Privacy Policy

Effective date: 29 April 2026 · Last updated: 29 April 2026

Personal Secretary is a private personal AI agent. This policy describes what information the application processes and how it is handled. There is no public end-user base; the only intended users are the maintainer and a small set of explicitly authorized family members.

1. Who runs this application

Maintained personally by Thomas Chuang (thomas@drxbio.com.tw). This is not a commercial product, not offered to the public, and not affiliated with any company.

2. What data the application processes

• User instructions: short voice transcripts (via iOS Shortcut Dictate) or LINE messages typed by the authorized user.
• Authentication tokens: per-user bearer tokens for the API endpoint, plus the Google Calendar OAuth refresh token, all stored encrypted in 1Password.
• Calendar events the user explicitly asks the agent to create, read, or delete on their own Google Calendar.
• LINE message contents the user explicitly asks the agent to send to a pre-configured LINE group.
• Audit log: each request (timestamp, user id, tool calls made, latency, token usage) is appended to a JSON Lines file on the maintainer's own server. Retention: 90 days, then deleted.

The application does not collect: payment information, location history, contacts list, biometric data, or anything from third parties the user has not explicitly authorized.

3. Where data is stored

All processing happens on the maintainer's own machines (a personal Mac mini running locally). No request data is stored on any cloud database. The only persistent storage is the audit log on the local server filesystem.

4. Third-party services the application calls

• Anthropic API (Claude): each user instruction is sent to Anthropic's API to be parsed and acted on. See Anthropic's privacy policy.
• Google Calendar API: used to read and write events on the user's own Google Calendar, with the user's OAuth consent. See Google's privacy policy.
• LINE Messaging API: used to send messages to a pre-configured LINE group on the user's behalf. See LINE's privacy policy.

5. How Google user data specifically is used

Google Calendar data accessed via the https://www.googleapis.com/auth/calendar scope is used solely to:

• Create new calendar events the user has explicitly requested via voice or text.
• Read upcoming events to prepare pre-meeting briefings the user has explicitly requested.
• Delete the application's own auto-generated daily health-probe events.

Google user data is never sold, never shared with third parties beyond what is required to fulfill the user's request, never used for advertising, and never used to train any AI model.

6. Data sharing

The application does not share any user data with parties outside of those listed in section 4, all of which act only as service providers necessary for the application's stated functionality.

7. User rights

Authorized users may, at any time, request that all of their data be deleted from the audit log and that their account be removed. Because the user base is limited to people personally known to the maintainer, this is handled by direct contact rather than an automated form.

8. Security

All credentials are stored in 1Password and injected into the running service at startup; no plaintext credentials are committed to source control or stored on disk in plaintext. The API endpoint is protected by per-user bearer tokens and served behind Cloudflare with TLS in transit.

9. Changes to this policy

If this policy changes materially, the effective date at the top will be updated and the change will be communicated to authorized users directly.

10. Contact

For any privacy question or to request data deletion: thomas@drxbio.com.tw.