Emil is a white-glove AI executive assistant service. We build and configure a custom AI EA for your business — handling morning briefings, inbox management, calendar management, and ad-hoc requests 24/7 via email and text.

How do I get started with Emil?

Reach out for a quote. We schedule a 30-minute onboarding call to understand your workflow, then build your custom Emil instance. Your first morning briefing arrives within 48 hours.

How does Emil compare to a human executive assistant?

Emil ramps in 48 hours (vs 3–6 months for a human EA), works 24/7 (vs business hours), never turns over, and requires zero management — at a fraction of the cost. The tradeoff: Emil handles digital tasks only.

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy describes how HeyEmil ("we", "us", "our") collects, uses, and protects your information when you use the Emil email assistant service ("Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Information you provide directly:

Your email address (used as your account identifier)
Display name (from your email headers)
Email content (the messages you send to Emil)
File attachments you send (PDFs, documents, images, code, etc.)
Preferences and settings you configure (tone, language, etc.)
Payment information (processed by Stripe; we do not store credit card numbers)

Information we generate and store:

AI-generated responses sent to you
Extracted memories (facts about you gleaned from conversations, used to personalize future responses)
Vector embeddings of memories (for semantic search)
Thread metadata (subject lines, message counts, timestamps)
Usage metrics (messages sent, tokens consumed, plan type)
Scheduled tasks and reminders you set

Information we do NOT collect:

We do not use cookies or web tracking (the Service is email-only)
We do not collect IP addresses, browser fingerprints, or device information
We do not read emails you do not send directly to @heyemil.com addresses

2. How We Use Your Information

Your data is used solely to provide and improve the Service:

Processing your emails and generating AI responses
Maintaining conversation context and thread history
Storing and recalling memories to personalize responses
Processing file attachments for analysis
Managing your subscription and billing
Sending scheduled reminders and follow-ups you requested
Enforcing usage limits and rate limiting
Content moderation and abuse prevention

We do NOT use your data for: advertising, selling to third parties, training AI models, profiling, or any purpose unrelated to providing the Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

Contract performance: Processing your emails and providing AI responses is necessary to deliver the Service you requested
Legitimate interest: Usage analytics, abuse prevention, and service improvement
Consent: Memory extraction and personalization (you can opt out by emailing "forget everything")

4. Third-Party Data Processors

We share your data with the following third-party processors, only to the extent necessary to provide the Service:

Resend (email delivery) -- processes your email address and message content to send and receive emails
OpenRouter (AI model routing) -- processes your message content to generate AI responses. OpenRouter may route to sub-processors including MiniMax.
Stripe (payments) -- processes your email and payment information for subscription billing. We do not store your credit card details.
Hetzner (hosting) -- our servers are hosted in Hetzner data centers in the EU/Germany
Perplexity (web search) -- when Emil searches the web for you, your query is sent to Perplexity's Sonar API

We do not sell, rent, or share your personal data with any other third parties. We do not share your data with data brokers, advertisers, or analytics providers.

5. Data Retention

Active account: Your data is retained as long as your account is active
Deleted account: All data is permanently erased within 30 days of a confirmed deletion request
Inactive accounts: Accounts with no activity for 12 months may be purged after email notification
Rate limit logs: Automatically purged within 24 hours
Billing records: Retained for 7 years as required by tax law, even after account deletion

6. Your Rights

You have the following rights regarding your data. All can be exercised by emailing Emil:

Access: Email "export my data" to receive a complete copy of all data we hold about you
Deletion: Email "delete my account" to permanently erase all your data
Correction: Email "forget [incorrect fact]" to correct stored memories
Memory opt-out: Email "forget everything" to clear all extracted memories
Portability: Data exports are provided in JSON format
Objection: You may object to any processing by contacting us

For GDPR requests, we will respond within 30 days. For CCPA requests, we will respond within 45 days.

7. CCPA Disclosure (California Residents)

Under the California Consumer Privacy Act:

We do NOT sell your personal information
We do NOT share your personal information for cross-context behavioral advertising
You have the right to know what data we collect, request deletion, and opt out of any future sale (though we do not sell data)
We will not discriminate against you for exercising your CCPA rights

8. International Data Transfers

Our servers are hosted in the EU (Hetzner, Germany). However, some third-party processors (OpenRouter, Stripe, Resend, Perplexity) may process data in the United States. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or the processor's certification under the EU-US Data Privacy Framework.

9. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has used the Service, please contact us.

10. Data Security

We implement the following security measures:

All email communications encrypted in transit (TLS)
Database encryption at rest
Rate limiting and abuse detection
Content moderation and input sanitization
Prompt injection defenses
Disposable/temporary email blocking
Svix webhook signature verification

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users via email within 72 hours of discovering the breach. We will also notify relevant supervisory authorities as required by applicable law (including GDPR Article 33).

12. Cookies and Tracking

The Emil service operates entirely through email. Our website (heyemil.com) is a static informational site that does not use cookies, analytics trackers, or any form of user tracking. We do not use Google Analytics, Facebook Pixel, or any similar technology.

13. AI-Specific Disclosures

Your email content is sent to third-party AI model providers to generate responses
We do not use your data to train or fine-tune AI models
AI providers may temporarily process your data in memory but do not retain it beyond the request
Memories extracted from conversations are stored in our database, not by AI providers
You can view all stored memories by emailing "memories" to Emil and delete them at any time

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address at least 14 days before taking effect. The "Last updated" date at the top indicates the most recent revision.

15. Contact

For privacy-related questions, data requests, or concerns, email emil@heyemil.com with the subject "Privacy".