Privacy Policy
Last updated: 01.01.2025
1. Introduction
Welcome to our Privacy Policy. At Linnik IT, your privacy is paramount. This policy informs you of the measures we’ve put in place to protect the personal data you share with us, especially when you register for early access on our platform hosted on AWS Lightsail.
2. Data Collection
We collect and process the following user data:
- Email addresses for early access registration to Mr. Chamberlain. These are retained solely for providing access and not used for other marketing purposes.
- Google Calendar data, including events, to provide scheduling and organizing functionalities. We do not store any Google Calendar data. We access the calendar only to schedule new events and lookup events for a specific day when asked. We do not store the retrieved raw information after processing the user request.
- Gmail data, including email content and metadata, to provide email management functionalities when explicitly authorized. We do not store any Gmail data. We access emails only to search, read, and create draft responses when requested. We do not store the retrieved email information after processing the user request.
- User interactions with Mr. Chamberlain via Telegram, which are processed to enhance user experience. These interactions are:
- Automatically summarized to maintain a maximum of 1600 words of context
- Stored in a vector database for efficient retrieval
- Automatically pruned when exceeding token limits
- Deletable at any time using the /reset command
- Documents and media shared with Mr. Chamberlain for long-term memory storage (only with explicit user consent)
3. Data Usage
The data we get is used to:
- Provide personalized scheduling and event organization in Google Calendar.
- Provide email management capabilities including search, reading, and draft creation in Gmail.
- Enhance user experience by offering intelligent appointment scheduling through Mr. Chamberlain.
- Ensure the security of our form submissions via Google ReCaptcha v3, which may set cookies on your browser for this purpose.
- Maintain conversation context through our vector database system.
- Process and store user-approved long-term memories.
4. European Data Residency and GDPR Compliance
Your data stays in Europe. We are committed to full GDPR compliance and European data sovereignty:
- EU-Only Processing: All data processing occurs exclusively within European Union jurisdiction
- Zero Third-Country Transfers: No personal data is transferred outside the European Economic Area (EEA)
- AWS EU Regions: Our infrastructure is deployed exclusively in AWS European regions (Frankfurt, Ireland)
- Vector Storage: All long-term memory and conversation vectors are stored in AWS S3 within EU boundaries
- Data Protection Officer: Available for any GDPR-related inquiries at support@mrchamberlain.eu
5. Data Sharing
We process user input exclusively with EU-compliant third-party processors:
- Telegram for secure message processing through Mr. Chamberlain. Important limitation: While Telegram stores EU user data in Netherlands data centers, they do not provide a Data Processing Agreement (DPA) for business use. For EU-specific privacy details, see Telegram’s EU Privacy Policy.
- OpenAI/Azure OpenAI (EU) for AI response generation within European data centers
- AWS (EU regions only) for hosting, computing, and secure infrastructure
- AWS S3 Vectors (EU) for long-term memory storage and conversation context within European boundaries (optional)
- Google Calendar (optional) for calendar integration when explicitly authorized by users
- Gmail (optional) for email management when explicitly authorized by users
6. Data Storage and Security
We implement multiple layers of data storage and security:
- Technical logs are retained for 30 days and then automatically deleted
- Conversations are stored in two forms:
- Short-term memory: Complete recent messages
- Long-term memory: Summarized conversations in vector database
- AWS S3 Vector storage (EU-only, optional):
- Uses semantic embeddings for efficient conversation retrieval
- Automatically deduplicates similar content to minimize storage
- Implements relevance scoring for contextual responses
- Encrypted at rest and in transit within EU boundaries
- No cross-border data transfers or replication
- User-controlled deletion through bot commands (/reset, /delete)
- Secure AWS infrastructure exclusively in EU regions (Frankfurt/Ireland)
- End-to-end encryption for all data transmission
7. User Rights
As per GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct any inaccuracies in your data.
- Request the deletion of your data.
- Withdraw consent at any time.
- Object to the processing of your data.
If you have concerns regarding the processing of your personal data, please contact us at support@mrchamberlain.eu.
8. Privacy Commands
Mr. Chamberlain provides the following privacy-related commands:
- /privacy – View our privacy policy
- /reset – Delete your conversation history
- /delete – Remove specific stored content (use as reply)
- /settings – Manage your privacy preferences
- /summary – View your stored conversation context
9. Consent Management
Mr. Chamberlain implements a privacy-first approach, requiring explicit consent for specific features:
- Google Calendar integration requires OAuth authorization
- Gmail integration requires OAuth authorization
- Long-term memory storage requires confirmation before storing content
10. Policy Updates
We regularly review and update this privacy policy to ensure it accurately reflects our data handling practices and complies with relevant regulations. Major changes include:
- Addition of privacy-related commands
- Clarification of data storage practices
- Enhanced consent management
- Detailed AWS S3 Vector storage implementation
- Strengthened European data residency guarantees