Skip to content
Synve

Vortyx privacy

Vortyx Privacy Policy

Vortyx helps users capture work, connect calendars and communication tools, identify operational follow-ups, create tasks, manage recurring responsibilities, and surface continuity reminders.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you use Vortyx.

Use of Vortyx is also governed by the Terms of Service.

Google API disclosure

For Google API-specific details, review how Vortyx uses Google data, OAuth scopes, Gmail access, AI processing, and user controls.

Read How Vortyx Uses Google Data

Effective Date

May 25, 2026

Last Updated

May 25, 2026

Company

SYNVE TECHNOLOGIES PRIVATE LIMITED

Contact

contact@synve.ai

Website

https://synve.ai/vortyx

1. Roles and Responsibilities

For personal accounts, Vortyx generally acts as a data controller for account, product, security, billing, and support operations.

For organization-managed or workspace-managed deployments, Vortyx may act as a data processor or service provider on behalf of the workspace administrator or organization for workspace content and connected-service data, depending on the applicable agreement and configuration.

Workspace administrators and members are responsible for ensuring they have the right to add, share, or process content inside a workspace.

2. Information We Collect

We collect the following categories of information.

Account Information

When you create or use an account, we may collect:

  • Name
  • Email address
  • Profile image
  • Authentication provider identifiers
  • Workspace membership and role information
  • Region and workspace preferences

Workspace and Productivity Data

When you use Vortyx, we may collect and process:

  • Tasks, plans, notes, captures, reminders, recurring loops, and operational context
  • Workspace names, membership records, invite records, and shared workspace metadata
  • User-generated content entered into the app
  • AI-generated summaries, suggestions, classifications, and insights
  • Notification preferences and delivery records

Voice and Capture Data

If you use voice capture or transcription features, we may process:

  • Audio recordings or streamed audio
  • Transcripts
  • Extracted tasks, summaries, and follow-up suggestions
  • Usage metrics related to capture and transcription

Calendar Data

If you connect a calendar provider, we may access calendar information needed to provide scheduling, availability, reminders, and planning features, such as event times, titles, availability windows, and calendar identifiers.

Email Data

If you connect Gmail or another email provider, we may access email data only with your permission and only for Vortyx features you choose to use. Gmail analysis and synchronization occur only after you connect a Google account and enable related Vortyx features.

For Gmail, Vortyx may request https://www.googleapis.com/auth/gmail.readonly to read email messages and metadata only for user-facing Vortyx features such as detecting actionable work, follow-ups, waiting states, commitments, unresolved work, and review items.

Vortyx may also request https://www.googleapis.com/auth/gmail.send to send emails only when you explicitly initiate, approve, or trigger an email sending action inside Vortyx.

Vortyx does not request Gmail access for advertising, contact scraping, unrelated analytics, bulk email generation, resale, or generalized model training.

For Microsoft Outlook Mail, Vortyx may request Microsoft permissions needed to read mail and send user-approved messages. Outlook Mail access is used only to provide user-enabled email review, follow-up, task, draft, send, and continuity tracking features.

Device, Usage, and Log Data

We may collect:

  • Device type, operating system, app version, locale, timezone, and region
  • IP address and approximate location derived from network information
  • Request IDs, crash logs, diagnostic logs, and performance data
  • Feature usage, quota usage, and subscription status

3. How We Use Information

We use personal information to:

  • Provide, maintain, secure, debug, and improve the reliability, performance, and core functionality of Vortyx
  • Authenticate users and maintain secure sessions
  • Create and manage workspaces
  • Generate tasks, reminders, follow-up suggestions, summaries, and user-visible operational insights
  • Detect stalled work, unresolved follow-ups, recurring responsibilities, and missed commitments
  • Sync approved calendar, email, Slack, and other connected-service data
  • Send notifications requested or enabled by the user
  • Process subscriptions and entitlements
  • Prevent fraud, abuse, security incidents, and unauthorized access
  • Comply with legal obligations

We do not use Gmail content, calendar content, workspace content, voice transcripts, or private task content for advertising.

Google Workspace data is not used to develop, improve, or train generalized AI or machine learning models.

Google Workspace API data is processed only to provide user-facing Vortyx functionality requested or enabled by the user.

Microsoft Outlook, Microsoft Calendar, Slack, and other connected-service data are processed only to provide Vortyx functionality requested or enabled by the user.

4. Google API Limited Use Disclosure

Vortyx's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google user data only to provide or improve user-facing Vortyx features that are visible and expected by the user.
  • We request only the minimum Google OAuth scopes needed for implemented features.
  • We do not sell Google user data.
  • We do not use Google user data for advertising, retargeting, personalized ads, interest-based ads, or cross-context behavioral advertising.
  • We do not use Google user data to determine creditworthiness or for lending purposes.
  • We do not transfer Google user data to data brokers, advertising platforms, or information resellers.
  • We do not sell or license Google user data to data brokers or information resellers.
  • We do not use Gmail data for contact scraping, bulk email generation, unrelated analytics, or marketing profiling.
  • Background email analysis occurs only for integrations and features explicitly enabled by the user.
  • We do not allow humans to read Google email content by default.
  • If we materially change how we use Google user data, we will update this Privacy Policy and request renewed consent where required.

5. Google OAuth Scope Usage

Vortyx uses Google OAuth scopes only for the features the user enables.

Gmail Read-Only Scope

https://www.googleapis.com/auth/gmail.readonly is used solely to:

  • Identify emails that may require user follow-up
  • Detect waiting states, commitments, unresolved work, and follow-up needs
  • Generate user-visible review items
  • Create user-approved tasks, reminders, recurring loops, summaries, or draft response actions
  • Support user-requested email review and continuity tracking features

Gmail Send Scope

https://www.googleapis.com/auth/gmail.send is used solely to:

  • Send emails that the user explicitly initiates or approves inside Vortyx
  • Send user-approved replies or follow-ups generated from a review or action flow

Vortyx does not automatically send Gmail messages without user authorization.

Vortyx does not autonomously send external communications or perform external actions without user authorization except where explicitly configured by the user.

6. How Email Data Is Used

When Gmail, Microsoft Outlook Mail, or another email provider is connected, Vortyx may process message metadata, sender and recipient information, subject lines, timestamps, message snippets, message bodies, and thread context only as needed to provide email-related features.

These features may include:

  • Identifying emails that may require action
  • Detecting follow-ups and waiting states
  • Creating review items
  • Suggesting tasks or recurring operational loops
  • Preparing draft responses or follow-ups
  • Sending user-approved emails through the connected email provider

Review items generated from a personal email account are not treated as shared workspace content unless the user explicitly confirms, converts, saves, or shares them into workspace-scoped tasks, loops, or related objects.

Personal connected-service content is not automatically shared with workspace members unless the user explicitly creates, converts, shares, or collaborates on workspace-scoped objects derived from that content.

7. How Calendar Data Is Used

When Google Calendar, Microsoft Outlook Calendar, or another calendar provider is connected, Vortyx may process calendar data only as needed for user-enabled scheduling, availability, planning, task scheduling, reminder, and calendar event features.

Calendar data may include calendar identifiers, event titles, descriptions, locations, attendees, start and end times, availability windows, and scheduling metadata where needed for the feature.

Vortyx does not use connected calendar data for advertising, resale, data brokerage, or unrelated analytics.

8. How Slack Data Is Used

When Slack is connected, Vortyx may process Slack workspace, channel, user, message, thread, interaction, and command data only as needed for user-enabled Slack integration features.

