Brilyi.com (“Brilyi,” “we,” “us,” or “our”) is owned and operated by Shadowhill Enterprises LLC. This Privacy Policy explains how we collect, use, disclose, and retain personal information in connection with our AI-powered telephony, SMS, email, and calendar integration services. By using Brilyi.com (the “Service”), you agree to the collection and use of information as described here.

2.1 User-Provided Information

• Account Data: name, email address, organization details, and billing information.
• Configuration Data: AI agent names, personalities, prompts, and tool credentials (e.g., Telephony Service Partner API keys, Google Calendar OAuth tokens).

2.2 Service & Usage Data

• Telephony Data: phone numbers purchased or provisioned via our Telephony Service Partners, call metadata (CallSid, timestamps, statuses), and recordings/transcripts.
• Messaging Data: SMS and email logs—including sender/recipient, message body, and delivery status.
• Calendar Events: event details (titles, times, attendees) when users connect their calendar tools.

2.3 Automated & Device Data

• Log Data: IP addresses, browser and device characteristics, operating system, and crash/error reports.
• Cookies and Tracking: session cookies, authentication cookies, and analytics cookies to keep you logged in, secure our Service, and understand usage patterns.

• Service Delivery: to route and manage phone calls, SMS, emails, and calendar events.
• AI Processing: to generate and transcribe conversations via OpenAI’s API.
• Billing & Analytics: to calculate usage-based fees, monitor system health, and improve our Service.
• Notifications: to send transcripts, alerts, and administrative messages via email or SMS.

Brilyi provides integration with Google Calendar to enable users to easily manage and automate scheduling services. If you choose to connect your Google Calendar account within our service, we utilize Google's OAuth protocols to securely obtain permission and access your calendar data. This disclosure explains exactly how we access, use, store, and share Google user data related to our calendar integration.

Data that we Access and Use

• Read Access: We access calendar events, appointments, availability, time slots, event titles, dates, times, attendees, and scheduling details to validate availability and prevent scheduling conflicts.
• Write Access: With your explicit permission, Brilyi creates, modifies, or deletes events in your Google Calendar according to your actions within our app, facilitating automated booking and scheduling management.

We use Google Calendar data exclusively to:

• Provide accurate scheduling and appointment booking features within Brilyi.
• Add, update, and manage calendar events on your behalf, directly through Brilyi.

Data Storage and Security

• Brilyi securely stores encrypted Google OAuth tokens (access and refresh tokens) to maintain integration functionality.
• We do not replicate or store your entire Google Calendar data. Event details are accessed as needed in real-time.

Data Sharing and Disclosure

• We do not share Google Calendar data with third parties for marketing or promotional purposes.
• Your data is shared only with Google’s API services for functionality purposes and integration management.

Compliance with Google's Limited Use Policy

Our use of information received from Google APIs adheres strictly to the Google API Services User Data Policy, specifically Google's Limited Use requirements. We:

• Only use Google data to provide and improve calendar-related functionality within Brilyi.
• Do not transfer or sell Google user data to third-party apps, vendors, or advertising networks.
• Do not use your data for advertising purposes.

In-Product Privacy Notifications

Brilyi provides clear, accessible in-product notices whenever you authorize and connect your Google account. These notices detail requested permissions and data use. You can review, modify, or disconnect your Google integration anytime through your organization dashboard.

Keeping Privacy Policies Current

We regularly review and update our privacy disclosures related to Google Calendar usage. We will notify you through the app interface, email, or on Brilyi.com about significant updates in data handling or security practices.

Questions or Requests

If you have questions regarding Brilyi's use of Google Calendar data or need additional clarification, contact us at support@brilyi.com.

Brilyi's use and transfer of Google user data obtained through the Google OAuth API (including Google Calendar integration) comply strictly with Google's Sensitive and Restricted Scopes policies, the Google API Services User Data Policy, and the Google Developer Policy.

Appropriate Access:

• We limit requests to Google user data to only those API scopes essential for providing scheduling and appointment booking functionality clearly visible and prominent in our application interface.

Limited Use of Data:

Brilyi complies with Google's Limited Use requirements:

• Your Google data is used only to provide or improve user-facing functionality related to scheduling and appointment management within the Brilyi application.
• Transfers of your Google user data are restricted and permitted only under the following circumstances:
  • To support or enhance features visible in our application's user interface, and only with your explicit consent.
  • For security measures, such as detecting, preventing, or addressing abuse or security issues.
  • Where required to comply with applicable laws or regulations.
  • In connection with a merger, acquisition, or other business transfer, with your explicit consent.
• No human access to calendar data occurs except:
  • With explicit user-initiated approval to provide technical support, bug investigation, or issue resolution.
  • For security investigation purposes.
  • To comply with legal obligations.
  • When aggregated and anonymized data is reviewed internally to ensure service reliability and security.

