Acti Privacy Policy

Last Updated: 2026 May 1

This Privacy Policy explains how Acti (provided by TypeX Limited and its affiliates, referred to throughout as "Acti", "we", "us", or "our") collects, uses, shares, and protects information when you use the Acti mobile app (on iOS and Android), the Acti keyboard, openacti.com, and any related services (collectively, the "Service").

Acti is designed so the keyboard does not transmit what you type unless you explicitly ask it to. Section 3 explains exactly what Acti does (and does not) collect from the keyboard.

1. Quick Summary

What	What Acti does
Things you type with the keyboard	Acti does not collect, store, or transmit them unless you explicitly trigger a Skill that needs that text.
Account info	Email, sign-in identifiers (Apple / Google / Email), display name, avatar, profile fields.
Skills you create	Stored on Acti's servers so you can sync, run, and (if you choose) publish them.
Skill execution	Inputs you provide and the corresponding AI output are sent to Acti's services and to AI model providers to fulfill your request.
Connected tools (Gmail, Slack, Notion, etc.)	Acti only calls a connected tool when you explicitly trigger a Skill that needs it. Acti uses trusted authorization providers to process OAuth and does not silently sync, back up, or mine your connected accounts. Acti does not use data from connected tools to train AI.
Diagnostics	Crash reports, performance metrics, anonymous analytics — used to keep the app working.
Selling personal data	No. Acti does not sell or "share" your personal information for cross-context behavioral advertising.

2. Information We Collect

2.1 Account & Profile

Identifiers: Acti UID, openId, email, login type (Apple / Google / Email).
Profile: display name, avatar, bio.
Social graph: users you follow and users who follow you.
Genesis status: whether you redeemed an activation code.

2.2 Content You Create

Skills: name, icon, instructions, workflow graph, hashtags, trigger key bindings, public/private status.
Builder chat: messages you send to the Skill Builder, including AI responses, to support session continuity and feature improvement.
Reports: if you report a Skill, Acti keeps the reason and any free-text details you provided.

2.3 Skill Runtime Data

When you trigger a Skill, the following may be sent to Acti's services (and, where needed, to AI model providers and any Connected Tools the Skill calls):

The text you explicitly provide as input (clipboard content, the field's selection, or a runtime input dialog) — only the text the Skill is configured to read.
The Skill's identifier and parameters.
A session identifier for tracing.
Status and error metadata.

Acti does not silently capture or transmit the rest of what you type. The keyboard reads the surrounding text field only to provide standard typing features (suggestions, autocorrect) on your device, in line with your operating system's keyboard APIs.

2.4 Device & Diagnostic Data

Device: model, operating system and version, language, region, app version, install state.
Diagnostics: crash reports, performance traces, and error logs used to keep the Service reliable.
Analytics: aggregated usage events such as screen views, taps on key features, and Skill engagement, configured not to use advertising identifiers for tracking.
Tokens: authentication tokens are stored locally using secure storage provided by your device's operating system.

2.5 Permissions We Request

Keyboard network access — Acti needs keyboard network access to run Skills you explicitly trigger. Your operating system may show platform-specific setup prompts or warnings when you enable Acti as a keyboard. Acti uses this access only as described in Section 3.
Clipboard — to read clipboard content as a Skill input source (only when a Skill calls for it).

2.6 Information Acti Receives From Third Parties

Sign in with Apple / Google: the basic profile information you authorize the provider to share (e.g., name, email, identifier).
Connected Tools (Gmail, Slack, Notion, etc.): during Skill execution, Acti receives the data the Skill specifically requests through the third party's API on your behalf.

2.7 Customer Support and Inquiries

When you contact Acti by email, in-app feedback, or any other channel, Acti receives what you send (your message, attachments, your email address or in-app identity, and any context you choose to share). Acti uses this information to respond to you, investigate the issue, improve the Service, and keep records for trust-and-safety purposes. Acti does not use support correspondence for marketing.

2.8 AI-Generated Avatars

Acti may provide or assign AI-generated profile avatars as part of the Service. Users do not directly generate these avatars by entering their own prompts. When Acti provides an AI-generated avatar:

Acti may use limited account or product context to select, create, or personalize the avatar.
Acti does not use a real photograph of you to train any model.
AI Providers used by Acti are configured under terms that prohibit them from using your account content or generated avatar images to train their general-purpose models.
You may choose not to use an AI-generated avatar where profile customization options are available.

