Privacy Policy

Effective date: June 27, 2026

Curesso ("Curesso", "we", "us") is a personal AI assistant operated by an independent developer. This policy explains what data Curesso accesses, why, how it is protected, and the choices you have. Questions: zhoudengfeng3962@gmail.com.

What we access

Curesso only accesses data you explicitly connect, to perform the tasks you ask of it:

Google sign-in (OpenID Connect) — your email address and basic profile, to create and authenticate your account.
Google Calendar (if connected) — read and write your calendar events.
Google Tasks (if connected) — read and write your task lists.
Gmail (if connected) — read and send mail via IMAP/SMTP using an app password you provide.
Your messages and memory — the messages you send Curesso (via Telegram) and the long-term notes it keeps to remember your preferences and context.

How we use it

We use this data solely to provide the assistant features you request — for example, checking your day, drafting a reply, creating an event, or recalling something you told it earlier. We do not sell your data, and we do not use it for advertising.

Google Limited Use. Curesso's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train, develop, or improve generalized or non-personalized AI and/or machine learning models.

Processing by AI providers

To generate responses, the content relevant to your request is sent to large-language-model providers (Anthropic, OpenAI, and/or Google) acting as our processors. These providers process the data only to return a result to Curesso and, under their API terms, do not use it to train their models. Curesso routes this traffic through controlled infrastructure and does not share your data with any other third parties except as required to operate the service or comply with law.

How we protect it

Per-user isolation — your assistant runs in its own sandboxed container; data is not co-mingled between accounts.
Encrypted credentials — connected account tokens are stored with envelope encryption (AES-GCM, per-row wrapped keys).
Controlled egress and guardrails — outbound traffic is routed through a dedicated proxy, and deterministic checks guard against data exfiltration and prompt-injection attacks.

Retention and deletion

You stay in control of your data:

Disconnecting an integration on your dashboard deletes the stored credentials for that integration and revokes Curesso's access on your container.
You can revoke Curesso's access to your Google account at any time at myaccount.google.com/permissions.
To delete your account and all associated data, email zhoudengfeng3962@gmail.com and we will remove it.

Children

Curesso is not directed to children under 13 (or the age required by your jurisdiction), and we do not knowingly collect their data.

Changes

We may update this policy as the service evolves. Material changes will be reflected by updating the effective date above.

Contact

For any privacy question or request, contact zhoudengfeng3962@gmail.com.

← Back to home