Privacy Policy

1. Introduction

This Privacy Policy explains how Mellow ("we," "us," or "our") collects, uses, shares, and protects your personal data when you use our Service. The Service includes the Mellow mobile application and any related website (including getmellow.com). Mellow is operated by Outfit My AI, Inc., a Delaware corporation doing business as "Mellow" and "getmellow.com." For the purposes of data protection laws (such as the GDPR), Outfit My AI, Inc. is the data controller of your personal information.

We are based in the United States, and personal data we collect may be processed in the U.S. or other countries. If you are located outside the U.S., please note that your information will be transferred internationally to the U.S. where our systems are located. We will take appropriate safeguards to protect your data during such transfers in accordance with applicable law.

By using Mellow, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service. We may update this Policy from time to time (see the "Changes" section below). If you have any questions about our privacy practices, you can contact us at info@getmellow.com.

2. Information We Collect

We only collect personal information that is necessary to provide and enhance the Service. This information falls into a few categories:

• •
  Information You Provide: When you create an account or use Mellow, you may provide certain information to us. This includes your account details (such as your name, email address, and a password) and any content you choose to input into the app (for example, tasks, notes, or reminders). If you contact us for support or communicate with us via email, we will collect the information you provide in those interactions (such as your contact details and the content of your messages).
• •
  Third-Party Integrations: Mellow offers optional integrations with third-party services to enhance your productivity. For example, you may choose to connect your calendar, email, or task management accounts to Mellow. With your explicit consent, we will access and process data from those connected services – for instance, reading your calendar events to help schedule tasks, or accessing your email (headers or content) to assist in drafting or sorting tasks related to communications. We will only retrieve the specific data needed to provide the feature you've enabled. Important: Our use of any information from integrated Google services (such as Gmail or Google Calendar) adheres to Google's API Services User Data Policy, including its Limited Use requirements. This means we do not use data from your Google account for anything other than providing the Mellow features you've selected (for example, we will not use your email data for advertising or share it with unauthorized third parties). You can disconnect Mellow from any third-party account at any time via the app settings.
• •
  Usage Data (Automatic Collection): When you use Mellow, we automatically collect certain technical information about your device and how you use the app. This includes data such as your device type and operating system, unique device identifiers, IP address, log information (e.g. how and when you interact with the app), usage and analytics data (features used, screens viewed, etc.), and crash reports if the app encounters an error. We may use third-party analytics tools (that operate within the app or on our website) to gather this information. This data helps us understand performance and improve the Service. Wherever possible, we use this information in aggregated or de-identified form, and we do not link it to your identity except as needed for legitimate analytics or debugging purposes.
• •
  Cookies and Similar Technologies: If you use our website, we may use cookies or similar tracking technologies to remember your preferences and understand how the site is used. These may collect information like your browser type, referral URLs, and pages visited. You can adjust your browser settings to refuse cookies, but note that some site features might not function properly without them. (The Mellow mobile app itself does not use traditional cookies, but may store data locally on your device as needed for functionality).

We do not collect any sensitive personal data about you unless strictly necessary and with your consent. For example, Mellow does not ask for or track information about your race, ethnicity, health, biometric identifiers, or financial account details. Any permission-based access (such as to your calendar, contacts, microphone, etc.) will be clearly requested via your device's operating system prompts, and you have the choice to grant or deny such requests. If you later change your mind, you can revoke permissions through your device settings.

3. How We Use Your Information

We use the collected information for the following purposes, in accordance with applicable legal bases:

• •
  To Provide and Maintain the Service: We use your information to operate Mellow's core functionality. For example, we use your account data to log you in, your task entries to manage and display your to-do list, and your integrated calendar/email data to perform the background work of scheduling or drafting communications on your behalf. This processing is generally necessary to fulfill our contract with you (the Terms of Service) and provide the features you request.
• •
  To Personalize and Improve the Service: We continually strive to make Mellow more helpful. We may analyze usage patterns to improve our user interface, develop new features, and optimize performance. For instance, we might use usage data and feedback to refine our task recommendation algorithm or streamline certain workflows. We may also personalize aspects of the Service to you – such as suggesting task scheduling times based on your past behavior or sending reminders suited to your schedule. We rely on our legitimate interests in improving our product, but we do so in a way that does not override your rights and freedoms.
• •
  To Synchronize Data Across Devices and Services: If you use Mellow on multiple devices, or if you integrate third-party services, we use your information to sync data and ensure a seamless experience. For example, tasks you add on your phone may be backed up to our cloud and available on another device, and changes in your connected calendar can be reflected in the app. This is part of providing the Service as requested.
• •
  To Communicate with You: We use your contact information (like your email address) to send you service-related communications. These include confirmation emails, support responses, important updates about the app, and notifications about changes to our terms or this privacy policy. We may also send you product announcements, newsletters, or promotional offers about Mellow, but only in accordance with applicable law – for example, if you have opted in to such communications or if they are permissible on the basis of our existing relationship. You can opt out of marketing emails at any time by clicking the unsubscribe link in those emails or contacting us.
• •
  For Customer Support and Troubleshooting: If you contact us with a problem or question, we will use the information you provided (and possibly some account or technical info) to help resolve your issue. This may include troubleshooting technical glitches, responding to your inquiries, or providing guidance on how to use Mellow's features. We do this to fulfill our contract with you (providing support is part of the service) and based on our legitimate interest in maintaining user satisfaction.
• •
  To Ensure Safety, Security, and Integrity: We may process data as needed to prevent fraud, abuse, and misuse of Mellow. For example, we might monitor login attempts to detect suspicious activity or use automated scanning to ensure tasks and content comply with our Terms. We also use data to debug and fix errors (e.g., using crash logs to identify issues). These activities are in our legitimate interests to protect the Service and our users, and in some cases to comply with legal obligations (such as safeguarding personal data).
• •
  To Comply with Legal Obligations: We may use or disclose your information to the extent necessary to comply with applicable laws, regulations, legal processes, or governmental requests. For instance, we might retain certain records to meet financial reporting laws, use your data to fulfill privacy rights requests, or disclose information pursuant to a lawful subpoena or court order (more on this in the "Sharing" section). We also may use your data to enforce our Terms of Service or to establish or exercise our legal rights or defend against legal claims.
• •
  With Your Consent, for Other Purposes: In specific cases, we may ask for your consent to use your information for a purpose that is not covered by the above. If we do so, we will explain clearly what we are asking you to agree to, and you are free to decline. If you give consent, you may withdraw it at any time, and we will stop the use of your data for that purpose.

We make sure that we have an appropriate legal basis for each use of your information (e.g., contract necessity, legitimate interests, consent, or legal obligation). Where we rely on our legitimate interests, we take into account the potential impacts on you and will provide opt-outs when required. We do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on you without your consent.

4. How We Share or Disclose Information

We treat your personal data with care and do not sell or rent your personal information to third parties for their own marketing purposes. We share information only in the following circumstances:

• •
  Service Providers (Processors): We may share your information with third-party companies and individuals that perform services on our behalf (commonly known as "service providers" or data processors). These services include, for example, cloud hosting and data storage, analytics, email delivery, crash reporting, customer support tools, and so on. We only share the information necessary for these providers to carry out their work for us. They are contractually obligated to safeguard your data, use it only for the purposes we specify, and to comply with privacy and security standards at least as strict as our own. Examples might include using a cloud infrastructure provider to store data (who cannot access your data except as needed to maintain the service), or using an email delivery service to send our communications to you.
• •
  Integrated Third Parties: If you explicitly choose to integrate a third-party account with Mellow, you direct us to share certain data with that service as needed to perform the integration. For instance, if you enable an integration that sends tasks to another app or receives data from another app, we will share data with that app only as instructed by you. Such sharing is part of providing the features you've opted into, and we will make clear what is being shared at the time you connect the integration. We do not control how third-party services use information you share with them, and their use is governed by their own privacy policies.
• •
  Business Transfers: If we are involved in a merger, acquisition, investment, financing, or sale of all or a portion of our business or assets, your information may be transferred to the involved third party as part of that transaction. We will ensure that any such transfer is subject to appropriate confidentiality and security measures, and we will provide notice to you (for example, via email or a prominent notice in the app) if your personal data becomes subject to a different privacy policy as a result of a business transaction.
• •
  Legal Requirements and Protection: We may disclose your information if we in good faith believe such action is necessary to comply with a legal obligation or government request; to enforce our Terms of Service or other agreements; or to protect the rights, property, or safety of Mellow, our users, or the public. Examples include responding to lawful subpoenas or warrants, addressing fraud or security issues, or pursuing or defending against legal claims. If we receive a request for your data from law enforcement or another authority, we will attempt to redirect the requesting party to seek the data directly from you, or we will notify you of the request unless we are legally prohibited from doing so.
• •
  With Your Consent: Apart from the cases listed above, we will only share your personal information with third parties when we have your consent to do so. If we ever contemplate sharing your information in new ways not covered by this Policy, we will seek your permission first. For instance, if we wanted to use a new marketing partner to offer a promotion and that involved sharing your email address, we would ask if you'd like to opt-in to that sharing.

In all cases of sharing, we minimize the data disclosed to only what is necessary for the specific purpose. We also require third parties to whom we disclose personal data to uphold appropriate confidentiality and data protection standards.

