Privacy Policy

Effective date: 4 May 2026  ·  Last updated: 4 May 2026

This Privacy Policy explains how Purvakalpa ("we", "us", "our") collects, uses, shares, and protects information in connection with the UNKNOT mobile application for iOS and any related services (the "Service"). It also tells you what choices you have and how to contact us. This Policy is incorporated into our Terms of Use by reference.

1. Information We Collect

1.1 Information stored on your device

Most data you create or import remains on your iPhone or iPad:

• Tasks, subtasks, lists, workflow stages, due dates, priorities, attachments, and recurrence settings.
• Calendar events, reminders, routines, and day plans.
• Notes, read-it-later articles, and saved finance transactions.
• Travel trips, contact insights, and emergency-contact and medical-ID information.
• Voice transcripts and AI summaries generated on the device.
• Your appearance, splash audio, language, and feature-toggle preferences.

This information is not transmitted to us. If you have iCloud sync enabled at the device level, Apple may sync the SwiftData store to your personal iCloud account; that data is governed by Apple's iCloud privacy terms and is not accessible to us.

1.2 Information from Connected Services (mailboxes)

When you connect a mailbox (Gmail, Microsoft Outlook, Yahoo Mail, AOL, iCloud Mail, or a generic IMAP server), the Service uses OAuth or your IMAP/SMTP credentials to access the mailbox directly from your device. The following categories are processed locally:

• Mail headers, message bodies, attachments, folder metadata, sent items, drafts, and archive data for the folders you choose to sync.
• The OAuth refresh and access tokens issued to the Service by the provider, or, for IMAP, the username and an app-specific password you provide.
• Derived signals such as classifications (priority, marketing, finance, travel), AI summaries, extracted entities, and thread-match metadata.

We do not relay this content through our servers. Mailbox traffic flows directly between your device and the provider you connected.

1.3 Information from Apple frameworks

If you grant permission, the Service reads from and writes to Apple system frameworks on your device: Calendar (EventKit), Reminders, Health (HealthKit), Contacts, Photos, Microphone (for voice capture), Speech Recognition, and Location (CoreLocation). Each framework has its own iOS permission prompt, and you can change permissions at any time in Settings → UNKNOT on iOS.

1.4 Location data

If you enable location-based task reminders, the Service registers geofences with iOS using CLCircularRegion. iOS evaluates these regions on your device and wakes the app only when a transition occurs. We do not receive your real-time coordinates, location history, or any geofence event. Location is also used, in the foreground only, for the SOS screen (to display your approximate address) and for picking places when you create a location-based task; that data is not transmitted off your device.

1.5 Diagnostic information

The Service may write logs locally on your device (for example, a Mail log to help you troubleshoot account problems). These logs stay on your device unless you choose to export and share them. The Service does not include a third-party analytics SDK. We do not collect crash reports through any service we operate; if you have opted in to Share with App Developers in iOS Settings → Privacy & Security → Analytics & Improvements, Apple may share aggregated, de-identified crash and performance data with us through App Store Connect, governed by Apple's terms.

1.6 Apple Intelligence and on-device AI

Where Apple Intelligence is available on your device, the Service uses Apple's on-device language model for features such as mail summaries, smart replies, triage, drafting, translation, and voice intent parsing. Inputs to these models are processed on your device by Apple's frameworks. We do not send mail content, task content, or voice transcripts to OpenAI, Google, Anthropic, or any other third-party AI provider.

1.7 Information you provide directly

If you contact us by email at the address below, we will receive the contents of your message and the email address you write from, and may keep them for as long as needed to respond and to keep a record of the conversation.

2. How We Use Information

We use the information described above to:

1. operate and provide the features you have enabled, including syncing mail, surfacing tasks, generating summaries, firing reminders and geofence alerts, drafting replies, and exporting data;
2. keep your authentication with Connected Services current (for example, by refreshing OAuth tokens);
3. protect the security and integrity of the Service, including detecting and preventing abuse, unauthorised access, or misuse;
4. comply with applicable law and respond to lawful requests; and
5. communicate with you about the Service when you contact us.

We do not use your information to:

• build advertising profiles or serve targeted advertising;
• sell your personal information to any third party;
• train or improve generalised or non-personalised artificial intelligence or machine learning models, including our own;
• enrich or supplement third-party data sets.

3. Google API Services — Limited Use Disclosure

UNKNOT's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

1. We use Gmail data only to provide and improve user-facing features that are clearly visible in the UNKNOT user interface (for example, displaying your inbox, generating summaries, drafting replies, classifying messages, sending mail you composed, and searching across your mailbox).
2. We do not transfer Gmail data to others except (i) as necessary to provide or improve such user-facing features, (ii) to comply with applicable law, (iii) for security purposes such as investigating abuse, or (iv) as part of a merger, acquisition, or sale of assets, with notice to affected users.
3. We do not use Gmail data to serve advertisements, including retargeting, personalised, or interest-based advertising.
4. We do not allow humans to read Gmail data except (i) with your affirmative consent for specific messages, (ii) when necessary for security purposes such as investigating a bug or abuse, (iii) to comply with applicable law, or (iv) where the data has been aggregated and anonymised and is used for internal operations in aggregate form.
5. We do not use Gmail data to develop, improve, or train generalised or non-personalised artificial intelligence or machine learning models. AI features that operate on Gmail content run on your device using Apple Intelligence; the content is not transmitted to us or to any third-party model provider.

4. Microsoft Graph and Other Mail Providers

If you connect a Microsoft Outlook account, the Service accesses your messages via Microsoft Graph using the delegated permissions User.Read, Mail.ReadWrite, Mail.Send, and offline_access. Access happens directly between your device and Microsoft's servers. We do not retain a copy of your Microsoft mailbox on any server we operate.

