Privacy Policy

1. Overview

Tensyr, LLC ("we," "us," "our") operates the RelativityOS platform and the AInstein Mail Chrome Extension (collectively, "the Services"). This Privacy Policy explains how we collect, use, and protect information when you use our Services.

RelativityOS is a business platform for independent health insurance brokers. AInstein Mail is a Chrome extension that integrates with Gmail to help insurance brokers draft replies to client emails using AI.

2. What Data We Collect

AInstein Mail Chrome Extension:

• Email content (sender, subject, body) from Gmail messages you open or that arrive in your monitored inbox — used solely to generate draft replies
• Gmail sender email addresses — to identify whether an email is from a known client
• Your Gmail account email address and display name — to personalize the extension interface and sign drafts correctly
• Your Gmail signature — fetched once during activation, cached locally for 24 hours, appended to AI-generated drafts
• Your RelativityOS Location ID — to authenticate the extension against your broker account

RelativityOS Platform (broker accounts):

• Broker contact information (name, email, phone) provided during account setup
• Inbound SMS and email messages from your clients — processed to generate AI responses
• Client contact records from your GoHighLevel/ROS CRM — accessed to provide contextual AI responses
• Usage statistics (message counts, channel breakdown, estimated API cost) — stored for 90 days
• Google Calendar free/busy availability and the connected Google account email — only when a broker voluntarily connects their Google Calendar, used solely to schedule consultation appointments (see Section 7)

Website visitors (relativityos.com):

• Standard web analytics (page views, referrer, browser type) via any analytics tools we may employ
• Information you voluntarily submit through our contact/request form

3. How We Use Your Data

• Email drafting: Email content read by AInstein Mail is sent to our AI processing server to generate a suggested reply draft. This is the sole purpose of email content access.
• AI response generation: Client message content (SMS, email, PWA chat) is processed by the Anthropic Claude API to generate broker responses.
• Account authentication: Your Location ID and Google account identity are used to verify you are an authorized user of the extension.
• Service improvement: Aggregated, anonymized usage statistics help us improve response quality and platform performance.
• Appointment scheduling: When a broker connects Google Calendar, AInstein reads free/busy availability to compute open consultation times and creates calendar events (with an auto-generated Google Meet link) on the broker's calendar to book consultations their prospects request. This is the sole purpose of Google Calendar access.
• Communications: If you contact us or request information, we use your contact details to respond.

We do not use your data for advertising, profiling, or sale to third parties.

4. Data Sharing

We share data only with the following service providers, solely to operate the platform:

• Anthropic, PBC — AI model provider (Claude Sonnet). Message content is sent to Anthropic's API for response generation. Anthropic's privacy policy applies to this processing. Anthropic does not train on API data by default.
• Airtable — Database platform. Broker configuration and knowledge base records are stored here.
• Upstash — Redis cache provider. Message session data and broker cache are temporarily stored here with short TTLs.
• Render — Cloud hosting provider for the RelativityOS server infrastructure.
• GoHighLevel / LeadConnectorHQ — CRM platform. Client contact records are accessed via API to provide contextual AI responses.

We do not sell, rent, or trade personal information to any third parties for their marketing purposes.

Mobile & SMS data: We do not sell, rent, or share your mobile phone number, SMS opt-in, or text-messaging consent with any third parties or affiliates for their own marketing or promotional purposes. Information collected as part of SMS consent is used solely to deliver the messages you opted into.

5. Data Storage & Retention

• Email content: Email content processed by AInstein Mail is transmitted to our server, processed, and discarded. It is not stored persistently.
• SMS session history: The last 8 exchanges per contact are cached in Redis for 90 days to provide conversation continuity, then automatically deleted.
• Usage statistics: Message counts and cost estimates are retained for 90 days, then automatically deleted.
• Error logs: Pipeline error logs are retained for 7 days, then automatically deleted.
• Chrome extension local storage: Your activation state (Location ID, Gmail address) is stored locally in your browser using Chrome's storage API. It does not leave your device except during authentication.
• Gmail signature cache: Your signature is cached locally in the extension for 24 hours, then re-fetched.
• Google Calendar OAuth token: The broker's Google refresh token is encrypted at rest (AES-256-GCM) and stored solely to maintain the calendar connection. It is permanently deleted when the broker disconnects Google Calendar.

6. Gmail & Chrome Extension — Specific Disclosures

Specifically, AInstein Mail:

• Reads email content to generate contextually relevant draft replies — no other purpose
• Does not store email content on our servers beyond the time needed to generate a response (typically under 10 seconds)
• Does not use Gmail data to train AI models
• Does not use Gmail data for advertising
• Does not allow humans to read your email content except as necessary for security debugging with your explicit consent
• Does not share Gmail data with third parties except Anthropic (for AI processing) as described above

The Gmail scopes used by AInstein Mail are:

• gmail.readonly — to read email content for drafting
• gmail.compose — to create draft replies
• gmail.modify — to mark processed emails
• gmail.settings.basic — to fetch your Gmail signature
• userinfo.email — to identify your Google account
• userinfo.profile — to display your name in the extension

7. Google Calendar — Specific Disclosures

When a broker connects their Google Calendar, AInstein:

• Reads the broker's free/busy availability to compute open consultation times — no other purpose
• Creates calendar events (with an auto-generated Google Meet link) on the connected broker's calendar to schedule a consultation that the broker's prospect requested
• Does not read, store, or process the content, attendees, or details of the broker's other existing calendar events — only free/busy time ranges
• Does not use Google Calendar data to train AI models
• Does not use Google Calendar data for advertising
• Does not sell, rent, or transfer Google Calendar data to any third party
• Does not allow humans to access Google Calendar data except as necessary for security debugging with the broker's explicit consent
• Never transmits health information or sensitive prospect details to Google. Events created on the broker's Google Calendar contain only a neutral title (e.g., "Health insurance consultation") and a link to a brief that is accessible solely inside RelativityOS behind broker authentication. Clinical, qualifying, or sensitive details are never placed in the Google Calendar event, its description, or the attendee invitation.

The Google scopes used for the calendar integration are:

• https://www.googleapis.com/auth/calendar.events — to read free/busy availability and create consultation events
• openid — to confirm the connected Google account
• email — to record which Google account the broker connected

The broker's Google OAuth refresh token is encrypted at rest using AES-256-GCM and is used solely to maintain the calendar connection. The broker may revoke access at any time by disconnecting Google Calendar in their RelativityOS dashboard, or at myaccount.google.com/permissions.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Deletion: Request deletion of your personal data
• Correction: Request correction of inaccurate data
• Portability: Request your data in a portable format
• Objection: Object to certain processing activities

To exercise any of these rights, contact us at privacy@tensyr.com. We will respond within 30 days.

To revoke AInstein Mail's access to your Gmail, go to myaccount.google.com/permissions and remove the AInstein Mail Extension.

To revoke AInstein's access to your Google Calendar, disconnect it from Settings in your RelativityOS broker dashboard, or go to myaccount.google.com/permissions and remove RelativityOS.

9. Security

We implement industry-standard security measures to protect your data:

• All data transmission uses HTTPS/TLS encryption
• API keys and credentials are stored as environment variables, never in code
• Access to the admin platform is protected by a secret key
• Redis cache keys use TTL-based expiration to minimize data persistence

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@tensyr.com.

10. Children's Privacy

The RelativityOS platform and AInstein Mail are designed for use by licensed insurance professionals. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that a minor has provided us with personal information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Material changes will be communicated to active users via email or a notice on the platform. Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.

12. Contact

For privacy questions, data requests, or concerns about AInstein Mail or RelativityOS: