Privacy Policy

Last updated: 4 June 2026

SIGIL ("SIGIL", "we", "us") is a personal AI assistant operated by Marco Coscarella. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have. SIGIL is currently in invite-only beta. For any question, contact us at marco.coscarella@gmail.com.

1. Who we are (data controller)

The data controller responsible for your personal data is Marco Coscarella, operating the service "SIGIL" (Italy). A VAT number (P.IVA) and registered details will be added here once available. Contact: marco.coscarella@gmail.com.

2. The data we collect

Account & sign-in: when you sign in with Google, we receive your name and email address. Your account and authentication are handled via Supabase.
Your email (Gmail): with your explicit permission, SIGIL connects to your Gmail to read, organise, summarise, draft replies to, and read aloud your messages. This may include message content, subjects, senders and recipients, labels, and read/unread status. SIGIL accesses this only to provide the features you choose to use.
Content you create in SIGIL: appointments and commitments (Agenda), goals and milestones, and your news interests and preferences.
Waitlist: if you join the waitlist, we store the email address you submit.
Technical data: limited operational data needed to run and secure the service.

3. How we use your data

We use your data only to provide and operate SIGIL's features — triaging and summarising your inbox, drafting replies, narrating briefings, curating news, and managing your agenda and goals — to authenticate you, and to keep the service secure and working. We do not sell your data, and we do not use it for advertising.

4. Service providers we share data with

To run SIGIL we rely on the following providers, who process your data only to perform their function for us:

Google (Gmail API) — the source of your email data, accessed under your authorisation.
Supabase — database and authentication; your account data is stored in the European Union (Frankfurt).
Anthropic (Claude API) — processes your email and the content you provide in order to generate summaries, drafts and briefings. Anthropic does not use data submitted through its API to train its models.
ElevenLabs — converts text (such as your briefing) into spoken audio.
Vercel — hosting and delivery of the service.

We do not share your data with anyone else except as described in this policy, to comply with the law, or with your consent.

5. Google user data — Limited Use

SIGIL's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, data we obtain from your Google account is:

used only to provide and improve the user-facing features of SIGIL that you use;
never sold, and never used for advertising;
never used to train generalised or non-personalised artificial-intelligence or machine-learning models;
not transferred to others except as necessary to provide or improve those features, to comply with applicable law, or in connection with a merger or acquisition (with notice to you);
not read by humans unless you give consent, it is necessary for security or to comply with the law, or the data has been aggregated and anonymised.

6. Data retention

We keep your data for as long as your account is active. You can ask us to delete your account and associated data at any time. Waitlist emails are kept until launch or until you ask to be removed.

7. Where your data is stored & security

Your account data is stored in the European Union (Frankfurt, via Supabase). Some providers (such as Anthropic, ElevenLabs and Vercel) may process data outside the EU, including in the United States, under appropriate safeguards such as the EU Standard Contractual Clauses. We protect your data with encryption in transit and access controls, including row-level security.

8. Your rights

Under the GDPR you have the right to access, correct, delete, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. To exercise these rights, email marco.coscarella@gmail.com. You can also revoke SIGIL's access to your Google account at any time at myaccount.google.com/permissions, and you can request deletion of your SIGIL account and data at any time.

9. Children

SIGIL is not intended for, and may not be used by, anyone under the age of 16.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the date above.

11. Contact

Marco Coscarella — marco.coscarella@gmail.com