Will

Privacy

Last updated: 2026-05-03 · Version 1.0

Who we are

Will is operated by trefolio.com. The data controller for hosted users on will.trefolio.com is the maintainer at privacy@trefolio.com.

What we collect

  • Identity: email, optional display name, optional Google profile metadata if you sign in with Google, and the credential public key for any passkey you register.
  • Telegram link: your Telegram user id and chat id (numeric), plus your Telegram username if visible. We use this only to route messages between Will and you.
  • Note content: exactly what you send Will — text, transcribed voice, OCR'd images, extracted PDF text, plus the tags and reminders you accept.
  • Operational metadata: the daily counter we use to enforce per-user agent quotas. Aggregated; never sold.

What we don't collect

  • No third-party trackers. No analytics scripts on the public web.
  • No advertising identifiers. No cross-site cookies.
  • No location, contacts, or device sensors.

Sub-processors

The hosted version uses the following processors:

  • Vercel (deployment + edge cron + Blob storage for TTS audio).
  • Neon (managed PostgreSQL — primary database).
  • OpenAI (chat, vision, Whisper transcription, TTS). Calls go via Vercel AI Gateway when configured. OpenAI's zero-data- retention policy applies.
  • Telegram (Bot API for chat).
  • Resend (transactional email — verification + reminders fallback).
  • Upstash Redis (rate limiting).
  • Cloudflare Turnstile (signup captcha).

Lawful basis

Performance of contract (Art. 6(1)(b)) for everything that makes Will work. Legitimate interest (Art. 6(1)(f)) for abuse mitigation (Turnstile, rate limits, deletion-warning emails). Consent (Art. 6(1)(a)) for optional features like text-to-speech replies.

Retention

  • Notes, tags, reminders: kept until you delete them. Account deletion soft-deletes for 30 days, then hard-deletes everything.
  • Verification-token JTIs: kept until natural expiry (24h).
  • Contact-form metadata (IP, user-agent): purged after 90 days.

Your rights

  • Access / portability: GET /api/account/export returns everything we store about you as a single JSON file.
  • Deletion: Settings → Delete account. Soft-deleted immediately, hard-deleted after 30 days. Sign back in within the grace window to cancel.
  • Rectification / objection: email privacy@trefolio.com.
  • You can lodge a complaint with your national data-protection authority.

Data transfers

Some sub-processors operate outside the EU/EEA (e.g. OpenAI in the US). Transfers rely on Standard Contractual Clauses or equivalent safeguards. Self-hosting bypasses third-party hosting entirely.