Appalix ("we", "our", "us") operates the platform available at appalix.ai and app.appalix.ai. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our services.
By using Appalix you agree to the practices described in this policy. If you do not agree, please do not use the service.
1. Information we collect
Account information
Email account access (Gmail & Microsoft Outlook)
Appalix offers an optional Gmail and Microsoft Outlook integration. When you connect your email account, we request access to the following scopes:
- Gmail:
https://www.googleapis.com/auth/gmail.modify— read, compose, and send emails (does not include permanent deletion) - Microsoft:
IMAP.AccessAsUser.AllandSMTP.Send— read and send email via Microsoft Graph API
How we use your email data: Appalix reads incoming emails to identify, triage, and prioritise sales leads using AI. We display email content inside your Appalix dashboard and use it to generate AI-assisted reply suggestions. We do not share your email content with third parties, use it for advertising, or process it for any purpose other than operating the features you have explicitly enabled.
Your OAuth tokens (access token and refresh token) are stored encrypted in our database. They are used only to fetch and send emails on your behalf and are never exposed to other users or shared externally.
You can revoke Appalix's access to your Gmail account at any time via Google Account Permissions, and to your Microsoft account via Microsoft Account App Access. Revoking access removes all stored tokens immediately.
Google Drive access
Appalix offers an optional Google Drive integration that allows you to import documents into your AI knowledge base. When you connect Google Drive, we request:
- Google Drive:
https://www.googleapis.com/auth/drive.readonly— read and download files you select
How we use your Drive data: Appalix reads only the files you explicitly select to import. Document content is stored in your private workspace knowledge base and used solely to power AI responses within your account. We never write to, modify, or delete your Drive files, and we do not share document content with third parties or use it for advertising.
You can revoke Appalix's access to your Google Drive at any time via Google Account Permissions. Revoking access removes all stored tokens immediately.
Google Forms access
Appalix offers an optional Google Forms integration that captures form responses as sales leads. When you connect Google Forms, we request:
- Forms (read-only):
https://www.googleapis.com/auth/forms.body.readonly— read form structure and questions - Forms responses (read-only):
https://www.googleapis.com/auth/forms.responses.readonly— read submitted responses - Drive metadata (read-only):
https://www.googleapis.com/auth/drive.metadata.readonly— list your Google Forms files so you can select which form to connect
How we use your Forms data: Appalix reads form responses from the specific form you choose to connect. Response data is used to create and enrich lead records in your Appalix workspace. We do not write to, modify, or delete your forms or responses. We do not share form response data with third parties or use it for advertising.
You can revoke access at any time via Google Account Permissions. Revoking access removes all stored tokens immediately.
Google Calendar access
Appalix offers an optional Google Calendar integration that displays your calendar events alongside your sales pipeline. When you connect Google Calendar, we request:
- Calendar events:
https://www.googleapis.com/auth/calendar.events— read and create calendar events - Free/busy:
https://www.googleapis.com/auth/calendar.freebusy— check availability for scheduling
How we use your Calendar data: Appalix reads your calendar events to display them in the Appalix calendar view and checks availability to assist with scheduling meetings. Events may be created on your behalf when you use the scheduling features. We do not share calendar data with third parties or use it for advertising.
You can revoke access at any time via Google Account Permissions. Revoking access removes all stored tokens immediately.
Usage data
Workspace content
2. How we use your information
- To operate and maintain your account and workspace
- To read, triage, and display emails in your Appalix inbox (only when you have connected an email account)
- To generate AI-powered email replies and lead prioritisation using your email content
- To send emails on your behalf when you use the reply feature
- To read Google Form responses and create lead records from them (only when you have connected a Google Form)
- To display Google Calendar events and create calendar entries on your behalf (only when you have connected Google Calendar)
- To send transactional emails (invite links, password resets) via Resend
- To enforce seat limits, billing, and plan restrictions
- To detect and prevent fraud and abuse
- To comply with legal obligations
Google API Services User Data Policy: Appalix's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
3. Artificial intelligence and machine learning processing
Appalix uses AI models to power features including email triage, reply drafting, lead scoring, conversation summaries, and AI-assisted responses in chat widgets. When you use these features, relevant data (such as email content, conversation messages, or form responses) is sent to our AI provider to generate a response.
AI provider: We use Anthropic (Claude) as our AI model provider. Data sent to Anthropic is processed solely to generate the response you requested.
Your data is never used to train AI models. Neither Appalix nor Anthropic uses your personal data, email content, conversation history, form responses, or any other user-provided content to train, fine-tune, or improve AI models. This applies to all data from all connected integrations, including Gmail, Google Drive, Google Forms, and Google Calendar.
Minimum necessary data: We send only the minimum data required to generate a useful AI response. For example, when suggesting an email reply, only the relevant email thread is sent — not your entire inbox.
No AI-based autonomous decisions: AI outputs are presented as suggestions or summaries for your review. No automated decision with legal or significant effect is made solely by AI without human review.
For details on how Anthropic handles data, see the Anthropic Privacy Policy and their Data Privacy commitments.
5. Data sharing and third parties
We do not sell your personal data. We share data only with the following categories of service providers, strictly for operating the platform:
- Supabase — database and authentication infrastructure
- Anthropic (Claude) — AI model inference for features including email triage, reply drafting, lead scoring, and conversation summaries. User data sent to Anthropic is never used to train AI models. See Section 3 for full AI processing details.
- Stripe — payment processing for subscription billing. We do not store card details.
- Resend — transactional email delivery (invite links, notifications)
- Vercel — hosting and edge infrastructure
We do not share your personal data, email content, calendar data, or form responses with any advertising networks, analytics brokers, or data resellers.
6. Data retention and deletion
We retain your account data for as long as your account is active or as needed to provide services. When you delete your account:
- Your user profile, workspace data, and email records are permanently deleted within 30 days
- OAuth tokens are invalidated immediately upon account deletion or integration disconnection
- Backup copies may persist for up to 90 days before automated deletion
To request deletion of your data, contact us at privacy@appalix.ai.
7. Security
We protect your data using industry-standard measures including TLS 1.2+ encryption in transit, encryption at rest, row-level security policies on all database tables, and access controls that limit data access to authorised services only.
OAuth tokens are stored in encrypted database columns and accessed only by the server-side email sync process. They are never exposed in API responses or client-side code.
For more detail see our Security page.
8. Your rights (GDPR)
If you are located in the European Economic Area (EEA) or UK, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a machine-readable format
- Objection — object to certain types of processing
- Restriction — request we restrict processing in certain circumstances
To exercise any of these rights, email privacy@appalix.ai. We will respond within 30 days.
9. Cookies
Appalix uses only essential session cookies required for authentication. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required as we use only strictly necessary cookies.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify users of material changes by email or by displaying a notice in the dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data requests, or to report a concern: