Privacy Policy

Effective 27 May 2026 · Last updated 27 May 2026

1. Who we are

Sudo is operated by SUDO AUTOMATIONS PRIVATE LIMITED, a company incorporated in India (“Sudo”, “we”, “us”, “our”). You can reach us at as@sudohomes.com.

2. Scope

This policy explains what personal information we collect when you use Sudo — our hosted AI home assistant accessible via the web at heysudo.xyz and sudohomes.com, via WhatsApp, and via the Sudo voice device — and how we use, share, and protect it.

3. What we collect

• Account information — your name, email address, profile picture, and Google account identifier when you sign in with Google.
• Family roster — names, relationship labels, ages or birthdays, avatars, and phone numbers that you (or another household admin) add for family members so the assistant can address and serve them.
• Device and pairing data — device identifiers, pairing codes, network status, firmware version, and timestamps for any Sudo voice device you connect to your account.
• Conversations and content — the messages, voice transcripts, and instructions you exchange with Sudo across chat, voice, and WhatsApp, and the assistant’s responses to you. Voice audio is transcribed in real time; we do not retain raw audio after a session ends.
• Integration data — when you connect a Google service (such as Google Calendar) we receive and store OAuth tokens and the minimum data needed to fulfil the requests you make through Sudo (for example, calendar events you ask the assistant to read or create).
• Operational data — log entries, error reports, IP address, and other technical metadata generated by your use of the service.

4. How we use it

• To run Sudo: route your messages to the assistant, generate responses, deliver them across the surface you used (chat, voice, WhatsApp), and remember context across sessions.
• To operate the integrations you explicitly connect, on your behalf.
• To pair, manage, and update Sudo voice devices linked to your account.
• To keep the service secure, debug failures, prevent abuse, and comply with applicable law.
• To communicate with you about service changes, security notices, and — only with your consent — product updates.

We do not sell your personal data. We do not use the contents of your conversations or your Google user data to train generalised AI or machine-learning models.

5. Google API Services — Limited Use disclosure

Sudo’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the Google OAuth scopes needed for features you turn on (for example, openid, email, and profile for sign-in; Google Calendar scopes if you connect calendar).
• We only use Google user data to provide or improve features that are user-facing and prominent in the Sudo product (for example, reading or creating calendar events you ask the assistant to manage).
• We do not transfer Google user data to third parties except as needed to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior notice to affected users.
• We do not use Google user data for advertising.
• We do not allow humans to read Google user data except (a) with your affirmative consent for specific messages, (b) for security investigations, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised for internal operations.

You can revoke Sudo’s access to your Google account at any time at myaccount.google.com/permissions.

6. Sharing and subprocessors

We share data with vetted infrastructure providers strictly to operate the service:

• Supabase — authentication, application database, and storage.
• OpenRouter and the upstream model providers it routes to (for example, Anthropic and OpenAI) — to generate assistant responses.
• LiveKit — real-time audio transport between the Sudo voice device and our voice agent.
• Speech-to-text and text-to-speech providers — to transcribe what is said to the device and to synthesise replies.
• Twilio — to send and receive WhatsApp messages on the Sudo Business number.
• Cloud hosting and email-delivery providers — to operate our servers and send transactional email.

We may also disclose information if compelled by law, to enforce our Terms, or to protect the rights, property, or safety of our users.

7. International transfers

Sudo is operated from India. Our subprocessors may process data in other jurisdictions, including the United States and the European Union. Where required, we rely on standard contractual clauses or equivalent safeguards.

8. Retention

• Account, family, and device records are retained while your account is active and for a reasonable archival window after deletion.
• Conversation history is retained so the assistant can recall context. You may delete individual messages or your entire history from the chat surface; deletions propagate to backups within 30 days.
• Voice audio is not retained beyond the live session — only the transcript is stored.
• Backups are encrypted and rotated; residual copies are deleted or anonymised within 90 days of account deletion.

9. Children

Sudo is designed for use inside households that include children. The Sudo account holder must be at least 18 years old. By adding a minor as a family member, the account holder confirms they are the parent or legal guardian and consents to Sudo processing the minor’s name, age, relationship, avatar, and conversations with the assistant for the purpose of providing the service. Account holders can remove a family member at any time, which deletes that member’s identity record and detaches their messages from the family roster.

10. Your rights

Depending on where you live — including under India’s Digital Personal Data Protection Act, the EU and UK General Data Protection Regulation, and the California Consumer Privacy Act — you may have rights to access, correct, export, or delete your personal data, to withdraw consent, and to lodge a complaint with a data-protection authority. To exercise any of these rights, email as@sudohomes.com from the address on file. We will respond within a reasonable time and not later than the maximum allowed by applicable law.

11. Security

We use TLS for all network traffic, encrypt secrets at rest, scope per-user credentials, isolate per-family compute, and follow standard operational practices. No service is perfectly secure; you remain responsible for keeping your sign-in credentials and devices safe.

12. Changes

We will post material changes to this policy at this URL and, where appropriate, notify you by email. Continued use of Sudo after the effective date of the change constitutes acceptance.

13. Contact

SUDO AUTOMATIONS PRIVATE LIMITED
Email: as@sudohomes.com