3. The Keyboard Does Not Transmit What You Type

Acti wants this to be unambiguous:

The Acti keyboard does not maintain a remote keylog.
Acti does not collect, store, or transmit your typed content to its servers for storage or training.
The keyboard sends text to Acti's services only when you actively trigger a Skill, and only the inputs that Skill is configured to read.
If you uninstall Acti, the keyboard stops working immediately.

This is also explained in the in-app "Why does Acti need keyboard access?" sheet and in your device's system settings entry for Acti.

4. How We Use Your Information

Acti uses the information collected to:

Provide the Service — authenticate you, sync your Skills, run Skills you trigger, deliver outputs back to your keyboard, and operate the Skill Hub.
Maintain and improve the Service — debug crashes, monitor performance, measure feature usage in aggregate, A/B test improvements.
Personalize — surface recommended Skills, creator leaderboards, and Genesis benefits.
Trust & safety — review reported Skills, detect abuse, enforce our Terms, prevent fraud, and meet legal obligations.
Communicate — respond to support requests, send transactional messages such as verification codes, and (only if you opt in) send product updates.

Acti processes this information on the legal bases of: performance of contract (operating the Service you signed up for), legitimate interests (security, debugging, product improvement) where they are not overridden by your rights, your consent (for optional features such as opt-in messaging), and compliance with legal obligations.

4A. Communications and Marketing

Service messages — Acti sends transactional messages (verification codes, security alerts, account-deletion confirmations, Skill review outcomes, Connected Tool status). These are necessary to operate the Service and cannot be turned off while your account is active.
Product messages — If you opt in (or where local law permits opt-out marketing), Acti may send periodic product news, creator newsletters, and surveys. You can unsubscribe from any product email using the link in the email or from Profile → Account Information, and Acti will stop within a reasonable time.
In-app announcements — Acti may show banners, tips, or sheets inside the app to inform you about features, policy updates, or required actions. These are part of the product experience and are not subject to the email opt-out.

5. AI Processing and Model Providers

To produce Skill output, Acti sends the Skill inputs and instructions you explicitly provide to one or more third-party large language model providers. Acti uses providers under terms that prohibit them from using your content to train their general-purpose models. Acti does not sell Skill input or output to third parties.

AI output is generated probabilistically. Please review the AI Output Disclaimer in our Terms of Service before relying on Skill results.

6. Connected Tools (Third-Party OAuth Integrations)

This section explains in detail how Acti accesses third-party services like Gmail, Slack, and Notion — what Acti gets, where it lives, when Acti calls it, and how to take it back.

6.1 The end-to-end OAuth flow

In Acti, you tap Connect for a Connected Tool, or you trigger a Skill that needs one.
Acti opens a secure in-app browser session provided by your operating system and navigates to the third party's official OAuth consent page through an authorization provider Acti uses to handle the OAuth process.
You review the requested permissions on the third party's page (for example, "Read, compose, and send mail" for Gmail) and decide whether to grant them. The third party — not Acti — controls this screen.
If you approve, the third party issues an OAuth access token (and usually a refresh token).
The token is handled by Acti's authorization provider using secure token storage. Acti does not save your third-party password.
Acti calls the Connected Tool only when you explicitly trigger a Skill that needs it. The Acti app stores only limited connection-status information.

6.2 What Acti collects about a Connected Tool

Connection metadata. Service name (e.g., gmail), connection identifier, status (ACTIVE / DISCONNECTED), connection timestamp, and (where the third party returns it) the email address or display name of the connected account, so Acti can show you which account is connected.
Authorization credentials. Handled by Acti's authorization provider. Acti does not display, export, or copy your third-party credentials.
Per-call data. When a Skill runs, the data the Skill specifically requests through the third party's API (e.g., a search result, an email body, a Notion page). This data is processed in memory to produce the Skill output and is not retained beyond what is required to deliver the result back to your device.

6.3 What Acti does NOT do

Acti does not harvest, mirror, back up, sync, or build a long-term copy of your Connected Tool data.
Acti does not read your Connected Tool data unless a Skill you trigger requires it.
Acti does not use Connected Tool data to train AI models, ours or anyone else's.
Acti does not sell, rent, or share Connected Tool data with advertisers.
Acti does not show your Connected Tool data to other Acti users.
Acti does not access scopes beyond what you granted on the third party's consent screen.

