Privacy Policy
Effective Date: April 15, 2026 · Last Updated: April 15, 2026
Rona ("we", "our", or "us") is operated by Geniefy Inc. (지니파이 주식회사). This Privacy Policy describes how we collect, use, store, and share information when you use our platform at https://rona.so.
1. Data We Access
When you connect your Google account to Rona, we may access the following data depending on the integrations you enable:
Google Sign-In (OAuth)
- Name and profile picture
- Email address
Gmail Integration (gmail.readonly scope)
When you explicitly connect your Gmail account, we access metadata only from your recent emails (last 30 days):
- Subject lines
- Sender name and email address
- Date sent
- Message snippet (first ~200 characters of preview text)
- Label IDs (used to filter out spam and promotions)
We do not access full email bodies, attachments, or draft messages.
2. How We Use Your Data
Google Sign-In Data
Your name, email, and profile picture are used solely for account creation, authentication, and displaying your profile within the app.
Gmail Data
Email metadata is processed by our AI system (Google Gemini) to:
- Identify your work context — projects, tools, and domains you engage with
- Generate personalized AI practice recommendations tailored to your actual work
Only sanitized metadata (subject, sender, snippet) is sent to the AI model — never full email content. Automated emails (notifications, CI/CD alerts, marketing) are filtered out before processing.
3. Data Sharing
We do not sell your personal data. We share limited data with the following third-party services solely to provide our core functionality:
- Google Gemini API — email metadata (subject, sender, snippet) is sent for AI-based work context extraction. No full email bodies are shared.
- Neon (PostgreSQL) — our database provider where extracted work context summaries are stored.
- Vercel — our hosting provider that processes web requests.
No Google user data is shared for advertising, marketing, or any purpose unrelated to providing and improving Rona's core functionality.
4. Data Storage & Protection
- User account data and extracted work context summaries are stored in a secure PostgreSQL database hosted on Neon with encryption at rest and in transit (TLS).
- OAuth tokens (access and refresh tokens) are stored server-side in our database and are never exposed to the client.
- Raw email metadata is processed in memory during sync and is not persisted — only the AI-extracted work context summaries are saved.
- Access to production infrastructure is restricted to authorized personnel with role-based access controls.
5. Data Retention & Deletion
- Gmail data: Extracted work context is retained as long as your Gmail integration is active. When you disconnect Gmail from Rona, all Gmail-sourced work context data is immediately and permanently deleted.
- Account data: Your profile information is retained while your account is active.
- Deletion requests: You may request deletion of your data at any time by emailing us at support@rona.so or by disconnecting your integrations in the app settings. We will process deletion requests within 30 days.
6. Google API Services User Data Policy
Rona's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last Updated" date.
8. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: support@rona.so
- Company: Geniefy Inc. (지니파이 주식회사)