Slack-related features may include:

  • Connecting or binding a Slack workspace to a Vortyx workspace
  • Handling Slack commands, interactions, or user-invoked capture flows
  • Creating review items, tasks, summaries, or continuity objects from user-invoked Slack captures
  • Maintaining Slack connection status and user-linking state

Vortyx does not use Slack data for advertising, resale, data brokerage, broad workspace surveillance, or unrelated analytics.

Slack content is not automatically converted into workspace-scoped Vortyx objects unless a user invokes, confirms, saves, or enables a related Vortyx feature.

9. Human Access to Private Content

Human access to private email, calendar, voice, workspace, or task content is prohibited by default and restricted to:

  • Explicit user-authorized support interactions
  • Security investigation
  • Abuse prevention
  • Legal compliance
  • Reliability debugging where strictly necessary and access-controlled

Such access is limited to authorized personnel, logged where technically feasible, and restricted based on role and operational necessity.

10. AI Processing

Vortyx may use AI systems and service providers to generate summaries, classifications, action suggestions, task suggestions, and user-visible operational insights.

When AI processing is used:

  • We send only the information reasonably needed for the requested feature.
  • We minimize the amount of personal information sent to AI systems where reasonably possible.
  • We use safeguards to reduce unnecessary exposure of personal data.
  • AI service providers act as data processors or service providers on our behalf.
  • We require service providers to process data only for providing services to Vortyx, subject to contractual confidentiality, security, and data-use restrictions.
  • We do not use connected Gmail data to train general-purpose AI models.
  • We configure AI providers, where available, to prohibit the use of Vortyx-submitted Google Workspace data for generalized model training.
  • We select providers and configurations intended to minimize retention and secondary use of submitted data.

Vortyx may use automated systems to classify tasks, identify operational follow-ups, prioritize review items, or generate recommendations. These systems assist users but do not make legally significant decisions about users without human involvement.

Certain generated tasks, follow-ups, reminders, or suggested actions may require user review or confirmation before execution.

11. Cookies, SDKs, and Analytics

Vortyx may use cookies, mobile SDKs, analytics tools, crash reporting tools, app-store or subscription infrastructure, and security technologies to operate and improve the service.

These tools may process:

  • Device identifiers
  • App version and device information
  • Crash diagnostics
  • Performance metrics
  • Subscription and entitlement status
  • Security and abuse-prevention signals
  • Feature usage and reliability metrics

We do not use Google Workspace data for targeted advertising or cross-context behavioral advertising.

12. Sharing of Information

We may share information with:

  • Cloud hosting, database, authentication, logging, analytics, payment, notification, AI, and infrastructure providers
  • Connected services you authorize, such as Google, Microsoft, Slack, or Apple
  • Other members of a workspace, where you create or share workspace-scoped content
  • Legal authorities where required by law
  • Successor entities in connection with a merger, acquisition, financing, or sale of assets, subject to applicable law

We do not sell personal information.

Vortyx does not sell or license personal information to data brokers or information resellers.

We do not share personal information for cross-context behavioral advertising or use personal information for targeted advertising based on data obtained from Google Workspace APIs.

13. Subprocessors and Service Providers

Vortyx uses service providers and subprocessors to provide hosting, storage, authentication, payment processing, analytics, notification delivery, AI processing, crash reporting, and operational monitoring.

Examples of provider categories may include:

  • Cloud infrastructure providers
  • Authentication providers
  • AI processing providers
  • Payment and subscription providers
  • Email, calendar, and messaging integration providers
  • Logging, monitoring, and crash-reporting providers
  • Analytics and reliability providers

We may maintain a list of major subprocessors and infrastructure providers upon request or through our website.

14. Data Retention

We retain personal information only as long as reasonably necessary to provide Vortyx, comply with legal obligations, resolve disputes, enforce agreements, and maintain security.

Typical retention rules:

  • Account data is retained while your account is active.
  • OAuth credentials and tokens are retained only while the relevant integration remains connected or as needed for security, audit, or legal purposes.
  • Review items, tasks, loops, workspace content, insights, and generated summaries are retained until deleted by the user or workspace, or until no longer needed.
  • Diagnostic logs are retained for a limited operational period.
  • Deleted data may remain in backups for a limited period before deletion according to backup rotation schedules.