6.4 Service providers involved in a Connected Tool call

A Connected Tool call may involve Acti's infrastructure, trusted authorization providers, and the third-party service you choose to connect, solely to perform the action you requested. Each provider processes only what is needed to deliver the user-facing feature you invoked, and Acti uses contractual and technical safeguards to restrict their use of your data to operating the Service.

6.5 Multi-account and re-binding

Most Connected Tools support one connection per service per Acti account. To switch the underlying account (for example, to swap one Gmail address for another), use Re-bind in the Connected Tools screen, which removes the old connection and starts a fresh authorization.

6.6 Revoking a Connected Tool

You can revoke Acti's access at any time:

In Acti: Profile → Connected Tools → tap the service → Disconnect. This revokes Acti's access and updates the connection status.
At the third party (recommended as belt-and-braces):
Google / Gmail — https://myaccount.google.com/permissions
Slack — https://slack.com/apps/manage
Notion — Settings → Connections
Other services — see the third party's "Connected apps" or "Authorized applications" page.

After revocation:

Acti can no longer call that Connected Tool. New Skill runs that depend on it will fail with an authorization error until you re-authorize.
The authorization is invalidated and any local connection-status cache is cleared.
Revocation does not undo actions already taken under the prior authorization (e.g., emails already sent, documents already created).

6.7 What happens to Connected Tools when you delete your Acti account

When you delete your Acti account (Section 11.5 of this Policy and Section 3.4 of the Terms), Acti disconnects your Connected Tool authorizations where technically available. Acti additionally recommends that you remove Acti from the third party's own "connected apps" page as a final check.

6.8 Third-party policies still apply

Even though Acti acts on your behalf, your relationship with the Connected Tool itself is also governed by the third party's own terms and privacy policies. Acti cannot waive or modify those policies on your behalf, and they may grant the third party rights regarding your data that are independent of this Policy.

6.9 Google API Services Limited Use Disclosure

Acti's use and transfer to any other app of information received from Google APIs (including Gmail) will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Google account to Acti:

Scope — Acti accesses Google user data only within the scopes you grant during the OAuth consent flow. Acti does not request scopes beyond what a Skill you trigger requires.
Trigger — Acti accesses your Google user data only when you explicitly trigger a Skill that needs it. Acti does not run background polling, periodic syncs, or speculative pre-fetching of your Google data.
Use — Google user data fetched on your behalf is used solely to complete the specific Skill action you explicitly triggered and to return the result to your device.
No AI provider transfer or model training — Acti does not send Google user data to AI Providers. Acti does not use Google user data to develop, improve, or train AI/ML models, whether ours or any third party's.
No advertising — Acti does not use Google user data for advertising, including retargeting, personalized advertising, or interest-based advertising.
No selling — Acti does not sell Google user data.
No transfers except as strictly necessary — Acti does not transfer Google user data to others except (a) as strictly necessary to complete the specific user-facing action you requested, (b) to comply with applicable law, or (c) with your explicit direction.
No human access — Acti does not allow humans to read your Google user data, except: (i) with your affirmative agreement for specific messages, (ii) as necessary for security purposes (such as investigating abuse), (iii) to comply with applicable law, or (iv) where the data has been aggregated and anonymized so it cannot be associated with any individual user.

Google account authorization in Acti is processed through a trusted OAuth infrastructure provider that helps handle authorization securely.

7. Sharing of Information

Acti shares information only as follows:

With other Acti users. Your public profile fields (display name, avatar, bio, UID, follower/following) and the Skills you publish are visible to other users. Builder chat, private Skills, and runtime inputs are not.
With service providers and sub-processors. Acti uses trusted providers for hosting, AI processing, authorization, diagnostics, analytics, and customer support — under written agreements that limit their use of your information to operating the Service for Acti. AI Providers Acti uses are configured under terms that prohibit them from using your Skill content to train their general-purpose models.
With your direction. When you publish a public Skill, share a Skill code, or grant access to a Connected Tool.
For legal reasons. To comply with applicable law, lawful requests from authorities, or to protect the rights, property, or safety of Acti, Acti users, or the public.
With successors. If Acti or a TypeX group entity is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.

