Privacy Policy

Friendly Labs, Inc. · Effective April 19, 2026 · Last updated April 19, 2026

Friendly Labs, Inc. ("Friendly Labs," "we," "us," or "our") operates Daemon, a personal assistant available as a mobile application and web service at https://daemon.is (collectively, the "Service"). Daemon lets you manage your day through a conversational interface — asking about your schedule, creating and editing calendar events, and similar everyday tasks — by connecting your Google Calendar with your permission.

This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the Service. By using Daemon, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create a Daemon account, we collect:

  • Your email address
  • Your name (if provided)
  • Authentication credentials for your Daemon account

1.2 Connected Service Credentials

When you connect your Google account to Daemon, we collect and store:

  • OAuth access tokens and refresh tokens, which allow Daemon to read and modify your Google Calendar on your behalf when you ask it to
  • Basic profile information associated with the connected account (such as your email address and display name)

1.3 Google User Data

When you connect your Google account, Daemon accesses the following data, scoped to the permissions you grant during the Google OAuth flow:

  • Google Calendar data: Calendar list and event details, including event titles, descriptions, dates and times, locations, attendees, recurrence information, and event metadata.

Daemon accesses this data only to answer your questions about your schedule or to carry out calendar changes you have asked the assistant to make. We do not continuously read your calendar in the background, and we do not access any Google data outside the scope you grant.

Event data retrieved from Google APIs is used in memory to fulfill your immediate request and may be temporarily cached on our servers for up to 24 hours to support follow-up questions within the same conversation, after which it is automatically deleted.

1.4 Conversation Content

When you chat with Daemon, the messages you send and the assistant's responses are stored so that the assistant can maintain context across the conversation.

1.5 Usage and Diagnostic Data

We collect a limited set of usage and diagnostic data to operate and improve the Service, including:

  • App interaction events (screens visited, features used)
  • Device type, operating system version, and app version
  • Crash reports and performance metrics

This data is not joined with your Google user data or conversation content for analytics purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Authenticate your identity, connect your Google Calendar, respond to your messages, and carry out the calendar actions you approve.
  • Maintain conversational context: Retain your chat history so the assistant can refer back to earlier parts of the conversation.
  • Operate and improve the Service: Diagnose bugs, monitor reliability, and improve assistant quality through aggregated, non-identifying metrics.
  • Communicate with you: Send transactional notifications related to your account (for example, account security or service changes).

2.1 What we do NOT use your Google user data for

We do not use your Google user data to:

  • Train, fine-tune, or evaluate generalized or third-party AI/ML models.
  • Serve advertisements or enable targeted advertising.
  • Sell or transfer data to third parties for advertising, marketing, or data-broker purposes.
  • Determine creditworthiness or for lending purposes.

Humans at Friendly Labs do not read your Google user data or your conversation content except in narrowly scoped circumstances: (a) with your explicit permission, for example when you share content in a support request; (b) when strictly necessary to investigate a security incident, abuse, or suspected violation of our Terms; or (c) as required to comply with applicable law.

3. How Daemon Processes Your Requests

Daemon is a conversational assistant. When you send a message, it is processed as follows:

  1. Your message is transmitted over an encrypted connection to Daemon's servers.
  2. To interpret your request, Daemon sends the message (and the relevant conversation context) to a large language model ("LLM") provider. We currently use Anthropic's API as our LLM provider, and we may add or switch to other LLM providers in the future as the technology evolves. See Section 5 for the current list of sub-processors.
  3. If fulfilling your request requires reading or modifying a connected service (such as your calendar), Daemon calls that service's API using your stored OAuth tokens. Daemon currently supports Google Calendar, and we may add additional integrations in the future.
  4. Daemon returns the assistant's response to your device.

Your OAuth tokens for connected services are never sent to the LLM provider. The LLM sees the text of your message and any service data necessary to answer it (for example, a list of your upcoming calendar events if you asked about your schedule).

