Privacy Policy

Last updated: June 12, 2026

itshello.io ("we", "us", the "Service") is operated by Hello.io Technologies. This page explains what data we collect, why we collect it, how we use it, and your choices around it. If anything here is unclear, email us at info@itshello.io.

1. Who we are and what we do

itshello.io is an iMessage-native AI character platform. Creators and businesses build AI characters that text with their fans / customers over iMessage. Some characters can take real actions on a user's behalf — for example, sending email, generating documents, or saving files to Google Drive — when the user explicitly grants that permission.

2. Data we collect

Account & conversation data

Google Account data we access

When you tap a "Connect Google" link sent to you in iMessage, we ask Google for a narrow set of scopes:

We never store the contents of your Drive or your Gmail. We store the OAuth access token and refresh token (encrypted at rest with AES-256) so we can perform the actions you ask for without re-prompting on every request. You can revoke access at any time at myaccount.google.com/permissions — once revoked, our copy of the tokens stops working immediately.

Payment data

Payments are processed by Stripe. We never see, store, or have access to your full credit card number. We store the last 4 digits and a Stripe customer ID for receipt and refund purposes.

Telemetry

We log standard server telemetry (request paths, status codes, timing) to debug issues and detect abuse. Logs are retained for 30 days.

3. Conversation visibility, monitoring, and safety

Be aware of this before you message a character: conversations on the Service are not private from the platform or from the business or creator (the "Operator") whose character you are messaging. Message content is processed by our systems to generate every reply (that is how the AI works), and:

4. How we use Google user data, specifically

Google requires us to call this out plainly. itshello.io's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

5. How we share data

We share data only in these specific cases:

6. Data retention

7. Your rights

You can:

8. Security

We use AES-256 encryption at rest for sensitive fields (including OAuth tokens), TLS 1.2+ in transit, row-level security on every database table, and signature verification on inbound webhooks. We disclose any data breach affecting your information within 72 hours of discovery.

9. International users

Our infrastructure is located in the United States. By using the Service, you consent to your data being transferred to and stored in the U.S. We comply with applicable data-protection laws including GDPR (for EU users) and CCPA (for California users).

10. Children

The Service is for adults. You must be at least 18 to use it, and it is not directed to anyone under 18. We do not knowingly collect data from anyone under 18; if you believe we have, contact us and we'll delete it and terminate the account.

11. Changes to this policy

If we make material changes — adding new scopes, new data categories, new sharing partners — we'll notify users via iMessage at least 14 days before the change takes effect. The "Last updated" date at the top reflects the latest revision.

12. Contact

Hello.io Technologies
Email: info@itshello.io
For Google data-handling questions specifically: info@itshello.io