Prohibited Use:

We explicitly prohibit the use, transfer, or sale of your Google user data for:

• Selling or transferring user data to advertisers, data brokers, information resellers, or advertising networks.
• Personalized advertising or retargeting based on collected Google user data.
• Determining credit-worthiness, lending, or similar purposes.

Secure Data Handling & Security Assessment:

• Brilyi adheres to stringent data security practices, including encryption, secure token storage, and strict access controls aligned with Google's security standards.
• If required based on API usage or the number of user grants, Brilyi will complete the annual security assessment process conducted by a Google-designated third-party auditor to maintain API access. Additional details can be found at the OAuth Application Verification FAQ.

Enforcement:

Brilyi accesses Google API Services strictly according to the Google APIs Terms of Service. In cases of non-compliance with Google’s Terms of Service, API policies, or Developer guidelines, your access to Google integrations within our application may be suspended or revoked. We will take immediate corrective actions to maintain compliance at all times.

Internal Compliance:

We ensure that Brilyi's employees, contractors, agents, and successors strictly adhere to these policies, specifically regarding Google's Sensitive and Restricted API Scopes.

Updates & Notifications:

We regularly update this section and our practices to reflect changes in Google's policies, API functionality, or applicable regulations. If we make material updates, notifications will be clearly communicated via email, within the application, or prominently on Brilyi.com.

If you have questions specifically regarding our compliance with Google's API policies, please contact us at support@brilyi.com.

Brilyi's use of data obtained through Google Workspace APIs (including but not limited to Google Calendar integration) strictly complies with Google's policies governing the use of data for Artificial Intelligence (AI) and Machine Learning (ML), specifically the prohibitions outlined in the Google API Services User Data Policy and applicable Google Developer Policy.

No Generalized AI/ML Model Usage:

• Brilyi explicitly affirms that data accessed through Google Workspace APIs is not used in any form to develop, improve, train, or otherwise support generalized artificial intelligence or machine learning models.
• The data obtained from Google APIs is solely used to deliver and enhance specific, approved user-facing features clearly outlined within the Brilyi application and privacy policy.

Data Minimization and Limited Use:

• Brilyi requests and utilizes only the minimum level of access required to implement calendar and scheduling functionality in direct accordance with Google’s Limited Use requirements.
• Data accessed via Google Workspace APIs is never retained, shared, or processed for purposes beyond providing or improving the directly related features within Brilyi.

Internal and External Compliance:

• We maintain internal processes and oversight measures ensuring full adherence by all employees, contractors, and agents to this AI/ML usage prohibition.
• Any concerns or queries regarding our compliance can be directed to: support@brilyi.com.

Updates & Notifications:

This disclosure will be consistently reviewed, updated, and maintained to reflect any changes in applicable Google API policies or regulations. Material updates will be communicated clearly via email, in-app notifications, or prominently on Brilyi.com.

If you have any questions about our compliance with Google's AI/ML usage policies as they relate to Google Workspace APIs, please contact us at support@brilyi.com.

We may share your information in the following circumstances:

• Service Providers:
  • Our Telephony Service Partners for telephony functions; they receive call data and recordings.
  • OpenAI for AI transcription and response generation.
  • Stripe or Freemius for payment processing.
  • Google for calendar integrations.
• Legal Requirements: to comply with subpoenas, court orders, or applicable laws.
• Business Transfers: if Brilyi is merged, sold, or acquired, customer data may be transferred under the same privacy terms.

• Call Logs & Transcripts: retained for up to 24 months by default, unless your organization settings specify a shorter period.
• SMS & Email Logs: retained for up to 12 months to support auditing and troubleshooting.
• Account Information: retained as long as your account is active, plus a reasonable period afterward to resolve disputes or comply with legal obligations.

You may request deletion of your personal data by contacting us at support@brilyi.com.

• Authenticate and maintain your session.
• Analyze Service usage and performance.
• Provide advertising and marketing communications (with your consent).

• Encryption: TLS for data in transit; AES-256 for data at rest.
• Access Controls: role-based permissions via ASP.NET Identity.
• Monitoring & Auditing: logging of all administrative and API actions.

• Access & Portability: you may request a copy of your personal data in a machine-readable format.
• Correction & Deletion: you may update or delete your data at any time via your account settings or by contacting us.
• Opt-Out: of marketing emails by clicking “unsubscribe” or contacting support@brilyi.com.

Our Service is not intended for children under the age of 13, and we do not knowingly collect personal information from children.

We may update this Privacy Policy as our Service evolves. We will notify you of material changes via email or through a notice on Brilyi.com, and update the “Last Updated” date below.

Last Updated: May 3, 2025