5. Data Retention

We retain your personal information only for as long as needed to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In practical terms:

• •
  Account Data: We keep your account information and content for as long as your account is active. If you decide to delete your account or request deletion of your data, we will delete or anonymize your personal data, except for information we are required to keep by law or for legitimate business purposes. Account deletion will result in removal of personal content (like your tasks, notes, etc.) from our live databases within a reasonable period, typically within 30 days as described in Appendix A.
• •
  Integrated Data: If you disconnect a third-party integration (such as your email or calendar), Mellow will stop collecting data from that source immediately. Any data already collected from that integration will be retained or deleted according to the same principles as other account data.
• •
  Usage Data: Analytics and log data may be retained for a shorter period, unless used for security analysis. We generally aggregate or anonymize usage data after a certain time (e.g., 12-24 months) so it can no longer be linked to individual users, and use it for long-term trend analysis and service improvements.
• •
  Communications: If you contact us, we may retain correspondence (such as support emails or chat logs) for a period of time, to help us manage your inquiry and for training or quality assurance purposes. Typically, support emails are retained for at least one year in case you have follow-up issues, but we can delete them sooner upon request if feasible.

In some cases, we may retain certain information for longer periods as necessary: (a) to comply with our legal obligations; (b) to resolve disputes or enforce our agreements; or (c) as otherwise required for legitimate business purposes like auditing, security, fraud prevention, and ensuring continuity of our services. When we no longer have a legitimate need to retain your information, we will securely delete or anonymize it.

6. Security Measures

We take the security of your personal information seriously. We implement industry-standard security measures to protect data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• •
  Encryption: Data exchanged with the Mellow app and servers is encrypted in transit using HTTPS (TLS). Sensitive personal data and credentials stored on our servers are also encrypted at rest. For example, passwords are stored using secure hashing algorithms, and any integration tokens (like authentication tokens for third-party services) are encrypted.
• •
  Access Controls: We limit access to personal data to only those employees, contractors, and service providers who require it to operate or improve the Service. All such personnel are subject to confidentiality obligations. Administrative access to systems is protected via strong authentication and is logged and audited.
• •
  Security Testing: We conduct regular assessments of our systems, including vulnerability scanning and occasional penetration testing, to identify and address potential security weaknesses. Our software development process includes security reviews and best practices to prevent common vulnerabilities.
• •
  Monitoring and Logging: We monitor the Service for unusual activity and may employ automated systems to detect fraudulent or unauthorized behavior. We maintain logs of certain activities (such as logins, significant account actions, API calls) to assist in security monitoring and investigations.
• •
  Breach Notification Protocols: Despite all measures, no system is completely immune to incidents. We have a response plan in place for dealing with security breaches. In the unlikely event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law, and will provide guidance on protective steps you can take. We will also take immediate steps to mitigate the breach and prevent future occurrences.

Please understand that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You can also play a part in safeguarding your information by using strong passwords, keeping your credentials confidential, and notifying us if you suspect any unauthorized access to your account.

7. Your Privacy Rights and Choices

Depending on your location and applicable privacy laws, you have certain rights regarding your personal data. We are committed to honoring these rights and providing you with control over your information. The rights available to you may include:

Submitting Requests: To exercise any of the above rights or to inquire about your personal data, you can submit a request to us by contacting info@getmellow.com. Please include "Privacy Request" in the subject line and clearly state your request. We will need to verify your identity to process certain requests, especially for access, deletion, and correction.

Response Timing: We will confirm receipt of your request within 10 days and aim to substantively respond within 30 days for GDPR requests, and within 45 days for CCPA requests. We will not charge you for these requests in most cases.

8. Children's Privacy

Mellow is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old (or under the minimum age allowed by local law in other jurisdictions, which is 16 in some countries). If you are under 13, please do not use Mellow or provide any personal data to us. If we learn that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information promptly.

Parents or guardians who believe that Mellow might have collected personal information from their child can contact us at info@getmellow.com to request deletion of the data. We will ask for verification of the requestor's relationship to the child before honoring such requests.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

Email: info@getmellow.com

This email is the preferred and official contact method for all privacy-related inquiries. We currently do not maintain a customer service telephone line or a physical mailing address for privacy correspondence. As an online-only service, providing a contact email address is sufficient to meet legal requirements for accessibility of contact information. We are committed to responding to legitimate inquiries or requests as quickly as possible, typically within a few business days.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will post the updated Policy on our website (and within the app) and update the "Last Updated" date at the top. In the event of material changes – for example, if we plan to use your personal data for new purposes not previously disclosed – we will provide a more prominent notice of the change, such as via an email notification or an in-app alert, and if required by law, obtain your consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Mellow after any changes to this Policy means you acknowledge and agree to the updated terms of the Privacy Policy.

Appendix B: iOS App Permissions Table

For transparency, here are the key device permissions Mellow may request on iOS, why we ask for them, and whether granting them is mandatory or optional for using the app:

Please note: If in the future Mellow requests additional permissions (for example, Contacts, Location, Camera, etc.), we will update this table and explain the purpose. We will not access any such data without your explicit permission. Apple's App Store guidelines require that we only request permissions that are necessary for the app's functionality, and we adhere to that principle by using the minimum data required to deliver a great user experience.

You are in control of granting or revoking these permissions. If you initially grant a permission and later change your mind, you can always go to your iOS Settings > Mellow and toggle off any permissions you no longer want Mellow to have. The app is designed to handle lack of permissions gracefully (for example, if you deny calendar access, Mellow simply won't integrate with your calendar).