Legal
Privacy Policy
Last updated: March 2026
1. Overview
SmoothSail ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use SmoothSail.ai ("the Service").
2. Data We Collect
We collect the following categories of data:
Account Information
Email address, name, timezone, language preferences, and authentication data (including Google OAuth tokens if you connect your Google account).
Health & Wellness Data
Nutrition logs, weight, water intake, mood, sleep data, activity logs, blood test results, medical visits, and other health metrics you choose to share.
AI Conversations
Messages you send to the AI assistant, AI responses, and contextual memory the system builds to personalize your experience.
Connected Services
If you connect Google Workspace, we access Gmail, Calendar, Drive, Sheets, and Docs data as authorized by you. OAuth tokens are encrypted at rest.
Usage Data
Feature usage patterns, error logs, and performance metrics to improve the Service. We do not sell usage data to third parties.
3. How We Use Your Data
- Provide and personalize the AI assistant experience
- Track health, nutrition, and wellness metrics you choose to log
- Generate insights and recommendations based on your data
- Process payments and manage subscriptions
- Send service notifications and updates
- Improve and debug the Service
4. Data Storage & Security
Your data is stored in Supabase (PostgreSQL, hosted on AWS us-east-1) with Row-Level Security (RLS) policies ensuring you can only access your own data. OAuth tokens are encrypted using pgcrypto. The AI Engine runs on Railway with encrypted environment variables. All data in transit uses TLS encryption.
5. Third-Party Services
We use the following third-party services to operate SmoothSail:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | Account & app data |
| Google (Gemini) | AI model provider | Conversation messages |
| Stripe | Payment processing | Email, payment info |
| Google Workspace | Email, calendar, docs (optional) | As authorized by you |
| Vercel | Website hosting | Access logs |
| Railway | AI Engine hosting | Application logs |
6. AI Data Processing
Your conversations and personal data are processed by AI models to provide personalized assistance. We do not use your data to train AI models. Conversation context is maintained per-user and isolated by Row-Level Security policies. You can delete your AI memory and conversation history at any time.
7. Data Retention
We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.
8. Your Rights
You have the right to:
- Access — Request a copy of your personal data
- Export — Download your data in a portable format
- Correct — Update inaccurate personal information
- Delete — Request permanent deletion of your account and data
- Disconnect — Revoke access to connected services (Google, etc.)
To exercise these rights, visit Settings in the app or email privacy@smoothsail.ai.
10. Children's Privacy
The Service is not intended for users under 18. We do not knowingly collect data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or a notice within the Service. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
For privacy-related questions, contact us at privacy@smoothsail.ai.
Also see our Terms of Service and Health Disclaimer.