Privacy Policy

Last updated: March 6, 2026

allora ("we," "us," "our") operates an SMS and WhatsApp-based task and reminder assistant. This policy explains what data we collect, how we use it, and your rights.

Information We Collect

You provide:

• Phone number - required to send and receive messages
• Name - optional, used to personalize messages
• Timezone - detected from your browser or set by you
• Message content - the texts you send us
• Voice memos - audio messages you send, which are transcribed into text
• Images - photos you send, which are processed by AI (originals are not stored)

Collected automatically:

• Usage patterns (tasks created, completed, skipped)
• Session data (IP address, browser type) when you use the website
• Website analytics via Google Analytics 4
• Advertising data via tracking pixels from Google and Meta, used to measure ad performance and improve our marketing

We do not collect: location data, contacts, biometric data, government IDs, or credit card numbers (Stripe handles payments directly).

How We Use Your Information

• Operate the service: receive messages, extract tasks, send reminders
• Process your messages with AI to understand intent and generate responses
• Learn your preferences to improve recommendations over time
• Process payments and manage your subscription
• Debug and maintain service reliability

We do not sell your personal information. We share limited website activity data with advertising partners (Google and Meta) to measure and improve our marketing. Your message content is never shared for advertising purposes.

AI Processing

Text messages: Your messages are processed by AI language models from providers including Anthropic, OpenAI, and Google to extract tasks and generate responses. We may add or change providers to improve service quality. We send your message text and general context to these providers. Your phone number is not sent to AI providers.

Voice memos: When you send a voice memo, the audio is sent to an AI provider for transcription. The original audio is not stored by allora. Only the transcribed text is saved and processed like any other text message.

Images: When you send a photo, it is processed by AI to extract relevant information. The original image is not stored - only the extracted text or details are saved.

Links: When you share a link, we may retrieve the page to extract a title or summary. We do not store full article content.

Provider data handling: Your data is not used for model training. We use API configurations that minimize data retention where available. Each AI provider handles data in accordance with their own privacy policy (see Third-Party Providers below).

Provider-specific details:

• Anthropic (Claude) - API inputs are not used for model training and are subject to Anthropic's API data retention policy.
• OpenAI - We use zero-retention mode. Your data is not stored by OpenAI after processing.
• Google (Gemini) - API inputs are processed under Google's Cloud Data Processing terms and are not used for model training.

Calendar Integrations

You may optionally connect your Google Calendar or Apple Calendar (iCloud) to allora. Calendar access is used solely for scheduling functionality: avoiding conflicts and, if you opt in, creating events on your behalf.

Google Calendar

When connecting Google Calendar, you choose one of two access levels:

Read-Only Access

What we access:

• Event start and end times, free/busy status, and event titles (private events are recorded as busy with no title)

What we do not access:

• Event descriptions, attendees, locations, or attachments

How we use it: When you ask allora to set a reminder, we check your calendar availability to avoid scheduling during busy times. If the requested time conflicts with an existing event, we suggest an alternative.

Read + Write Access

If you choose read + write access, you get everything in read-only, plus:

What we can do:

• Create calendar events you explicitly request via SMS (e.g., "block 2 hours for taxes")
• Remove calendar events that allora created, only when you ask (e.g., "remove that event")

What we never do:

• Modify or delete events you created outside of allora
• Create events without your explicit instruction
• Access event descriptions, attendees, locations, or attachments

Apple Calendar (iCloud)

You may connect your Apple Calendar using an app-specific password. The same access principles apply: we read event times and availability, and with write access can create or remove events at your request.

On disconnect, we delete your stored credentials from our database. We recommend also revoking your app-specific password in your Apple ID settings.

Calendar Data Handling

Storage: Calendar credentials and tokens are stored encrypted in our database. Calendar event metadata (times, titles, and busy/free status) is cached in our database and kept in sync with your calendar provider. Old events are periodically cleaned up. Private event titles are not stored. We do not store event descriptions, attendees, locations, or attachments. Event IDs for allora-created events are stored to enable removal when you request it. All cached calendar data is deleted when you disconnect your calendar or delete your account.

Limited use: Calendar data is used exclusively to provide the scheduling features described above (availability checking, conflict avoidance, and event creation at your request). It is not used for recommendations, preference learning, advertising, analytics, or any other purpose.

Sharing and disclosure: We do not share, transfer, or disclose your calendar data to any third party. Your calendar data is stored only in our database and is not sent to AI providers, not used for advertising, and not used for any purpose unrelated to the scheduling features described above.

Scope changes: For Google Calendar, you can upgrade from read-only to read + write, or downgrade back to read-only, at any time from your account settings. Downgrading revokes write access immediately.

