Legal

Privacy Policy

Last updated · April 21, 2026

Digiyee is built on a simple principle: your data stays on the device. Customer emails, leads, CRM records, and ops data are processed locally and never leave the hardware you own. This policy explains exactly what stays local, what leaves, and why.

01Introduction & Scope

This Privacy Policy applies to the Digiyee hardware device, its pre-installed workflow library and agent software, the Digiyee website at digiyee.xyz, any companion applications, and optional cloud services we may offer. It is operated by Digiyee Labs LLC ("we," "us," "our").

02Information We Collect

We collect information in the following categories:

Account Data: Email address, name, company name, and payment information when you create an account, reserve a device, or purchase.
Device Telemetry: Hardware health metrics (temperature, uptime, storage usage), firmware version, and error logs. This is opt-in and can be disabled entirely from the device dashboard.
Usage Analytics: Aggregate statistics on feature usage (e.g., number of duties active, workflow categories used) to improve the product. No content from emails, leads, CRM records, or ops data is included.
Payment Data: Processed by our payment provider (Stripe). We do not store credit card numbers.
Website Analytics: Standard pixel and cookie data from the Digiyee website (page views, referrer, UTM parameters) to measure marketing effectiveness.

03On-Device vs. External Processing

This is the most important section of this policy.

What stays on your device (always):

All customer emails, leads, and CRM records Digiyee processes
All corporate email content Digiyee reads or drafts
All ops data pulled from your connected systems (billing, analytics, support)
All marketing and ad campaign content, audience data, and spend records
All conversation history, approval decisions, and audit logs
The preloaded workflow library and any customizations you make to it
Your integration credentials and OAuth tokens for connected services

What is sent outside the device (only in these specific cases):

Stack integrations you authorize: API calls to the services you connect (Gmail, HubSpot, Salesforce, Shopify, Google Ads, Meta, Slack, Calendly, etc.) use standard OAuth. Those API calls go directly from the device to each service — we do not intermediate them.
Firmware and workflow library updates: The device periodically checks for updates. Only version numbers and hardware identifiers are transmitted — no customer data.
Optional cloud-assisted tasks: If you explicitly enable cloud assistance for specific heavy tasks (e.g., generating large ad creative batches), only the specific task payload is sent to the provider you select (OpenAI, Anthropic, Google). This is off by default.

What is never sent anywhere:

Your raw customer data, emails, or CRM records
Your company's ops metrics or financial data
Your agent memory, audit logs, or accumulated customizations

04AI Data Processing & Model Training

We do not use your data to train AI models. Your emails, leads, CRM records, ops data, and workflow customizations are yours. They are stored locally on your Digiyee device and are not accessible to us.

If you explicitly enable optional cloud-assisted tasks routed to third-party model providers, those providers' own data policies apply. We select providers whose API terms state they do not train on API inputs by default (Anthropic, OpenAI API). You can review each provider's data policy in your device dashboard before enabling routing.

05How We Use Your Information

We use the limited data we collect to:

Process reservations, orders, account management, and customer support
Deliver firmware and workflow-library updates (over-the-air) and security patches
Improve product performance based on aggregate, anonymized telemetry (if you opt in)
Send product updates and security notifications (you can opt out of non-critical communications)
Comply with legal obligations

06How We Share Your Information

We do not sell your personal data. We never have and never will.

We share data only with:

Payment processors: To process reservations and purchases (Stripe)
Shipping and fulfillment partners: Name and shipping address only, for device delivery
Cloud model providers (if you opt in): Only the specific task payload, only when you've enabled cloud routing, only to the provider you've configured
Hosting and infrastructure: For the Digiyee website and account management (not device data)
Legal compliance: If required by law, subpoena, or court order

07Data Retention & Deletion

On-device data: Stored indefinitely on your device until you delete it. You have full control. Factory reset erases everything.

Account data: Retained while your account is active. Upon account deletion, we remove your data within 30 days, except where legal retention is required (tax, warranty records).

Telemetry data: Anonymized and aggregated. Individual device telemetry is not retained beyond 90 days.

08Data Security

Your Digiyee device encrypts stored data at rest. All network communications use TLS 1.3. The device is on your network, behind your firewall, under your physical control. We cannot remotely access your device or its contents — not for support, not for diagnostics, not for any reason.

09Children's Privacy

Digiyee is a business tool not directed at children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

10Your Rights

Depending on your jurisdiction, you may have the right to:

Access, correct, or delete your personal data
Export your data in a portable format
Opt out of telemetry collection
Withdraw consent for non-essential data processing
Lodge a complaint with your local data protection authority

11U.S. State Privacy Rights

If you are a California resident (CCPA/CPRA), you have additional rights including the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data. For requests, email privacy@digiyee.xyz.

12EEA/UK Rights (GDPR)

If you are in the EEA or UK, our legal bases for processing are: contract performance (order fulfillment), legitimate interest (product improvement via anonymized telemetry), and consent (marketing communications). You may contact our Data Protection Officer at dpo@digiyee.xyz.

13International Data Transfers

Your device data stays on your device — no international transfer. Account and website data may be processed in the United States. We use Standard Contractual Clauses where required for cross-border transfers.

14Changes to This Policy

We will notify you of material changes via email and a prominent notice on our website at least 30 days before they take effect.

15Contact

All inquiries: privacy@digiyee.xyz