← Back

Privacy Policy

Last updated: March 3, 2026

Overview

Chief of Staff (“the Service”) is a personal AI assistant operated by Jacob Reyf at reyf.ai. This policy describes how we collect, use, and protect your information.

Information We Collect

We collect and process the following data:

  • Phone number (for authentication and iMessage communication)
  • Financial account data via Plaid (account balances, transaction history)
  • Email data via Gmail API (email metadata, message content for triage)
  • Conversation history (messages sent and received via iMessage)
  • Learned preferences and patterns (stored in our memory system)

How We Use Your Data

  • Monitor and categorize financial transactions across your accounts
  • Triage and summarize incoming email
  • Provide AI-powered analysis and recommendations via iMessage
  • Learn your preferences over time for better categorization
  • Generate daily digest summaries

Financial Data (Plaid)

We use Plaid to connect to your financial institutions. When you connect a bank account:

  • Plaid securely transmits your financial data to our service
  • We store account identifiers, transaction history, and balances
  • We do not store your bank login credentials — Plaid handles authentication
  • We do not sell, share, or rent your financial data to third parties
  • Financial data is retained for as long as your account is active
  • You can disconnect accounts at any time, which stops new data collection

By using Plaid, you agree to Plaid’s End User Privacy Policy.

Email Data (Gmail)

  • We access Gmail via OAuth with your explicit consent
  • Email content is processed for triage and summarization
  • We do not store full email content long-term — only metadata and AI-generated summaries
  • You can revoke Gmail access at any time via your Google Account settings

Data Security

  • All data is encrypted in transit (HTTPS/TLS)
  • Sensitive tokens (Plaid access tokens, OAuth tokens) are encrypted at rest using AES-256-GCM
  • Data is stored in Supabase with row-level security policies
  • API keys and encryption keys are stored as environment variables, never in code or database
  • Webhook endpoints verify cryptographic signatures to prevent spoofing
  • Authentication uses time-limited verification codes sent via iMessage

Data Retention

  • Transaction data: retained for 24 months, then archived
  • Email summaries: retained for 12 months
  • Conversation history: retained for 12 months
  • Authentication codes: deleted after use or expiration
  • Learned preferences: retained until manually cleared

Your Rights

You may request deletion of your data at any time by contacting us. You can disconnect any integrated service (Plaid, Gmail) to stop new data collection.

Contact

For questions about this privacy policy or your data, contact: jacobreyf@gmail.com