This Privacy Policy explains what personal information E&EL Global Inc. ("we", "us") collects when you use Lili (at hey-lili.com), and what we do with it. By using Lili, you agree to the handling described below.
When you sign up we collect your first and last name and email address. Your password is stored only as a salted cryptographic hash — we never see or store it in readable form. If you sign in with Google, we receive basic profile information and your email address from Google so we can create and identify your account.
While Lili's Google integration is going through Google's verification process, if you sign up with a Gmail or Google Workspace address we may add that email to the authorized-testers list on Lili's Google OAuth consent screen, which is what allows your Google sign-in and Gmail/Calendar connections to work in that state. That list is held by Google in the project's OAuth configuration. If you delete your account, ask us to remove you, we will remove your address from it.
Payments run through Stripe, our payment processor. Stripe holds the billing data; we receive a customer identifier, plan code, and limited card metadata (brand, last four digits) — never full card numbers.
To operate plans and credits we hold a licence identifier, your plan, credit balance, and per-use usage records. Each usage record is just a model identifier, token counts, and timestamps — it does not contain the content of your conversations.
The messages you send to Lili, her responses, and records of the tools she runs on your instruction are processed by the AI model providers listed below, and may be temporarily held on our servers for debugging and quality work. Lili is designed to keep this content on your device wherever possible. Do not put anything into Lili that you would not be comfortable sharing with us or with the AI providers.
To help you see when sensitive data may be leaving your device, Lili can record metadata about your requests — for example a severity level, a short code for the type of sensitive data detected (such as an email address, phone number, or API key), the category of tool used, counts, and timestamps. This record does not contain the text of your prompts or the assistant's responses. We keep this activity metadata for no more than 90 days; you can view it in the Privacy Activity area of the accounts portal.
Wake-word detection runs on your device; the audio is not sent anywhere for that step. Speech-to-text may use your operating system's built-in speech service, which sends audio to that service's provider. We do not retain a copy of the audio.
If you connect a service such as Google (for Gmail or Calendar), access tokens are stored in your device's operating-system keychain — not on our servers. Lili uses those tokens locally to carry out your requests.
We collect IP address, application version, and server logs, and a device-key fingerprint used to detect a licence being shared across multiple devices.
The accounts portal uses strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We do not run analytics or advertising cookies.
We do not sell your personal information. We share it only with the providers below, who act as our processors and may only use it to provide their service to us:
| Provider | What they do for us |
|---|---|
| Anthropic, OpenAI, Google (Gemini) | AI model processing of your requests |
| Stripe | Subscription and top-up billing |
| Google (OAuth) | "Continue with Google" sign-in; Gmail/Calendar connections |
| SendGrid | Transactional email delivery |
| Cloudflare | Network delivery and edge security |
| Google Cloud Platform | Cloud hosting and infrastructure |
| Hostinger | Hosting and infrastructure |
The AI providers above process your prompts to generate responses. We do not permit them to use your content to train their models, and we ask them to retain it only as needed to provide the service. We may also disclose information where required by law, or to protect the rights, safety, and security of our users, the public, or us.
We keep account and operational data for as long as your account is active. Any server-side conversation content we collect for debugging is kept for no more than 90 days and then deleted or aggregated, as is the redaction/activity metadata in section 1e. If you delete your account, we delete or de-identify your account and usage data within 30 days, except where we need to keep a record for legal, billing, or anti-abuse reasons.
You can access, correct, or delete your account information from the accounts portal at any time. Depending on where you live, you may also have the right to receive a copy of your data, object to or restrict certain processing, or withdraw consent — contact us using the details in section 7. We do not sell or "share" personal information for cross-context behavioural advertising. You can also lodge a complaint with your local data-protection authority.
We use sensible technical and organizational measures — encryption in transit, hashed passwords, OS-keychain storage of secrets, and access controls. No system is perfectly secure, so please use a strong, unique password and take care with highly sensitive data.
Privacy questions or requests: hello@eel-global.com. We'll respond within a reasonable time.
We may update this Policy from time to time; we'll post the new version here and update the version date above. For material changes we'll give reasonable notice.