The same principle applies to Yahoo Mail, AOL, iCloud Mail, and generic IMAP/SMTP accounts: traffic flows directly from your device to the provider, and credentials or OAuth tokens are stored in the iOS Keychain on your device.

5. Sharing Information

We do not sell, rent, or trade your personal information.

We share information only in these limited circumstances:

• With Connected Services you authorise. When you connect Gmail, Outlook, Yahoo, iCloud Mail, an IMAP server, Apple Calendar, Apple Reminders, Apple Health, or any similar service, the Service transmits requests directly from your device to that provider. The provider receives whatever information is necessary to fulfil your request (for example, the contents of a reply you are sending). Each provider's own privacy policy governs the data it handles.
• With service providers we engage on our behalf. The Service does not currently use third-party servers for processing your personal information. If we engage processors in the future (for example, for analytics or backend sync), we will update this Policy and describe the categories of processors and the safeguards in place.
• For legal reasons. We may disclose information if we reasonably believe it is required to comply with applicable law, lawful government requests, valid court orders, or to protect the rights, property, or safety of users, the public, or Purvakalpa.
• In a corporate transaction. If Purvakalpa is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections, and we will notify you of any material change to this Policy.

6. Data Retention

Information stored on your device is retained for as long as you keep the Service installed and the data in question. Disconnecting a Connected Service revokes the Service's access to that account and removes the cached mailbox content for that account from your device. Uninstalling the Service removes its application sandbox, including SwiftData stores, attachment files, and Keychain items associated with the app.

Data that has been synced to your personal iCloud account through Apple's CloudKit is retained according to Apple's iCloud terms; you can manage and delete it in Settings → [Your Name] → iCloud → Manage Account Storage on iOS.

If you contact us by email, we may retain that correspondence for up to 24 months for support and record-keeping purposes, unless a shorter retention period is required by law.

7. Security

We use reasonable technical and organisational measures to protect your information:

• OAuth tokens, IMAP passwords, and SMTP credentials are stored in the iOS Keychain, which is encrypted at rest and protected by the device's hardware security.
• Mailbox content cached on your device sits inside the application sandbox, which iOS isolates from other apps.
• Network traffic to mail providers and Apple services uses TLS by default.
• The Service does not include third-party trackers or advertising SDKs.

No method of transmission or storage is fully secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you and, where required, the relevant data-protection authority, in accordance with applicable law.

8. Your Choices and Rights

You can:

• Disconnect a mailbox at any time from Settings → Mail accounts within the Service.
• Revoke OAuth access directly with the provider — Google: myaccount.google.com/permissions; Microsoft: account.live.com/consent/Manage.
• Revoke iOS permissions (Calendar, Health, Contacts, Photos, Microphone, Speech, Location) at any time from Settings → UNKNOT on iOS.
• Export your tasks as .xlsx or .unkt from the Tasks tab.
• Delete your data by uninstalling the Service or by removing items individually in the app. If iCloud sync is on, also delete the app data from iCloud as described in Section 6.
• Disable AI features from Settings → Privacy within the Service.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under the GDPR, UK GDPR, or the Swiss FADP, including rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. Most of these rights are satisfied by the in-app controls above because we do not hold copies of your personal data on our servers. To exercise any right that requires our action, contact us at the address below.

If you are in California, you may have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights. We do not "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined under the CCPA.

If you are in India, you have rights under the Digital Personal Data Protection Act 2023 (DPDP Act), including the right to access information about processing of your personal data, the right to correction and erasure of your personal data, the right to grievance redressal, and the right to nominate. You may exercise these rights and address any grievance to the contact below.

We will respond to verifiable requests within the time required by applicable law. We may need to verify your identity before fulfilling certain requests.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the Service, please contact us so we can take appropriate action. In jurisdictions where the minimum digital-consent age is higher (for example, 16 in some EU member states, 18 for the DPDP Act unless verifiable parental consent is given), the higher age applies.

10. International Transfers

Because UNKNOT is device-first, your personal information generally remains on your device and within the providers you connect, in the regions where those providers operate. Where you contact us by email, your message is received and stored by our email provider and is therefore subject to that provider's transfer mechanisms.

11. Third-Party Links and Embedded Content

The Service may render mail messages or read-it-later articles that contain links, images, or other resources hosted by third parties. To protect your privacy, the Service blocks remote image loading by default in mail bodies and shows a "Show full content" toggle before fetching external resources. Once you load remote content, the third-party host may receive standard request information (such as your IP address and user agent). We do not control and are not responsible for the privacy practices of third-party hosts.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where the changes are material, take reasonable steps to notify you (for example, through an in-app notice). We encourage you to review this Policy periodically. Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of it.

13. Grievance Officer / Contact

If you have any questions, concerns, or complaints about this Policy or our handling of your personal information — including any request to exercise your rights under applicable law — please contact:

We aim to acknowledge complaints within 7 days and to resolve them within 30 days, in line with the DPDP Act 2023.

If you are not satisfied with our response, you may have the right to refer the matter to your local data-protection authority. In India, this is the Data Protection Board established under the DPDP Act 2023.

This Privacy Policy is provided as a starting template. It is not legal advice. Before publishing, have it reviewed by a qualified attorney in your jurisdiction to ensure it accurately reflects your data practices and complies with the laws of every region where you offer the Service, including the GDPR, CCPA, DPDP Act 2023, and Apple App Store Review Guideline 5.1 (Privacy).