Acti does not sell your personal information, and Acti does not "share" it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

7A. Aggregated and De-Identified Data

Acti may create aggregated (combined across many users so that no individual is identifiable) or de-identified (information from which direct identifiers have been removed and are not reasonably re-identifiable) data, and may use and share that data for any purpose, including product research, marketing, and public reporting. Acti does not attempt to re-identify de-identified data and requires recipients to do the same.

This section does not apply to data fetched from Connected Tools, which is handled only as described in Section 6 and Section 6.9.

8. Data Retention

Acti keeps account, Skill, and content data for as long as your account is active. When you delete your account:

Your profile, private Skills, follower graph, and Builder sessions are removed within a commercially reasonable period.
Public Skills you have already published may persist if other users have cloned them, in derivative form held by those users.
Acti may retain certain information longer where required by law (e.g., financial or legal records), to enforce our Terms, to resolve disputes, or in backups for a limited rolling window.

Diagnostic data is retained only for as long as reasonably needed for reliability, security, and debugging purposes, subject to provider retention settings where applicable.

Connected Tool data. Data fetched from a Connected Tool to fulfill a Skill run is processed transiently to produce the Skill output and is not retained as a stored copy on Acti's side. Logs needed for debugging and abuse prevention may retain truncated metadata (such as the Skill ID and a request ID) but exclude the bodies of fetched messages, documents, or other Connected Tool content beyond what is strictly necessary for short-term troubleshooting.

9. Security

Acti uses technical and organizational measures designed to protect your information, including:

Encryption in transit for communications with Acti's services.
Secure local storage for authentication tokens and credentials on your device.
Scoped storage between the main app and the keyboard where the operating system allows it.
Additional safeguards for sensitive requests, such as request validation and abuse prevention.

No method of transmission or storage is 100% secure. Please use a strong account password (where applicable) and keep your device updated.

10. International Data Transfers

Acti is provided by TypeX Limited and its affiliated entities, with operations and service providers in multiple countries. If you access the Service from another country, your information may be transferred to and processed in countries with different data-protection laws. Where required, Acti uses appropriate safeguards for such transfers.

11. Your Rights and Choices

Depending on where you live, you may have rights to:

Access the personal information Acti holds about you.
Correct inaccurate information.
Delete your account and associated personal data.
Object to or restrict certain processing.
Port your information to another service.
Withdraw consent for any processing based on consent.
Lodge a complaint with your local data-protection authority.

Many of these rights you can exercise directly in the app:

Edit profile fields in Profile → Edit Profile.
Manage Connected Tools in Profile → Connected Tools.
Delete your account in Account Information → Delete Account.

For other requests, contact contact@openacti.com.

11A. Categories of Personal Information We Collect

For transparency, the personal information described in Section 2 falls into the following categories:

Category	Examples	Source
Identifiers	Acti UID, openId, email, sign-in provider identifier	You; Apple / Google sign-in
Profile information	Display name, avatar, bio	You
User content	Skills, workflow graphs, hashtags, builder chat, runtime input, reports	You
Connected Tool metadata	Service name, connection status, connected account label	Authorization infrastructure provider
Device and diagnostics	Device model, OS, app version, crash logs, performance traces	Your device; service providers
Usage analytics	Screen views, feature taps, Skill engagement (not used for cross-app tracking)	Your device; analytics providers
Communications	Support emails, in-app feedback, survey responses	You
Inferences	Recommended Skills and creators based on aggregated activity	Derived

Acti retains each category for the period described in Section 8.

12. Children's Privacy

Acti is not directed to children under 13 (or the higher minimum age in your jurisdiction). Acti does not knowingly collect personal information from children under that age. If you believe Acti has collected information from a child, contact contact@openacti.com and Acti will delete it.

13. Changes to This Policy

Acti may update this Privacy Policy from time to time. If material changes are made, Acti will notify you in the app or by another reasonable means before the change takes effect. The "Last Updated" date at the top of this page tells you the latest revision.

Acti will keep prior versions of this Policy available on request at contact@openacti.com.

14. Contact Us

TypeX Limited and its affiliates

General: contact@openacti.com
Privacy / Data requests: contact@openacti.com
Legal / DMCA: legal@openacti.com