4. How We Store and Protect Your Data

4.1 Data Storage

  • OAuth tokens are stored on our servers encrypted at rest using industry-standard algorithms, with unique initialization vectors per credential set.
  • Conversation history is stored in our database and associated with your account.
  • Event data retrieved from Google APIs is cached temporarily (up to 24 hours) to support follow-up questions within the same conversation, then automatically deleted.
  • Account information is stored in our database hosted on secure, access-controlled infrastructure.

4.2 Security Measures

We implement the following measures to protect your data:

  • TLS encryption for all data in transit between your device, our servers, and any third-party services we use to deliver the Service (such as LLM providers and connected service APIs).
  • Encryption at rest for OAuth credentials.
  • Access controls restricting server and database access to authorized personnel.
  • Audit logging of privileged operations.
  • Separate storage of encryption keys and encrypted credentials.

4.3 Data Retention

  • OAuth tokens: Retained for as long as you maintain an active Google connection. Tokens are deleted when you disconnect Google or delete your account.
  • Cached event data: Automatically deleted within 24 hours of retrieval.
  • Conversation history: Retained for as long as you maintain a Daemon account, and deleted when you delete your account.
  • Account information: Retained for as long as you maintain a Daemon account.
  • Diagnostic data: Retained in aggregated, non-identifying form and is not linked to your Google user data or conversations.

5. Sub-processors and Third Parties

We use a small number of service providers to operate Daemon. We do not sell, rent, or trade your personal information or Google user data to any third party.

The current list is below. We may add, change, or remove sub-processors as Daemon evolves — for example, to switch to a different LLM provider, or to support an additional connected service beyond Google Calendar. Any new sub-processor we engage is subject to the same commitments described in this policy, including the Limited Use restrictions that apply to Google user data.

| Provider | Purpose | Data involved | | --- | --- | --- | | Anthropic, PBC | Currently provides the LLM that interprets your messages and generates assistant responses. | Your message text and conversation context. Anthropic's terms for the API state that prompts and outputs are not used to train their models. | | Google LLC | Calendar API used to read and modify events you ask Daemon to interact with. | Your Google Calendar data, scoped to the permissions you granted. | | Cloud infrastructure providers | Hosts our application servers and database. | All data at rest, encrypted. |

We may also share information:

  • As required by law: We may disclose information if required by applicable law, regulation, legal process, or governmental request. Where legally permitted, we will provide you with advance notice before such disclosure.
  • In a business transfer: If Friendly Labs is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Your Rights and Choices

6.1 Disconnect Google

You can disconnect your Google account at any time from within the Daemon app. Disconnecting will:

  • Revoke Daemon's access to your Google Calendar.
  • Delete the stored OAuth tokens.
  • Remove any cached calendar data.

6.2 Revoke Access at Google

In addition to disconnecting through Daemon, you can revoke Daemon's access to your Google account at any time by visiting your Google Account Permissions page.

6.3 Delete Your Account and Data

You may request deletion of your Daemon account and all associated data by contacting us at support@frens.lol or from within the app. Upon receiving your request, we will:

  • Delete your account information.
  • Delete all stored OAuth tokens and credentials.
  • Delete your conversation history.
  • Purge any cached calendar data.
  • Complete the deletion within 30 days of your request.

7. Google API Services User Data Policy

Daemon's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

  • We only use Google user data to provide or improve user-facing features of Daemon that are prominent in the app's user experience.
  • We do not transfer Google user data to third parties except as necessary to provide or improve the user-facing features of Daemon, to comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data except with your affirmative consent, as required for security or to resolve a support issue, to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.

8. Third-Party Services

Daemon integrates with Google services to provide its functionality. Your use of Google services is governed by Google's own terms and privacy policies:

9. Children's Privacy

Daemon is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at support@frens.lol, and we will promptly delete such information.

10. International Users

Daemon is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to how we handle your data, we will notify you through the Service or by other means prior to the changes taking effect. Your continued use of the Service after such notification constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Friendly Labs, Inc. Email: support@frens.lol Website: https://daemon.is