Privacy Policy
Effective Date: April 15, 2026 · Last Updated: June 11, 2026
Rona ("we", "our", or "us") is operated by Geniefy Inc. (지니파이 주식회사). This Privacy Policy describes how we collect, use, store, and share information when you use our platform at https://rona.so.
1. Data We Access
When you connect your accounts to Rona, we may access the following data depending on the integrations you enable:
Google Sign-In (OAuth)
- Name and profile picture
- Email address
Gmail Integration (gmail.readonly scope)
When you explicitly connect your Gmail account, we access metadata only from your recent emails (last 30 days):
- Subject lines
- Sender name and email address
- Date sent
- Message snippet (first ~200 characters of preview text)
- Label IDs (used to filter out spam and promotions)
We do not access full email bodies, attachments, or draft messages.
Work Tool Integrations (Jira, Slack, Notion, Linear)
When you explicitly connect a work tool, we access with read-only permissions:
- Your basic profile on that service — display name, email address, and account ID (e.g., Atlassian account ID for Jira)
- Workspace or site name
- Your recent work items — e.g., issue titles and summaries (Jira, Linear), page titles (Notion), and message snippets from channels you select (Slack)
2. How We Use Your Data
Google Sign-In Data
Your name, email, and profile picture are used solely for account creation, authentication, and displaying your profile within the app.
Gmail Data
Email metadata is processed by our AI system (Google Gemini) to:
- Identify your work context — projects, tools, and domains you engage with
- Generate personalized AI practice recommendations tailored to your actual work
Only sanitized metadata (subject, sender, snippet) is sent to the AI model — never full email content. Automated emails (notifications, CI/CD alerts, marketing) are filtered out before processing.
Work Tool Data (Jira, Slack, Notion, Linear)
Your recent work items are processed by our AI system (Google Gemini) for the same purpose:
- Identify your work context — projects, tools, and domains you engage with
- Generate personalized AI practice recommendations tailored to your actual work
Your profile data (name, email, account ID) is used only to display the connected account in the app and to manage the integration — including Atlassian's mandatory personal data reporting described in Section 7.
3. Data Sharing
We do not sell your personal data. We share limited data with the following third-party services solely to provide our core functionality:
- Google Gemini API — email metadata (subject, sender, snippet) and work item metadata from connected work tools (e.g., issue titles, page titles, message snippets) are sent for AI-based work context extraction. No full email bodies are shared.
- Neon (PostgreSQL) — our database provider where extracted work context summaries are stored.
- Vercel — our hosting provider that processes web requests.
No Google user data is shared for advertising, marketing, or any purpose unrelated to providing and improving Rona's core functionality.
4. Data Storage & Protection
- User account data and extracted work context summaries are stored in a secure PostgreSQL database hosted on Neon with encryption at rest and in transit (TLS).
- OAuth tokens (access and refresh tokens) are stored server-side in our database and are never exposed to the client.
- Raw email metadata is processed in memory during sync and is not persisted — only the AI-extracted work context summaries are saved.
- Access to production infrastructure is restricted to authorized personnel with role-based access controls.
5. Data Retention & Deletion
- Gmail data: Extracted work context is retained as long as your Gmail integration is active. When you disconnect Gmail from Rona, all Gmail-sourced work context data is immediately and permanently deleted.
- Work tool data (Jira, Slack, Notion, Linear): Extracted work context and connected-account profile data are retained while the integration is active. When you disconnect a work tool, its tokens and sourced data are deleted. For inactive Jira connections, stored personal data (name, email, account ID) is automatically erased by a weekly cleanup job.
- Account data: Your profile information is retained while your account is active.
- Deletion requests: You may request deletion of your data at any time by emailing us at support@rona.so or by disconnecting your integrations in the app settings. We will process deletion requests within 30 days.
6. Google API Services User Data Policy
Rona's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. Atlassian (Jira) User Data
For Jira connections, Rona complies with Atlassian's user privacy requirements:
- We report the Atlassian account IDs we store to Atlassian's Personal Data Reporting API on a weekly cycle.
- When Atlassian notifies us that an account has been closed or its personal data has changed, we erase or refresh the stored personal data accordingly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last Updated" date.
9. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: support@rona.so
- Company: Geniefy Inc. (지니파이 주식회사)