.ai

Website: https://loriagent.ai

We aim to respond to all privacy inquiries within 30 days.

Back to Home