Privacy Policy

Last Updated: August 5, 2025

1. Introduction

Welcome to SmartRemind ("SmartRemind", "we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using SmartRemind, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

We collect the following types of information:

  • Contact Information: Email addresses or phone numbers that you provide for receiving reminders via our notification services.
  • Document Content: The content of PDF documents you upload for AI-powered reminder extraction and processing.
  • Prompt Data: Text prompts you submit for AI-based reminder generation in our beta prompt feature.
  • Reminder Data: Dates, times, and task descriptions generated from your documents or prompts, stored for scheduling purposes.
  • Account Information: Access keys, usage limits, and account preferences you configure for our service.
  • Payment Information: Billing data collected by our payment processor Stripe when you subscribe to our Service (we do not store payment card details).
  • Technical Data: Information about how you interact with our service, including usage patterns, error logs, and performance metrics.
  • Authentication Data: HTTP-only cookies for secure session management, email-based magic link authentication tokens, and Google OAuth authorization data including ID tokens and user profile information.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our service
  • To process your payment transactions
  • To send you reminders as requested
  • To respond to your inquiries and provide customer support
  • To improve our service and develop new features
  • To detect and prevent fraudulent activity
  • To comply with legal obligations

4. Authentication and Account Management

SmartRemind provides secure authentication through multiple methods:

  • Email Magic Link Authentication: We generate cryptographically signed links sent to your email address for secure, passwordless sign-in. These links expire after 15 minutes and are validated using HMAC signatures.
  • Google OAuth Integration: We process Google OAuth authorization codes and ID tokens to verify your identity through Google's secure authentication system. We validate your email verification status and audience claims for security.
  • Session Management: Authentication is maintained through secure HTTP-only cookies that cannot be accessed by client-side scripts, providing protection against cross-site scripting attacks.
  • Account Lifecycle: User accounts remain active for 10 years from creation, with no expiration for active users. Account status is tracked to distinguish between active, pending, and inactive accounts.

5. AI Processing and Third-Party Services

SmartRemind uses artificial intelligence and third-party services to provide our core functionality:

  • OpenAI GPT-4o Integration: Your document content and prompts are processed by OpenAI's GPT-4o model to extract dates and generate reminder descriptions. Additionally, all content (both input and output) is automatically screened using OpenAI's moderation API to ensure compliance with safety policies. This processing is subject to OpenAI's privacy policy and data usage terms.
  • Document Storage: PDF documents are temporarily stored in AWS S3 during processing and automatically deleted after analysis completion.
  • Processing Pipeline: Documents undergo text extraction, table analysis, and AI-powered content analysis before generating structured reminders.
  • Data Retention: We retain only the final reminder data (dates, times, descriptions) necessary for scheduling your notifications. Original documents are not stored permanently.
  • Token Usage Tracking: We monitor AI processing usage for billing and rate limiting purposes, but do not store the content that generated these usage metrics.
  • Content Moderation: All user inputs and AI-generated outputs are automatically screened using OpenAI's content moderation system to detect and prevent harmful content across categories including violence, harassment, hate speech, self-harm, sexual content, and illegal activities.

6. Notification Delivery

SmartRemind delivers reminders through multiple channels:

  • Email Notifications: Delivered via AWS Simple Email Service (SES) to the email address you provide during account setup.
  • SMS Notifications: Sent through AWS Pinpoint SMS Voice V2 to phone numbers you provide.
  • Scheduling: Reminders are scheduled using AWS EventBridge Scheduler and automatically executed at the specified times.
  • Message Content: Notifications include the reminder description and original event date, formatted for readability within SMS character limits.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Secure cloud infrastructure with access controls
  • Regular security assessments and updates

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party companies that perform services on our behalf, such as payment processing, email delivery, and cloud hosting. The SmartRemind team prioritizes using only high trust, secure, and compliant third-party providers. Currently SmartRemind uses the following providers:
    • Stripe, a secure and widely used payment processing service (Used by OpenAI, Lyft, Amazon, and many more trusted organizations.)
    • Amazon Web Services, the most used cloud provider. Known for security, reliability, and trustworthiness
    • OpenAI, provider of GPT-4o AI model used for document analysis and prompt processing
  • Legal Requirements: When required by law, such as in response to a subpoena, court order, or other legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

We will not sell, rent, or lease your personal information to third parties.

9. Your Data Protection Rights

Depending on your location, you may have rights regarding your personal data, including:

  • The right to access your personal data
  • The right to correct inaccurate or incomplete data
  • The right to deletion of your personal data
  • The right to restrict or object to processing
  • The right to data portability
  • The right to withdraw consent

To exercise these rights, please contact us at support@getsmartremind.com.

10. Children's Privacy

Our service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@getsmartremind.com.