Sovyr

Privacy Policy

Effective May 6, 2026

Who we are

Sovyr is operated by Sovyr, Inc. ("Sovyr", "we", "us"). This policy explains what personal data we collect when you use sovyr.io and related apps, how we use it, and your rights. Contact: robert@sovyr.io.

What we collect

Account data. When you sign in with Google, we receive your email address, name, and profile picture from Google. We use this to create and identify your Sovyr account.

Connector data. When you authorize Sovyr to access a third-party service (e.g. Gmail), we receive an OAuth access token + refresh token from that service. Tokens are encrypted at rest and used only to fulfill actions you explicitly request.

Content you create. Chat messages, documents, notes, slides, vault uploads, and any other content you produce inside Sovyr. We store this so the app can show it to you when you return.

Operational logs. Standard request logs (timestamp, route, status code, latency, IP) for debugging, abuse prevention, and security monitoring. Logs are retained for 30 days and rotated.

Google user data — what we access and why

When you connect your Google account through Sovyr's Connectors page, we request the following OAuth scopes:

  • openid, email, profile — to identify your Google account and show your name + email on the Connectors page.
  • gmail.readonly — to read messages you ask Sovyr to read, list, or search (e.g. "summarize my unread email from this week").
  • gmail.compose — to draft and send messages you explicitly ask Sovyr to handle. Every send action triggers an approval card in the chat — Sovyr does not send email automatically without your tap-to-approve.Draft creation skips the approval card because drafts are inert: they save to your Gmail drafts folder and only leave Gmail when you manually click Send there yourself.

We do not request the broader gmail.modify or mail.google.com/ scopes. Sovyr cannot delete email, change labels, or modify your mailbox state.

Limited Use — Google API Services User Data Policy

Sovyr's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google user data only to provide or improve user-facing features that are prominent in the Sovyr app — i.e. reading, summarizing, drafting, and sending email at your direction.
  • We do not transfer Google user data to third parties for advertising, marketing, lead generation, credit checks, or other unauthorized purposes.
  • We do not use Google user data for training or improving generalized AI/ML models.
  • We do not allow humans to read your Google user data, except: (a) with your affirmative consent for a specific message; (b) where necessary for security purposes (e.g. investigating abuse); (c) to comply with applicable law; or (d) where the data is anonymized and aggregated for usage statistics.

How Google data flows through Sovyr

When you ask Sovyr to act on your Gmail (e.g. "summarize my unread email"), the flow is:

  1. Sovyr fetches the relevant messages from Gmail using your access token.
  2. Sovyr passes the message content to a large language model provider (Anthropic, OpenAI, OpenRouter, or another model we route through) so the model can produce the response you asked for. Our agreements with these providers prohibit them from using your data to train their models.
  3. The model's response and the underlying message excerpt are written to your chat transcript so you can refer back to it. The transcript stays in your Sovyr account; we do not share it.

For send actions, Sovyr generates the draft and shows it to you in an approval card with the recipient, subject, and full body visible. The email is only sent through Gmail when you tap Approve.

Sovyr Chrome extension

The Sovyr Chrome extension hosts the Sovyr chat experience inside a Chrome side panel and gives your Sovyr AI agent the ability to read, drive, and reason about your browser at your direction. This section explains what data the extension touches and on which triggers.

On-demand: agent actions on your active tab

These run only when you explicitly ask the agent in chat (e.g. "summarize this", "click sign-in") — never on a page-load trigger, never in the background. Each call is one user message → one action.

  • Read page text — visible text of your active tab, capped at 80 KB. Sent to sovyr-web over HTTPS so the agent can reason about it.
  • Screenshot — PNG of the visible viewport of your active tab. Saved to your Sovyr Vault.
  • Navigate — open a URL in your active tab. Only http/https URLs. chrome://, file://, javascript: are rejected.
  • Click / scroll / list interactive elements — act on an element you identify by visible text or CSS selector. The agent is instructed not to click irreversible or high-stakes actions (purchase, send/submit, delete, account changes) without your explicit confirmation in the same chat turn.
  • Open research tabs in a “Sovyr” tab group — when the agent does background research on your behalf (e.g. when you ask from mobile or in chat to “look up X”), it opens new tabs in a dedicated, collapsed tab group so they don't disturb your active tab. Tabs auto-close after 30 minutes idle. Limit: 10 concurrent research tabs.
  • “Ask Sovyr” selection pill — when you select text on a page, a small button appears next to the selection. Selection text and your typed note are sent to sovyr-web only when you click Send in that popover.

All five action surfaces are triggered by an explicit user action — a chat message, a click on the selection pill, or a click in the side panel. The extension declares no content_scripts in its manifest, runs no background scripts on page load, and reads no tab the user hasn't directed the agent to read.

Optional: browsing-context summary (off by default)

When you opt in via the in-extension consent prompt (shown on first side-panel open after install) or the 📚 button in the side panel's top bar, the extension records ambient browsing signals so the agent has context for your questions without you having to retype what you were just looking at.

