Privacy Policy

Last updated: April 14, 2026

Gremly LLC ("Gremly," "we," "us," or "our") operates the Gremly mobile application (the "App") and the website gremly.app (the "Website," and together with the App, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Gremly, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

We collect information in the following categories:

1.1 Information You Provide Directly

Account Information: When you create an account, we collect your email address and authentication credentials (managed securely through our authentication provider). If you sign in through a third-party provider (such as Apple Sign-In or Google Sign-In), we receive your name and email address as authorized by you during the sign-in process.

Content You Create: Gremly is designed to capture and organize your thoughts. All content you enter into Gremly is stored to provide and improve your experience, including:

  • MindDrops (quick thoughts, ideas, and brain dumps)

  • Tasks, todos, and checklists

  • Habits and habit tracking data

  • Notes and journal entries

  • Conversations with Ask Gremly (our AI chat feature)

  • Space configurations and associated content

  • Evening Sweep decisions and Morning Brief interactions

Communications: If you contact us for support or feedback, we collect your email address and the contents of your communication.

1.2 Information Collected Automatically

Device Information: We collect information about the device you use to access Gremly, including device model, operating system and version, app version, unique device identifiers, and language/locale settings.

Push Notification Tokens: If you enable push notifications, we collect and store your device push notification token to deliver reminders, morning briefs, evening sweep prompts, and other notifications you have opted into.

Usage Data: We automatically collect information about how you interact with the App, including features used, frequency and timing of interactions, content classification outcomes, gauge and streak data, and crash reports and performance diagnostics.

Log Data: Our servers automatically record information when you access the Service, including IP address, access times, pages viewed, and referring URLs.

1.3 Information from Third-Party Integrations

Calendar Data: If you choose to connect an external calendar (Google Calendar or Microsoft Outlook), we access your calendar events in read-only mode. We use this data solely to display events within the App for daily planning purposes. We do not modify, delete, or share your external calendar data. You can disconnect your calendar at any time through Settings.

Subscription Data: If you subscribe to Gremly, Apple processes your payment through the App Store. We receive confirmation of your subscription status, purchase date, expiration date, and product identifiers through our payment processor (RevenueCat). We do not directly collect or store your payment card number, bank account details, or Apple ID password.

1.4 Website Analytics

Our Website may use analytics tools (such as Squarespace Analytics) to understand how visitors interact with gremly.app. These tools may collect anonymized data such as page views, referral sources, browser type, screen resolution, and approximate geographic region. This data is aggregated and does not personally identify you.

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide the Service: Storing and organizing your content, processing MindDrops through our AI classification pipeline, generating your Morning Brief and Evening Sweep, managing your Spaces, habits, and tasks, and displaying calendar events alongside your Gremly items.

AI-Powered Features: Classifying and enriching content you provide, generating personalized daily plans and weekly summaries, building and updating your Life Map (our persistent intelligence layer that learns your patterns over time), powering Ask Gremly conversations, and surfacing relevant context and suggestions.

Notifications: Sending push notifications you have opted into, including morning briefs, evening sweep reminders, habit reminders, and weekly summary alerts.

Subscription Management: Processing and managing your subscription status, verifying your access to paid features, and managing free trial periods.

Improvement and Development: Analyzing usage patterns to improve existing features, developing new features, diagnosing and fixing technical issues, and monitoring Service performance and reliability.

Communication: Responding to your support requests, sending important Service updates (such as changes to these terms), and notifying you of material changes to policies or features.

Legal and Safety: Complying with applicable laws and regulations, enforcing our Terms of Service, and protecting the rights, property, and safety of Gremly LLC, our users, and the public.

3. AI Processing

3.1 How AI Is Used

Gremly uses third-party AI services to power its core features. When you create content in Gremly, that content may be sent to one or more of the following AI providers for processing:

  • Anthropic (Claude models) — Used for content enrichment, weekly summaries, Life Map generation, and conversational features.

  • Google (Gemini models) — Used for content classification, triage decisions, chat processing, and daily context generation.

  • OpenAI (GPT models) — Used for content classification and processing tasks.

3.2 What Data Is Sent

When your content is processed by AI, we send the minimum information necessary for the task. This may include the text of your MindDrop or message, relevant context from your Life Map or recent activity (to personalize responses), and calendar event titles and times (for daily planning).

3.3 AI Data Retention by Providers

We access these AI services through their commercial APIs. Under their current API terms, these providers do not use data submitted through their APIs to train their models. However, providers may temporarily retain API inputs and outputs for abuse monitoring and safety purposes in accordance with their own privacy policies. We encourage you to review the privacy policies of Anthropic, Google, and OpenAI for details on their data handling practices.

3.4 Automated Decision-Making

Gremly uses AI to make automated decisions about your content, including classifying MindDrops into categories (task, habit, note, journal entry, etc.), prioritizing items for your Morning Brief, generating suggested enrichments (titles, descriptions, due dates), and determining Space assignments for saved items.

These automated decisions affect how your content is organized and presented within the App. You can always manually override AI classifications and suggestions. The AI classification system is designed to defer rather than guess when confidence is low.

3.5 AI Disclaimer

AI-generated outputs — including daily plans, weekly summaries, insights, chat responses, and organizational suggestions — are for informational and organizational purposes only. They do not constitute medical, legal, financial, therapeutic, or other professional advice. AI outputs may occasionally be inaccurate, incomplete, or inappropriate. You are responsible for reviewing and acting on AI-generated content at your own discretion.

4. Data Storage and Security

4.1 Where Your Data Is Stored

Your data is stored securely using Supabase, hosted on Amazon Web Services (AWS) infrastructure located in the United States.

4.2 Security Measures

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit using TLS/SSL for all data transmitted between your device, our servers, and third-party services

  • Row-level security (RLS) policies in our database, ensuring that each user can only access their own data

  • Secure authentication token storage on your device

  • Supabase Auth for account authentication and session management

  • Environment-level secrets management for API keys and sensitive configuration

  • Regular monitoring of our infrastructure for security issues

4.3 Security Limitations

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for any activity that occurs under your account.

5. Service Providers and Data Sharing

5.1 Service Providers

We share your data with the following categories of service providers solely as necessary to operate, maintain, and improve Gremly:

ProviderPurposeData SharedSupabase (AWS)Database hosting, authentication, real-time subscriptionsAll user content and account dataCloudflareAPI proxy (Cortex worker), background job processing, content deliveryContent sent for AI processing, notification dataAnthropicAI content enrichment, summaries, chatContent text, Life Map contextGoogleAI classification, triage, chat processing, search groundingContent text, relevant contextOpenAIAI classification and processingContent textRevenueCatSubscription management, billing status, trial trackingUser ID, subscription status, purchase eventsInngestBackground job orchestration (enrichment pipeline, notifications, summaries)Job payloads containing user IDs and content referencesAppleApp distribution, payment processing, push notificationsPurchase data, device tokens

5.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding 12 months.

5.3 Other Disclosures

We may disclose your information in the following circumstances:

  • Legal Requirements: If required to do so by law, regulation, or valid legal process (such as a subpoena or court order).

  • Safety and Rights: If we believe disclosure is necessary to protect the safety, rights, or property of Gremly LLC, our users, or the public.

  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would remain subject to this Privacy Policy or a policy at least as protective.

  • With Your Consent: When you have given us explicit permission to share specific information.

6. Data Retention

We retain your data as follows:

Data TypeRetention PeriodAccount informationFor the duration of your active accountContent (MindDrops, tasks, notes, habits, journal entries)For the duration of your active accountAsk Gremly conversationsActive chats retained indefinitely; general chats soft-archived after 30 days of inactivityLife Map and weekly summariesFor the duration of your active account (rebuilt periodically)Usage and analytics dataUp to 24 months, then aggregated or deletedPush notification tokensUntil you disable notifications or delete your accountSubscription dataFor the duration of your account plus any period required for billing dispute resolutionSupport communicationsUp to 36 months after resolution

Account Deletion: If you delete your account, we will delete your personal data within 30 days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements. Anonymized and aggregated data that cannot identify you may be retained indefinitely.

7. Cookies and Tracking Technologies

7.1 Website

Our Website (gremly.app) is hosted on Squarespace and may use cookies and similar technologies for essential website functionality (session management, security), analytics (page views, traffic sources, visitor behavior in aggregate), and preference storage (language, display settings).

