+1 (833) 799 - 0777

Persona

Privacy Policy

Last updated: November 12, 2025

At Persona, we are committed to protecting your privacy and being transparent about how we collect, use, and protect your Personal Data. This Privacy Policy explains our practices in clear, straightforward language. Please read it carefully to understand your rights and how we handle your information.

Definitions

The following terms, when used in this Privacy Policy, have the meanings set forth below:

  • Persona is defined as the entity that provides the Persona assistant and Service, and may be referred to as "we," "us," or "our."
  • Service is defined as the tools, automation, AI systems, communication features, and integrations provided by Persona.
  • User is defined as the individual or entity accessing the Service.
  • Personal Data is defined as any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular User.
  • Processing is defined as any operation performed on Personal Data, including collection, storage, use, disclosure, analysis, or deletion.
  • Email Data is defined as email content, headers, metadata, and any information associated with email communications.
  • Email Attachments is defined as files or documents attached to email communications.
  • Calendar Data is defined as calendar event titles, descriptions, attendee lists, times, locations, and associated metadata.
  • Contact Data is defined as contact information including names, email addresses, phone numbers, and other contact details.
  • Voice Data is defined as audio recordings, voice commands, and voice interactions with the Service.
  • Call Recording is defined as audio recordings of phone calls made through or with the Service, including support calls.
  • Automated Decision is defined as a decision made by automated systems without human intervention, such as automated email sending or calendar modifications.
  • Cookies is defined as small text files stored on your device that enable the Service to recognize you and remember your preferences.
  • Analytics Data is defined as aggregated information about how Users interact with the Service, including usage patterns, feature adoption, and performance metrics.
  • Third-Party Services is defined as external services, platforms, or providers that Persona integrates with or uses to provide the Service.
  • Provider is defined as a third-party service provider that processes Personal Data on Persona's behalf.
  • Retention Period is defined as the length of time Personal Data is stored before deletion.
  • Data Controller is defined as the entity that determines the purposes and means of Processing Personal Data.
  • Investigation is defined as a review or inquiry into suspected violations of the Terms of Service, fraud, abuse, security incidents, or legal concerns.
  • Account Data is defined as information associated with your account, including profile information, authentication credentials, and account settings.
  • Deletion Request is defined as a User's request to delete Personal Data or their account.

1. Information We Collect

We collect information necessary to provide, improve, and secure the Service. The types of information we collect depend on how you use the Service and which features you enable.

1.1 Email Data

When you connect your email account to the Service, we collect and store full email content, including headers, body text, and Email Attachments. This data enables the Service to draft replies, manage your inbox, and provide email-related assistance.

Email Data and Email Attachments are retained for 30 days, after which they are automatically deleted unless flagged for Investigation. Email content may be processed by third-party AI systems to provide functionality, but we never share access tokens, passwords, or credential secrets with any Provider.

1.2 Calendar Data

When you connect your calendar to the Service, we collect Calendar Data including event titles, attendee lists, descriptions, times, locations, and metadata. This information is stored indefinitely in your account until you manually delete it.

We retain Calendar Data indefinitely to maintain a long-term context window that enables the Service to understand your scheduling patterns, preferences, and history. This is necessary for the Service to provide intelligent scheduling assistance and maintain continuity across your interactions.

Enterprise Customers may define custom Retention Periods for Calendar Data up to three years, with unlimited retention available if required by contract.

1.3 Contact Data

When you sync contacts into the Service, we collect Contact Data including names, email addresses, phone numbers, and other contact information. All Contact Data is fully encrypted at rest.

Persona modifies contacts only within the Service—we do not modify your external address book. You may manually delete or modify contacts at any time through your account settings.

Contact Data is stored until you manually delete it. We do not automatically delete Contact Data.

1.4 Voice Data and Call Recordings

When you use voice features or make calls through the Service, we collect Voice Data and Call Recordings. This includes audio recordings, transcripts, and metadata associated with voice interactions.

Voice Data and Call Recordings are retained for at least 30 days. If you manually delete Voice Data, it is deleted immediately unless flagged for Investigation. If flagged for suspected Terms of Service violations or legal review, Voice Data and Call Recordings may be retained longer than the standard Retention Period.

1.5 Account Data

When you create an account, we collect Account Data including your name, email address, password (stored in encrypted form), and account preferences. We also collect information about your subscription plan and billing information processed through our payment Provider.

1.6 Analytics Data

We collect Analytics Data to understand how Users interact with the Service. This includes device identifiers, IP addresses, event logs, feature usage patterns, and interaction data. Analytics Data helps us improve the Service, identify bugs, and develop new features.

1.7 Support Communications

When you contact our support team, we collect and retain your communications, including email correspondence, chat transcripts, and Call Recordings with support. This information helps us assist you and improve our support services.

2. How We Use Your Information

We use Personal Data to provide, maintain, and improve the Service. Our use of your information is limited to what is necessary to deliver the Service and comply with legal obligations.

2.1 Service Delivery

We use your Personal Data to provide the core features of the Service, including email management, calendar scheduling, contact management, voice interactions, and automated assistance.

