Privacy Policy
Effective date: May 18, 2026
This Privacy Policy explains what information Townlings (“we”, “us”, “Townlings”) collects when you use our mobile application (the “Service”), how we use it, and the choices you have. If you have questions, email us at support@townlings.com.
1. The Service
Townlings is a mobile app that lets you assemble a “town” of AI agents. Each agent runs on a schedule and performs a task on your behalf — for example, delivering a personalized summary, digest, or notification, or (if you choose to connect a third-party account) reading from or writing to that account on your behalf. The catalog of available agents grows over time.
2. Information we collect
Information you give us
- Email address — when you sign up with email or through a third-party identity provider.
- Display name — provided by the identity provider when you sign in through one, or left blank if you sign up by email.
- Username — a unique handle you choose during onboarding.
- Feedback content — anything you write into the in-app feedback form.
Information we collect automatically
- Time zone — detected from your device on each sign-in so scheduled agents fire at the right local time.
- Push notification token — issued by your device's operating system and our push notification provider so we can deliver notifications when an agent run finishes.
- Device and app metadata — when you submit feedback, we attach your app version, build number, device model, OS name, and OS version to help us debug. This metadata is not collected outside the feedback flow.
- Server logs — our infrastructure providers log standard request data (IP address, user agent, timestamps) for security and operational purposes.
Third-party account data (only when you connect an account)
Some agents require you to connect a third-party account (for example, a music service, an email provider, or a calendar). You only connect accounts you choose to connect, and you can disconnect them at any time. When you connect a third-party account, we store:
- Account label — typically the display name and email address reported by the third-party service, so the Connections screen can show which account is linked.
- OAuth access and refresh tokens — stored encrypted in an encrypted secrets vault. Our application tables only contain references to those vault entries; the raw tokens are never written into application tables.
- The scopes you granted — so each agent only requests the minimum access it needs.
- Service-specific content — only the data required by the specific agents you enable, accessed only with the scopes you granted. For example, an agent that maintains a playlist will read and write only that playlist on your behalf. An agent that summarizes incoming messages will read only the messages in scope for that agent. We do not read or write data outside what the enabled agent needs.
The list of supported providers grows over time. The current set of providers is visible in the app under Profile → Connections.
3. How we use your information
We use your information to:
- Operate the Service: authenticate you, run your enabled agents on schedule, deliver results via push notifications and the in-app feed.
- Communicate with you about your account, security, and material changes to the Service.
- Investigate and fix bugs, including by reviewing feedback you submit.
- Maintain the security and integrity of the Service.
We do not:
- Use your information for advertising or build advertising profiles.
- Sell or rent your personal information to third parties.
- Use your content to train third-party AI models. The AI providers we use for agent processing operate under API data-usage policies that do not, by default, use API inputs to train their models.
4. Service providers (sub-processors)
We share information only with the providers we need to operate the Service. Each handles only the data necessary for its role:
| Category | Purpose | Data shared |
|---|---|---|
| Cloud database and authentication provider | Storing your account, profile, and agent data; managing sign-in | Account, profile, agent, run, connection, and feedback data |
| Backend compute provider | Running agent steps and OAuth flows | Transient processing of the data above |
| Workflow scheduling provider | Triggering agent runs on schedule | Agent run metadata (user IDs, agent slugs, timestamps) — no message content |
| AI model provider(s) | LLM processing for agents that need it (summarization, generation, etc.) | Inputs the agent needs to process — public content for shared agents; content scoped to a single agent for personal agents |
| Web content fetcher | Fetching public web pages used by certain agents | Public URLs only |
| Push notification provider | Delivering push notifications | Push tokens and notification payloads |
| Third-party providers you connect (e.g. music, email, calendar) | Performing the API calls an agent makes on your behalf, under the scopes you granted | OAuth tokens, scope-limited request/response data |
| Identity providers you use to sign in | Authentication only | Standard sign-in profile (email, name) |
We may add, change, or replace specific providers within each category as the Service evolves. The current list of specific providers is available on request to support@townlings.com.
5. Data retention
- Account data — retained while your account exists. Deleted when you delete your account.
- Agent run history — retained while your account exists.
- Feedback submissions — retained for up to 24 months after submission to help us understand long-running issues.
- OAuth tokens — deleted when you disconnect a provider, or when you delete your account.
- Server logs — typically 30 to 90 days, per our infrastructure providers' defaults.
6. Your choices and rights
- Account deletion — in the app: Profile → Account → Delete Account. This permanently removes your account, agents, run history, connections, and feedback, and revokes OAuth tokens we hold.
- Disconnect a provider — Profile → Connections → select the provider → Disconnect.
- Push notifications — opt out from your device's OS notification settings at any time.
- Update your profile — Profile → Account.
- Questions or requests about your data — email support@townlings.com.
Depending on where you live, you may have additional rights under applicable privacy laws. To raise a question or request related to your data, contact us at support@townlings.com and we will respond in line with applicable law.
7. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email support@townlings.com and we will delete it.
8. Security
We protect your data with:
- Encryption in transit via TLS for all client-to-server and server-to-server traffic.
- Encryption at rest for OAuth tokens via a dedicated encrypted secrets vault, with access restricted to privileged backend roles.
- Row-level security in our database to scope every read and write to the signed-in user.
- Least-privilege access for our infrastructure.
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you as required by law.
9. International users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries where our sub-processors operate. By using the Service, you consent to this transfer.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in-app or by email and update the Effective date at the top of this page. Continued use of the Service after a change means you accept the updated policy.
11. Contact
Questions, requests, or complaints? Email support@townlings.com.