You can control cookies through your browser settings. Disabling cookies may affect your ability to use certain features of the Website.

7.2 Mobile App

The Gremly mobile App does not use browser cookies. We use secure on-device token storage for authentication and may use standard mobile analytics frameworks for crash reporting and performance monitoring.

8. Third-Party Links and Services

Gremly may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you access.

9. Your Rights

9.1 All Users

Regardless of your location, you can:

  • Access your content within the App at any time

  • Correct your information by editing your content or account details within the App

  • Delete your account and all associated data by contacting us at support@gremly.app

  • Disconnect external calendar integrations at any time through Settings

  • Manage your notification preferences through your device settings and within the App

  • Cancel your subscription at any time through your Apple ID account settings

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as where we need to retain the data to complete a transaction or comply with legal obligations).

Right to Correct: You may request correction of inaccurate personal information.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Sale and Sharing of Personal Information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Categories of Personal Information Collected:

CCPA CategoryExamplesCollectedIdentifiersEmail address, device identifiers, IP addressYesPersonal information under Cal. Civ. Code § 1798.80Name, email addressYesInternet or network activityApp usage data, interactions, browsing history on our websiteYesGeolocation dataApproximate location from IP addressYes (approximate only)Sensory dataN/ANoProfessional or employment informationN/A (only if you voluntarily include in content)User-provided onlyEducation informationN/A (only if you voluntarily include in content)User-provided onlyInferencesAI-generated classifications, Life Map insights, behavioral patternsYesSensitive personal informationN/A (only if you voluntarily include in content)User-provided onlyBiometric informationN/ANo

How to Exercise Your Rights: Submit a verifiable consumer request by emailing support@gremly.app. We will verify your identity by confirming your email address associated with your account. We will respond to verifiable requests within 45 days. You may designate an authorized agent to make a request on your behalf.

California "Shine the Light" Law: California Civil Code Section 1798.83 permits California residents to request information about the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

9.3 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, the following applies:

Data Controller: Gremly LLC is the data controller for your personal data.

Lawful Bases for Processing: We process your personal data under the following lawful bases:

PurposeLawful BasisProviding the Service (storage, organization, AI features)Performance of contractSending notifications you opted intoConsentAnalytics and Service improvementLegitimate interestSecurity and fraud preventionLegitimate interestLegal complianceLegal obligationMarketing communications (if any)Consent

Your Rights Under GDPR: You have the right to access your personal data and receive a copy, rectify inaccurate or incomplete personal data, erase your personal data ("right to be forgotten"), restrict processing of your personal data, data portability (receive your data in a structured, machine-readable format), object to processing based on legitimate interest, withdraw consent at any time (without affecting the lawfulness of prior processing), and lodge a complaint with your local data protection authority.

International Data Transfers: Your data is transferred to and processed in the United States. We rely on the data processing agreements of our service providers, which include Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure appropriate safeguards for international data transfers.

Data Protection Contact: For GDPR-related inquiries, contact us at support@gremly.app.

9.4 Other U.S. State Privacy Laws

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or another state with comprehensive consumer privacy legislation, you may have similar rights to those described above, including the right to access, correct, delete, and opt out of certain processing. To exercise your rights, contact us at support@gremly.app. We will respond in accordance with applicable law.

10. Data Breach Notification

In the event of a security breach that results in unauthorized access to your personal data and poses a risk to your rights and freedoms, we will:

  • Notify affected users within 72 hours of becoming aware of the breach, where feasible

  • Provide details about the nature of the breach, the data affected, and the steps we are taking to address it

  • Notify relevant regulatory authorities as required by applicable law

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no industry-standard approach for responding to DNT signals, our Website does not currently respond to DNT signals. We do not track users across third-party websites for advertising purposes.

12. Children's Privacy

Gremly is not intended for use by anyone under the age of 13 (or 16 in the European Economic Area, United Kingdom, and Switzerland). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately at support@gremly.app.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our Website and, where appropriate, through a notification in the App or by email. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Gremly LLC
Email: support@gremly.app

For GDPR-related inquiries, CCPA/CPRA requests, or other privacy rights requests, please use the same email address and include "Privacy Request" in the subject line.