Privacy Policy
Last updated: May 27, 2026
Rhycon ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.rhycon.ai and related services.
1. Information We Collect
Account Information: When you sign up, we collect your name, email address, company name, and other details you provide during onboarding such as industry, target audience, product description, and business type.
Profile Images: If you upload a profile picture during onboarding, we store the image in secure cloud storage and associate it with your workspace. This image may be applied to outreach mailbox accounts on your behalf.
Signature Information: If you provide signature details (job title, phone number, or other optional information), we store these to personalise outreach emails sent on your behalf.
Google Account Sign-In: If you choose to sign in with Google, we use the standard OpenID Connect scopes (openid, email, and profile) to create and identify your Rhycon account using your name and email address. Sign-in does not grant access to any other Google data.
Calendar Data: If you connect your Google Calendar, we access your calendar availability to check for scheduling conflicts and create meeting events on your behalf. We request the following Google OAuth scopes:
calendar— to check your availability (free/busy) and read existing events so we do not double-book youcalendar.events— to create, update, and cancel the meeting events we book on your behalfuserinfo.email— to identify which Google account you connected
We do not read, store, or share the content of your existing calendar events beyond what is strictly necessary to determine your availability windows.
Email Data: If you connect an email account or we provision mailboxes on your behalf, we access those accounts to send outreach emails and process replies as configured by you. We store email metadata (sender, recipient, subject, timestamps) and reply content to manage conversations and track campaign performance.
Usage Data: We collect information about how you interact with our platform, including features used, pages visited, and actions taken. This includes device type, browser, IP address, and referring URL.
Payment Information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number. We receive and store your subscription status, plan details, and billing identifiers from Stripe.
2. How We Use Your Information
We use the information we collect to:
- Provide and operate our AI-powered outreach and appointment-setting service
- Generate personalised email content using AI based on your business context
- Provision and configure email mailboxes for outreach campaigns
- Check your real-time calendar availability and schedule meetings on your behalf
- Apply your profile picture and signature to outreach mailbox accounts
- Process payments and manage your subscription
- Improve and optimise our platform
- Communicate with you about your account and service updates
- Comply with legal obligations
3. AI-Generated Content
Rhycon uses artificial intelligence to generate email content, search profiles, and outreach strategies based on the business information you provide during onboarding. AI-generated content is created for your use within the platform. We do not use your business data to train AI models. The third-party AI providers we use process data according to their respective API terms, which prohibit using API inputs for model training.
4. Google API Services
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only access Google Calendar data to check availability and create events you have authorised
- We do not use Google user data for advertising purposes
- We do not sell Google user data to third parties
- We do not use Google user data to build user profiles for advertising
- Access tokens are stored securely and can be revoked by you at any time by disconnecting your Google account
5. SMS Communications
Rhycon administrators may opt in to receive operational SMS alerts (such as system errors, deployment notifications, and service status updates) by adding their phone number to the internal admin settings within the Rhycon platform. This program is limited to Rhycon's own personnel and is not available to customers or end users.
Message frequency varies based on system events. Message and data rates may apply. Reply HELP for help or STOP to unsubscribe at any time.
We do not share mobile opt-in data, phone numbers, or SMS consent information with third parties or affiliates for marketing or promotional purposes. SMS data is used solely for internal operational alerting.
6. Third-Party Services
We use the following third-party services to operate our platform:
- Supabase — database hosting, authentication, and file storage (EU region)
- Vercel — application hosting and deployment
- Stripe — payment processing
- Google Workspace APIs — calendar integration
- OpenAI / Anthropic — AI content generation (API only, no training on your data)
- Resend — transactional email delivery (system notifications only)
Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.
7. Data Sharing
We do not sell your personal information. We may share data with service providers who help us operate our platform (as listed above), when required by law or legal process, to protect the rights and safety of our users and the public, and with your consent or at your direction.
8. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure OAuth 2.0 token storage with encryption
- Row-level security (RLS) on database tables
- Role-based access controls for workspace data
- Regular security assessments
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
9. Data Retention
We retain your data for as long as your account is active or as needed to provide our services. Specifically:
- Account and workspace data is retained while your subscription is active
- Email campaign data is retained for 12 months after a campaign ends
- Calendar OAuth tokens are retained until you disconnect your calendar or delete your account
- Profile images are retained until you remove them or delete your account
You may request deletion of your account and all associated data at any time by contacting us.
10. Your Rights (GDPR and Global)
Depending on your location, you may have the following rights under GDPR, UK GDPR, CCPA, or other applicable data protection laws:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Portability — request your data in a machine-readable format
- Restriction — request that we limit processing of your data
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at james@rhycon.ai. We will respond within 30 days.
Legal basis for processing (GDPR): We process your data based on contractual necessity (to provide the service you signed up for), legitimate interests (to improve our platform and prevent fraud), and consent (for optional features like calendar integration and profile image uploads).
11. International Data Transfers
Our primary database is hosted in the EU (Supabase, eu-north-1 region). Some third-party services may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the service provider's participation in recognised data protection frameworks.
12. Cookies
We use essential cookies to maintain your session, authentication state, and preferences. We do not use third-party advertising or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.
13. Children's Privacy
Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Rhycon
Dogpatch Labs, Dublin, Ireland
james@rhycon.ai