2.2 Service Improvement

We use Analytics Data and usage patterns to improve the Service, fix bugs, optimize performance, and develop new features. This includes analyzing aggregated and anonymized data to understand User needs and preferences.

2.3 Security and Compliance

We use Personal Data to maintain security, prevent fraud, detect abuse, and comply with legal obligations. This includes monitoring for unauthorized access, investigating security incidents, and responding to legal requests.

2.4 Communications

We use your contact information to send you service updates, security notices, policy changes, and responses to your support requests. You may opt out of non-essential communications at any time.

3. Automated Decision-Making

The Service includes automated features that can perform actions on your behalf, such as sending emails, modifying calendar events, and scheduling meetings. These features are designed to save you time and improve your productivity.

3.1 Automated Features

Persona can automatically send emails, modify calendar events, and perform scheduling actions only if you explicitly enable these features in your account settings. All automated features are toggle-able, and you can disable them at any time.

Before any automated action is taken, the Service will typically notify you or request confirmation, depending on your preferences and the nature of the action.

3.2 Human Review

You have the right to request human review of any Automated Decision. If you believe an automated action was incorrect or inappropriate, you may contact our support team to request review and, if necessary, reversal of the action.

3.3 Personalization and Profiling

Persona performs light personalization and profiling based on your interaction patterns to improve your experience. This includes learning your preferences, communication style, and scheduling patterns to provide more relevant suggestions and assistance.

This profiling is limited to improving the Service experience and does not result in decisions that significantly affect you. You can control personalization settings through your account preferences.

4. Third-Party Providers

We work with trusted Providers to deliver the Service. All Providers are contractually required to handle Personal Data securely and only on Persona's instructions. We do not allow Providers to use your Personal Data for their own purposes.

4.1 Infrastructure Providers

We use U.S.-based Providers for hosting, data storage, and infrastructure:

  • AWS (Amazon Web Services): Hosting and data storage
  • Other backend Providers that assist with hosting, logging, monitoring, security, and service functionality

4.2 Integration Providers

We use Providers to enable integrations with third-party services:

  • Google: Email and calendar integrations
  • Other integration Providers as necessary to provide Service functionality

4.3 AI Processing Providers

We use Providers for AI processing and natural language understanding:

  • OpenAI: AI processing and content generation

Some Providers may receive content such as email content, calendar details, meeting notes, or support transcripts only as necessary to provide functionality. No Provider receives access tokens, passwords, or credential secrets.

4.4 Analytics Providers

We use Providers for analytics and product insights:

  • Amplitude: Analytics and product insights
  • Google Analytics: Analytics and usage tracking

4.5 Provider Security

All Providers are contractually required to:

  • Handle Personal Data securely and in accordance with industry standards
  • Process Personal Data only on Persona's instructions
  • Implement appropriate technical and organizational measures to protect Personal Data
  • Notify Persona of any security incidents or data breaches
  • Comply with applicable data protection laws

5. Cookies and Analytics

We use Cookies and analytics tools to provide, improve, and secure the Service.

5.1 Types of Cookies

We use the following types of Cookies:

  • Session Cookies: Required for authentication and maintaining your session while using the Service
  • Tracking Cookies: Used to track feature usage, performance, and personalization preferences

Cookies are used for authentication, performance monitoring, feature usage tracking, and personalization. We do not use Cookies for advertising purposes.

5.2 Analytics Tools

We use Amplitude and Google Analytics for analytics, A/B testing, usage insights, and product improvement. These tools collect Analytics Data including:

  • Device identifiers
  • IP addresses
  • Event logs
  • Interaction data
  • Feature usage patterns

5.3 Opting Out of Analytics

You may opt out of analytics at any time by contacting our support team. Please note that opting out may limit our ability to provide personalized features and improve the Service based on your usage patterns.

6. Data Retention

We retain Personal Data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, or enforce our agreements. The following Retention Periods apply:

6.1 Email Data and Attachments

Email Data and Email Attachments are retained for 30 days, after which they are automatically deleted unless flagged for Investigation.

6.2 Calendar Data

Calendar Data is stored indefinitely until you manually delete it. This is necessary to maintain a long-term context window for the Service.

Enterprise Customers may define custom Retention Periods for Calendar Data up to three years, with unlimited retention available if required by contract.

6.3 Contact Data

Contact Data is stored until you manually delete it. We do not automatically delete Contact Data.

6.4 Voice Data and Call Recordings

Voice Data and Call Recordings are retained for at least 30 days. If you manually delete Voice Data, it is deleted immediately unless flagged for Investigation. If flagged for Investigation or legal review, Voice Data and Call Recordings may be retained longer than the standard Retention Period.

6.5 Deleted Data

All deleted data (except Calendar Data and Contact Data, which depend on your manual action) is retained for 90 days before permanent removal. This includes:

  • Deleted emails
  • Deleted attachments
  • Deleted voice recordings
  • Deleted logs
  • Deleted Account Data
  • Deleted transcripts

This 90-day retention period allows for account recovery and ensures data is not immediately lost if deletion was accidental.

6.6 Investigation Retention

Any data flagged for suspected violations of the Terms of Service, fraud, abuse, security incidents, or legal concerns may be retained for longer than standard Retention Periods until the Investigation concludes.

Persona may also be required to retain and disclose data if legally required by court order, subpoena, regulatory request, or other legal process.

6.7 Enterprise Retention

Enterprise accounts may select custom Retention Periods up to three years, or longer if contractually required. Enterprise Customers should refer to their individual agreements for specific retention terms.

7. Data Deletion and User Controls

You have full control over your Personal Data. You can delete individual data types or your entire account at any time.

7.1 Account Deletion

You can delete your account from the settings panel. When you delete your account, Persona retains Account Data for 90 days after deletion before permanently purging it. This retention period allows for account recovery if deletion was accidental.

7.2 Individual Data Deletion

You can delete individual data types at any time through your account settings, including:

  • Email Data
  • Voice Data
  • Contact Data
  • Calendar Data
  • Other Personal Data

Deleted data is retained for 90 days before permanent removal, except as otherwise specified in this Privacy Policy.

7.3 Data Portability

You may request portability (export) of your data at any time. We will provide your data in JSON or HTML format, as requested. To request data export, please contact our support team.

8. Your Rights

You have the following rights regarding your Personal Data. You may exercise these rights at any time by contacting us or using your account settings.

8.1 Right of Access

You have the right to access your Personal Data and receive information about how it is processed. You can view most of your Personal Data through your account settings.

8.2 Right to Correction

You have the right to correct inaccurate or incomplete Personal Data. You can update most information through your account settings.

8.3 Right to Deletion

You have the right to request deletion of specific data types or your entire account. You can delete data through your account settings or by submitting a Deletion Request to our support team.

8.4 Right to Restriction

You have the right to request restriction of Processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data or object to Processing.

8.5 Right to Objection

You have the right to object to Processing of your Personal Data for certain purposes, such as direct marketing or Processing based on legitimate interests.

8.6 Right to Data Portability

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format (JSON or HTML) and to transmit that data to another service.

8.7 Right to Contest Automated Decisions

You have the right to contest Automated Decisions and request human review. You can disable automated features at any time through your account settings or request review of specific automated actions.

8.8 Right to Opt Out of Analytics

You have the right to opt out of analytics tracking. You can do this by contacting our support team.

8.9 Right to Withdraw Consent

Where Processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of Processing that occurred before withdrawal.

9. Compliance and Global Requirements

Persona is committed to complying with applicable data protection laws and regulations worldwide.

9.1 Data Location

All Personal Data is stored and processed in the United States. By using the Service, you consent to the transfer of your Personal Data to the United States.

9.2 GDPR Compliance

Persona complies with the principles of the General Data Protection Regulation (GDPR) and supports enterprise-grade Data Processing Agreements (DPAs). We implement appropriate technical and organizational measures to protect Personal Data and respect User rights.

9.3 Enterprise Contracts

Enterprise Customers may request Standard Contractual Clauses (SCCs) or other required contractual terms to facilitate compliant data transfers. We work with Enterprise Customers to ensure their specific compliance requirements are met.

9.4 Human Review of Automated Decisions

Persona supports human review of Automated Decisions. You can request review of any automated action through your account settings or by contacting our support team.

10. Investigations and Legal Disclosure

Persona may retain or disclose Personal Data in certain circumstances to comply with legal obligations, protect rights, and ensure the security of the Service.

10.1 Legal Requirements

Persona may retain or disclose Personal Data if legally required by court order, subpoena, regulatory request, or other legal process. We will notify you of such requests when permitted by law.

10.2 Investigations

Persona may retain flagged content for Investigations into fraud, abuse, security incidents, or violations of the Terms of Service. Data flagged for Investigation may be retained longer than standard Retention Periods until the Investigation concludes.

We may also disclose Personal Data to law enforcement or regulatory authorities if we believe in good faith that such disclosure is necessary to protect rights, prevent harm, or comply with legal obligations.

10.3 Security Incidents

In the event of a security incident or data breach, Persona will investigate, take appropriate remedial action, and notify affected Users and authorities as required by law.

11. Security

We implement industry-standard security measures to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction.

11.1 Technical Safeguards

We use encryption at rest and in transit, access controls, authentication requirements, and monitoring systems to protect Personal Data. All data is stored on secure servers with restricted access.

11.2 Organizational Safeguards

We limit access to Personal Data to authorized personnel who need it to provide the Service. All personnel are trained on data protection and confidentiality requirements.

12. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect Personal Data from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will take steps to delete it.

13. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your Personal Data may be transferred as part of that transaction. We will continue to protect your information as outlined in this Privacy Policy and notify you of any material changes in ownership or data handling practices.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you via email sent to the email address associated with your account
  • Display an in-app notice within the Service interface

Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you may stop using the Service and delete your account.

Historical versions of this Privacy Policy may be made available upon request. To request a historical version, please contact our support team.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@usepersona.app
  • For Privacy Requests: Please include "Privacy Request" in the subject line

We will respond to all requests within the timeframe required by applicable law, typically within 30 days.

For Enterprise Customers with specific compliance requirements or questions about Data Processing Agreements, please contact your account manager or our legal team.