When a Google, Microsoft, Slack, or other connected-service integration is disconnected, Vortyx stops future synchronization and access to that connected account where supported. Previously generated user-visible artifacts, such as tasks, reminders, review items, summaries, or loops, may remain until deleted by the user or workspace administrator.

OAuth tokens are revoked or deleted when integrations are disconnected where technically supported.

You may disconnect integrations or request account deletion at any time.

Users may request deletion of their account and associated personal information by contacting the privacy contact listed below or through account settings where available. Some information may be retained where required for security, fraud prevention, legal compliance, dispute resolution, or backup recovery purposes.

15. Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including:

  • Encryption in transit
  • Encryption at rest where supported by infrastructure providers
  • Encrypted storage mechanisms for OAuth credentials and tokens
  • Access controls and least-privilege permissions
  • Role-based restrictions for production-system access
  • Audit and diagnostic logging
  • Secure token and secrets management practices
  • Monitoring for abuse and operational failures
  • Periodic review of access permissions and security controls

No system is completely secure, but we work to protect information against unauthorized access, loss, misuse, and alteration.

If we become aware of a security incident affecting personal information, we may investigate, mitigate, and provide notifications consistent with applicable law.

16. Data Location and International Transfers

Data may be processed and stored in countries where Vortyx or its service providers operate.

Where personal information is transferred internationally, we use appropriate safeguards such as contractual protections and recognized transfer mechanisms where required by applicable law.

17. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access personal information
  • Correct inaccurate information
  • Delete personal information
  • Export or receive a copy of your data
  • Restrict or object to processing
  • Withdraw consent
  • Disconnect integrations
  • Opt out of sale or sharing, where applicable
  • Appeal a denied privacy request, where required by law

We respond to verified privacy requests within the time periods required by applicable law. Additional identity verification may be required before fulfilling certain requests.

To exercise rights, contact us at contact@synve.ai.

18. GDPR, EEA, UK, and Swiss Users

If you are in the EEA, UK, or Switzerland, our legal bases may include:

  • Contract necessity, to provide Vortyx
  • Consent, for optional integrations and permissions
  • Legitimate interests, such as security, reliability, abuse prevention, product support, and product reliability improvement
  • Legal obligation, where required by law

You may have the right to lodge a complaint with your local data protection authority.

Where personal information is transferred internationally, we use appropriate safeguards such as contractual protections and recognized transfer mechanisms where required.

19. US State Privacy Rights

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other US states may have additional rights under applicable privacy laws.

We do not:

  • Sell personal information
  • Share personal information for cross-context behavioral advertising
  • Use personal information for targeted advertising based on data obtained from Google Workspace APIs

Vortyx does not sell personal information as defined under applicable US privacy laws. Vortyx does not share personal information for targeted advertising or cross-context behavioral advertising.

If required by applicable law, you may request to know, access, correct, delete, or obtain a portable copy of your personal information.

20. Children

Vortyx is not directed to children under 13 and is not intended for use by children. We do not knowingly collect personal information from children under 13.

21. Integration Disconnection

You may disconnect Google, Microsoft, Slack, calendar, email, or other integrations from within Vortyx where available.

Disconnecting an integration prevents future access to that provider's data, but previously generated Vortyx content may remain until deleted.

You may also revoke Google access from your Google Account permissions page.

22. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice through the app, website, or other appropriate means. If changes affect how we use Google user data or other connected-service data, we will request renewed consent where required.

23. Contact

For privacy questions or requests, contact SYNVE TECHNOLOGIES PRIVATE LIMITED at contact@synve.ai.

Address: 740 5TH STAGE, BEML LAYOUT, Rajarajeshwarinagar, Bangalore South, Bangalore - 560098, Karnataka, India.