Arlo AI Inbox ("Arlo," "we," "our") is built by Arvel Labs. This policy describes what data we collect, how we use it, and the choices you have. We collect only what the app needs to work.
Account. Your email address and a unique user ID, created when you sign in. Used to identify your account and sync data across devices.
Inbox items. The tasks, emails, and messages Arlo captures — including titles, sender names, and message body text — are stored on our servers so your inbox is available across sessions and devices.
Gmail (optional). If you connect Gmail, Arlo reads your emails to identify messages that need action. Relevant emails are stored as inbox items (see above). Newsletters, automated mail, and irrelevant messages are filtered before storage. You can disconnect Gmail at any time from Settings.
Voice input (optional). If you use voice capture, audio is transcribed using Apple's on-device Speech Recognition. The resulting text is stored as an inbox item. We do not record or store audio.
Calendar (optional). If you grant calendar access, Arlo reads upcoming events to surface time-sensitive context. Calendar data is not stored on our servers.
Push tokens. If you enable notifications, we store your device push token to deliver alerts.
Analytics. We collect anonymized usage events (e.g. features used, session counts) to understand how the app is used and improve it. These events are not linked to your identity outside of Arlo.
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.
| Service | Purpose | Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| OpenAI | AI features (summaries, briefings, triage) | openai.com/policies/privacy-policy |
| Gmail OAuth | policies.google.com/privacy | |
| Apple | Speech recognition, StoreKit, push | apple.com/privacy |
OpenAI does not use data submitted via the API to train its models by default. Inbox item content (title, brief excerpt) is sent to OpenAI only when you use an AI feature.
Your data is retained while your account is active. You can delete your account and all associated data at any time from Settings → Account → Delete Account. Deletion is permanent and processed within 30 days.
All data is transmitted over HTTPS. We use Supabase Auth for authentication — we never store passwords. Database access is restricted by row-level security so each user can only access their own data.
Arlo is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us data, contact us and we will delete it.
You can access, export, or delete your data at any time from within the app. You can revoke Gmail access from Google's account settings. You can disconnect Arlo from Settings at any time.
We may update this policy. When we do, we'll revise the date at the top. Continued use after changes constitutes acceptance of the updated policy.
Questions or requests: support@sendarlo.com