Disconnect: You can disconnect any calendar at any time from account settings. For Google Calendar, your tokens are revoked with Google and deleted from our database. For Apple Calendar, your credentials are deleted from our database. On account deletion, all calendar data is permanently removed.

allora's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We limit our use of Google user data to providing and improving the calendar scheduling features described above.

WhatsApp Messaging

allora is available on both SMS and WhatsApp. The same data handling and retention policies apply to messages sent via either channel.

WhatsApp messages are delivered through Twilio. Outside of an active messaging window, messages are sent using pre-approved templates limited to reminders and account notifications. We record whether each message was sent via SMS or WhatsApp for delivery routing purposes.

Referral Program

If you participate in allora's referral program, we collect and store the following:

• Referral codes - your unique code is linked to your account and used to track signups from your referrals
• Phone numbers - used to match referred users to the referral code they used during signup
• Referral status - we track whether a referral is pending or rewarded so credits can be applied correctly

As a referrer, you can see your referral code, total referral count, and how many referrals are pending versus qualified. You cannot see the identity, phone number, or any personal information of the people you referred.

Referral data is retained for the life of your account. If you delete your account, your referral code is deactivated and your referral records are removed as part of the standard data deletion process described above.

Human Access

Your messages may be viewed by authorized allora personnel to investigate bugs, resolve account issues, or monitor for abuse. We do not read messages for marketing or any purpose unrelated to service operation.

Third-Party Providers

We share data with these providers solely to operate the service:

• Twilio - SMS and WhatsApp message delivery (Privacy Policy)
• Anthropic - AI message processing (Privacy Policy)
• OpenAI - AI message processing (Privacy Policy)
• Google - AI processing, calendar integration, website analytics, advertising, and conversion tracking (Privacy Policy)
• Meta - WhatsApp message delivery and advertising (Privacy Policy)
• Stripe - payment processing (Privacy Policy)
• Railway - cloud infrastructure (Privacy Policy)
• Vercel - website hosting (Privacy Policy)

Each provider processes data in accordance with their own privacy policy, linked above. We do not share data with data brokers.

Data Retention

• Active accounts: Message history, tasks, and reminders are retained for the life of your account. There is no automatic expiration.
• Calendar event cache: Synced calendar metadata is kept in sync with your provider and periodically cleaned up. All cached data is deleted when you disconnect your calendar or delete your account.
• Voice memo audio: Original audio is not stored. Only the transcribed text is retained as part of your message history.
• Images: Original images are not stored. Only extracted text or details are retained.
• After deletion request: 30-day grace period during which you can reactivate by texting back or logging in. After 30 days, all product data is deleted (tasks, messages, reminders, calendar data, preferences) and personal information (name, email) is erased.
• Billing records: Subscription and payment history are retained after account deletion as required for legal and tax compliance.
• Returning users: If you return after deletion, you start fresh with a new account. No prior data is restored.

Your Rights

You can:

• Access your data at textallora.com/account
• Export your data through account settings
• Delete your account by texting CANCEL ACCOUNT or through account settings
• Pause messages by texting PAUSE (resume with RESUME)
• Opt out of all messages by texting STOP

To exercise any right, text HELP, visit your account settings, or email hello@textallora.com. We respond to requests within 30 days.

California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information. We do not sell personal information.

To opt out of analytics data collection, click Do Not Sell or Share My Personal Information, or enable Global Privacy Control (GPC) in your browser settings. To exercise other rights, email hello@textallora.com.

We share limited website activity data with advertising partners (Google and Meta) to measure ad performance. Under the CCPA, this may constitute "sharing" of personal information. You can opt out using the link above or by enabling GPC in your browser.

SMS Consent

By signing up, you consent to receive automated text messages at the number you provide. These include reminders you create, task recommendations, and account notifications. Message frequency varies. Standard message and data rates may apply.

Text PAUSE to pause, RESUME to resume, STOP to opt out entirely, or HELP for help. Consent is not a condition of purchase, but the service requires SMS or WhatsApp to function.

Cookies and Tracking

We use essential cookies for login, analytics cookies for website improvement, and advertising cookies from Google and Meta to measure ad performance. We also use Google Ads and Meta conversion tracking to measure whether our ads lead to signups or purchases. This involves sharing a conversion event (not your message content) with Google and Meta when you complete a signup or purchase.

You can opt out of non-essential cookies using the link below or by enabling Global Privacy Control (GPC) in your browser. See our Security page for technical details.

Children's Privacy

allora is not available to users under 13. We do not knowingly collect information from children under 13. If we learn that a user is under 13, we will terminate their account and delete their data. If you believe a child under 13 is using allora, contact hello@textallora.com.

Security

We use industry-standard encryption and authentication measures to protect your data. See our Security page for details. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of the data we handle.

Changes

We may update this policy. We'll notify you of material changes via SMS. Continued use after changes constitutes acceptance.

Contact

Questions? Email hello@textallora.com or contact us.