What's captured locally (chrome.storage.local on your machine, ring-buffered to ~500 events or 24 hours):

  • Tab URLs and titles you navigate to
  • How long you spent on each tab (dwell time)
  • Search queries from major engines (Google, DuckDuckGo, Bing, GitHub code/issue search, Stack Overflow, YouTube)
  • Bookmark add/remove events
  • Repeat-visit count per URL (capped at 7 days)

Never captured: incognito tabs;chrome:// /about: /file:// URLs; sovyr.io and the Sovyr tab-group's own research tabs; page contents; form inputs; mouse or keyboard activity. URL parameters with sensitive names (password, token, api_key, secret, auth) are redacted to [redacted] before storage.

When data leaves your machine: only when you send a chat message. At that moment the extension passes a compact, ~3 KB-capped summary header (open tabs + nav delta since the previous chat message + recent searches + recent bookmarks) to your Sovyr account over HTTPS so the AI has context for the question you just asked. The summary advances a watermark, so next message's summary contains only newer events.

Control: the 📚 button in the side panel opens an audit view where you can:

  • Toggle tracking off (kills recording immediately)
  • Pause for 30 minutes (for sensitive browsing)
  • See counts and a sample of recorded events
  • Clear all activity data with one click

Limited Use: the browsing-context summary is used only to provide the Sovyr AI's response to your question. It is not sold or shared with third parties, is not used for advertising or behavioral targeting, and is not used to train generalized AI/ML models. Same Limited Use commitments stated above for Google API data apply.

Permissions and why

  • sidePanel — open the Sovyr side panel.
  • storage — remember your environment preference, your consent for browsing context, your audit-panel settings, and (when consent is granted) the local ring-buffer of browsing events.
  • tabs / activeTab — read the active tab's URL/title for chat context labels, and grant access to the tab you're viewing when you invoke a chrome action.
  • tabGroups — group the agent's research tabs into the collapsed “Sovyr” group so they don't pollute your tab strip.
  • scripting — run small page-extraction / click / scroll helpers (declared inline in the extension package) only on tabs the agent has been asked to act on.
  • offscreen — host the long-lived connection to sovyr-web from an offscreen document. This is the MV3-recommended pattern for keeping a server-sent-events stream alive across side-panel close/reopen. The offscreen document only has access to chrome.runtime; it does not read your tabs or storage directly.
  • alarms — schedule the 30-minute idle GC for research tabs so they auto-close when the agent forgets them.
  • webNavigation — receive the navigation events that feed the opt-in browsing-context summary. No effect when browsing context is off (the recorder gates on the consent flag before recording anything).
  • bookmarks — receive bookmark-create / bookmark-remove events for the opt-in browsing-context summary (an explicit “remember this” signal). The extension does not read your existing bookmark tree.
  • Host permission <all_urls> — the agent needs to be able to read or drive whichever page you point it at. Restricting to specific origins would prevent the agent from helping you on the broad set of sites the product is for. Combined with the “no auto-run, no content_scripts, never read without an explicit user action” design above, this is the smallest permission set that makes the product work.

What the extension does NOT do: run background scripts on web pages, hijack search results, read credentials/banking pages, collect analytics or telemetry from your browsing, sell or share data with third parties, use your data to train AI models. The browsing-context summary is off by default; once enabled, the in-extension audit panel and pause/clear controls let you stop, see, or wipe the data at any time.

Sharing and sub-processors

We use the following sub-processors, each under contractual data-protection terms:

  • Fly.io — application hosting (United States).
  • Anthropic, OpenAI, OpenRouter — large-language-model inference for fulfilling your requests. None train on Sovyr API traffic.
  • Tigris / AWS S3 — encrypted object storage for vault files and workspace snapshots.

We do not sell your data, and we do not share it with advertisers.

Storage and security

  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM. The decryption key lives only in our application secret manager.
  • Database connections use TLS in transit. Object storage is encrypted at rest by the storage provider.
  • We do not persistently cache full Gmail message bodies. Messages are fetched on demand to fulfill your request and then dropped from server memory. Any excerpt that ends up in your chat transcript is content you asked us to produce.

Retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion.
  • Connector tokens: kept until you disconnect the connector or delete your account.
  • Chat transcripts and content: kept while your account is active; you can delete individual items at any time.
  • Operational logs: 30 days, then rotated.

Your rights

You can:

  • Revoke Google access at any time by visiting myaccount.google.com/permissions and removing Sovyr — or by clicking "Disconnect" on Sovyr's Connectors page.
  • Request a copy of your data, or request deletion, by emailing robert@sovyr.io. We respond within 30 days.
  • Delete your account in-app (Settings → Delete account), which removes all stored content and revokes connector tokens.

Children

Sovyr is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided data to us, email robert@sovyr.io.

Changes to this policy

We'll update this page when our practices change. The "Effective" date at the top reflects the latest revision. For material changes that expand the categories of data we collect or how we use Google data, we'll notify users by email before the change takes effect.

Contact

Questions about this policy or about your data: robert@sovyr.io.