Privacy Policy

Last updated: April 7, 2026

What is GYST?

GYST ("Get Your Sh*t Together") is a personal calendar and productivity app. We help you organize your schedule, tasks, and life — with optional AI-powered features and integrations.

What We Collect

When you create a GYST account, we store:

• Account info: Email address and hashed password
• Profile data: Name, timezone, work schedule, preferences you configure
• Calendar data: Events, tasks, reminders, and routines you create
• API keys: Third-party API keys you provide (stored encrypted, used only to call those services on your behalf)

Gmail Integration (Optional)

If you choose to connect your Gmail account, GYST requests read-only access to your email. We use this to:

• Scan for shipping confirmation emails from known carriers (USPS, UPS, FedEx, Amazon)
• Extract tracking numbers and estimated delivery dates
• Automatically create and update delivery events on your calendar

What we do NOT do with your email:

• We never read, store, or index the full content of your emails
• We never send emails on your behalf
• We never share your email data with third parties
• We only process emails matching specific shipping-related search queries

You can disconnect Gmail at any time from your Profile settings. When disconnected, we delete all stored tokens and stop accessing your email immediately.

How We Use Your Data

• To provide and improve the GYST service
• To generate AI-powered features (daily briefs, natural language event creation) — using your API keys, not ours
• To deliver push notifications you've opted into
• To track package deliveries from your email (if Gmail is connected)

We do not sell, rent, or share your personal data with advertisers or third parties.

Third-Party Services

GYST integrates with the following services when you configure them:

• AI providers (OpenAI, Anthropic, Google, Perplexity, Grok): Your API key is sent directly to these providers to process your requests. Their privacy policies apply to that data.
• Google Gmail API: Used for package tracking email scanning. Governed by Google API Services User Data Policy.
• Carrier APIs (USPS, UPS, FedEx): Tracking numbers are sent to carrier APIs to retrieve delivery status. No personal information beyond the tracking number is shared.
• Supabase: Our database and authentication provider. Data is stored securely in their cloud infrastructure.

Data Storage & Security

• Your data is stored in a PostgreSQL database hosted by Supabase (AWS, US East)
• All connections use HTTPS/TLS encryption in transit
• API keys are stored encrypted and never exposed in API responses
• Authentication uses JWT tokens with secure session management
• We do not store credit card or payment information

Data Retention

• Account data: Retained as long as your account is active
• Calendar events & tasks: Retained until you delete them
• Package tracking data: Automatically deleted 30 days after delivery
• Gmail tokens: Deleted immediately when you disconnect Gmail
• Daily briefs: Retained for 90 days, then automatically purged

Your Rights

You can at any time:

• Export all your data (Profile → Import/Export)
• Delete individual events, tasks, or your entire account
• Disconnect Gmail or revoke any third-party access
• Remove API keys from your profile

Children's Privacy

GYST is not intended for children under 13. We do not knowingly collect data from children under 13.

Changes to This Policy

We may update this policy as we add features. Significant changes will be communicated through the app. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Contact us at [email protected]

GYST — getgystapp.com