Privacy Policy

1. Introduction

Nothing Serious is an AI-powered personal automation platform that orchestrates everyday operations — communication, scheduling, finance, task management — through intelligent agents acting on behalf of its users. This Privacy Policy describes how the platform collects, processes, stores, and protects information in the course of delivering its services.

Access to Nothing Serious is granted solely at the operator's discretion. The platform is not offered as a public service and is not available for general registration.

2. Information we collect

The platform collects and processes the following categories of information:

• Account credentials: passwords, session tokens, and authentication state required to maintain secure access to the platform.
• Connected service data: content retrieved from third-party services (email, messaging, calendar, financial accounts) that users explicitly authorise the platform to access on their behalf.
• User-generated content: errands, notes, reminders, categories, configuration preferences, and other data created directly within the platform.
• Automated processing outputs: summaries, classifications, extractions, and decisions produced by the platform's AI agents in the course of performing delegated tasks.
• Operational metadata: timestamps, request logs, error traces, and performance metrics collected for system reliability, debugging, and service improvement.
• LLM interaction logs: prompts sent to and responses received from language model providers, retained for quality assurance, cost tracking, and diagnostic purposes.

3. How we use information

Information collected by the platform is used exclusively to:

• Execute automations and agent workflows on behalf of authorised users.
• Maintain and improve the reliability, performance, and security of the platform.
• Generate insights, summaries, and recommendations through AI-powered analysis.
• Synchronise data across connected services as directed by the user's configuration.
• Monitor system health, diagnose errors, and resolve operational incidents.

The platform does not use collected information for advertising, profiling, or any purpose unrelated to the direct delivery of its services.

4. Third-party services and data sharing

The platform integrates with external services to perform its functions. These may include, but are not limited to: Google (Gmail, Calendar), Telegram, Discord, Notion, financial data providers, cloud infrastructure services, and large language model providers (e.g. Anthropic, OpenAI).

When the platform interacts with these services, data is transmitted in accordance with each provider's own terms and privacy policies. The platform shares only the minimum data necessary to fulfil the requested operation.

No user data is sold, licensed, or disclosed to third parties for their independent use. Data is shared with third-party services only as a necessary component of executing user-directed automations.

5. AI processing and language models

The platform relies on large language models to classify, summarise, extract, and reason about user data. Content submitted to LLM providers is governed by those providers' data handling policies. The platform selects providers that offer commercial API terms with no training on customer data, and configures requests to minimise data exposure where provider options allow.

Users should be aware that AI-generated outputs are probabilistic and may contain inaccuracies. The platform is designed to surface AI outputs for human review rather than to act autonomously on consequential decisions without oversight.

6. Data storage and security

Data is stored in encrypted databases hosted on managed cloud infrastructure. Service credentials are encrypted at rest using symmetric encryption (Fernet). OAuth tokens and session data are stored in access-controlled database collections. Infrastructure access is restricted to the platform operator.

The platform employs HTTPS for all data in transit, CSRF protection for web interfaces, and role-based access controls for administrative functions. No analytics, tracking pixels, advertising scripts, or third-party telemetry are present in the platform.

7. Data retention

Data is retained for as long as the platform remains in active use. Operational logs and LLM interaction records may be retained for a longer period for diagnostic and cost-accounting purposes. Users may request deletion of their data by contacting the operator; such requests will be fulfilled within a reasonable timeframe, subject to any technical or legal constraints.

8. User rights

Authorised users may request access to, correction of, or deletion of their personal data by contacting the operator directly. As the platform operates under invitation and at the operator's discretion, the scope and mechanism of these rights are determined on a case-by-case basis.

9. Changes to this policy

This Privacy Policy may be updated from time to time to reflect changes in the platform's functionality, data practices, or legal requirements. The effective date at the top of this page indicates when the policy was last revised. Continued use of the platform following any update constitutes acceptance of the revised policy.

10. Contact

For questions, concerns, or requests related to this Privacy Policy or the platform's data practices, contact the platform operator directly through the channels made available to authorised users.