φιλία
PrivacyTermsSign in

Privacy Policy

Last updated: 17 May 2026

This Privacy Policy describes how Systo AI ("we", "us") collects, uses, and shares information when you use Phillia (the "Service") at philllia.com. By using the Service you agree to this Policy.

What we collect

Account information

Email, name, password (stored as a bcrypt hash — we never see plaintext), timezone, and any profile details you choose to add.

Content you create

Project names, descriptions, knowledge base entries, chat messages, tasks, files, calendar events, and decisions logged in your tables. This content belongs to you; we hold it on your behalf.

Integration credentials

When you connect external services — GoHighLevel, Cal.com, Zoom, Slack, Google Calendar, GitHub, Vercel, and the AI providers you choose (Anthropic, OpenAI, Google Gemini) — we store the access tokens, API keys, or refresh tokens needed to act on your behalf. These are encrypted at rest using AES-256-GCM with an operator-only key, separate from the rest of your data. You can revoke any integration at any time from your settings; on disconnect, credentials are purged within 24 hours.

Usage data

Standard log information: IP address, browser type, page paths, timestamps, and crash reports (via Sentry). We use PostHog for product analytics when you've consented to cookies.

How we use it

  • To operate the Service: storing your projects, syncing calendars, generating drafts, dispatching ADAM agent runs, etc.
  • To send transactional emails: sign-up confirmation, password resets, project notifications.
  • To improve the Service: aggregated, anonymized usage patterns.
  • To prevent abuse: detecting spam, fraud, and policy violations.
  • To comply with legal obligations.

We do not sell your data. We do not use your private content to train AI models. AI processing happens via API to the providers you configure (Anthropic, OpenAI, Google Gemini); each provider's terms apply to that processing, and none of them train on API content by default.

When we share

  • Service providers (sub-processors): application hosting (Vercel), database (Supabase, ap-northeast-1 / Tokyo), email delivery (Resend), AI processing (Anthropic; optionally OpenAI and Google Gemini if you configure them), analytics (PostHog — page views and button clicks, no chat content), error tracking (Sentry — sanitized stack traces, no personal content). Each acts on our behalf under contract.
  • External services you connect: GoHighLevel, Cal.com, Zoom, Slack, Google Calendar, GitHub, Vercel, and other tools you authorize. The data sent is whatever the integration requires and you have authorized. These are not our sub-processors — they're third-party services you grant Phillia access to.
  • Legal requests: if compelled by valid legal process, we will notify you unless prohibited.
  • Business transfer: if we're acquired, your data transfers under the same terms.

Your rights

You can request export or deletion of your data by emailing privacy@philllia.com. EU/UK residents have additional rights under GDPR (access, rectification, erasure, portability, objection, restriction). California residents have rights under CCPA (know, delete, opt-out of sale — we don't sell).

You can disconnect any integration at any time from your account integrations page (for agency-wide connections) or from each project's integrations tab (for client-scoped connections). You can delete your account from your account settings — this removes your login, your projects, and all associated content within 30 days.

Retention

We keep account data while your account is active. Deleted content is removed from production within 30 days; backups rotate out within 90 days. We retain billing records for 7 years where tax law requires it.

Security

Data in transit uses TLS 1.2+. Data at rest in our primary database is encrypted by Supabase. Sensitive secrets (OAuth tokens, GitHub PATs, Vercel tokens) are additionally encrypted at the application layer with AES-256-GCM. Passwords are bcrypt-hashed.

No system is unbreachable. If a breach affects you, we will notify you within 72 hours and provide remediation guidance.

Children

Phillia is not intended for users under 16. We do not knowingly collect data from children.

Changes

We'll update this Policy if our practices change. The "Last updated" date above reflects the current version. Material changes will be announced via email at least 30 days before taking effect.

Contact

Questions or requests: privacy@philllia.com.

Mailing address: Systo AI · (address to be added before billing launch)