Afi helps small business owners stay on top of the work, follow-ups, and loose ends that keep the business moving. As things change, Afi stays current and helps you see what matters now, what is still open, and what needs to happen next, so less gets missed and work keeps moving.

How is Afi different from a task manager or project management tool?

Most tools expect you to create tasks, keep lists updated, and remember to check back. Afi is built to do more of that work for you, so instead of constantly organizing and chasing details, you can focus on moving work forward.

Do I have to set everything up manually?

No. Afi is meant to reduce setup and upkeep, not give you one more system to manage. You can start with the tools you already use, like email and calendar, or by adding notes and context, and Afi helps turn that into a clearer view of what needs attention.

Do I need to change how I work to use Afi?

No. Afi is designed to fit into the way you already work, not force you into a brand-new process. The goal is to help you stay on top of what matters with less manual tracking and less mental overhead.

What does early access mean?

Early access means you can sign up to try Afi before it is publicly available. We are rolling it out in stages, and joining the list gives you a chance to get in early and help shape the product as we build it.

Afi Privacy Policy

Last Updated: April 8, 2026

This Privacy Policy explains how Nori Lab Inc., d/b/a Afi ("Afi," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our websites, applications, integrations, APIs, email-connected features, calendar-connected features, messaging-connected features, and related services (collectively, the "Services").

If you use the Services on behalf of an organization, that organization may control your use of the Services and may have its own policies regarding the processing of your information.

1. Scope

This Privacy Policy applies to personal information processed by us in connection with the Services.

It does not apply to third-party websites, services, or applications, even if they are linked from or integrated with the Services. Those third parties have their own terms and privacy policies.

2. Roles and Responsibility

Depending on the context, Afi may process personal information as either:

a controller or equivalent business when we process information for our own business purposes, such as website operations, account administration, onboarding, support, security, analytics, billing, and communications; or
a processor, service provider, or similar role when we process customer content or connected-data on behalf of a business customer that uses the Services.

If you use the Services through an organization or business customer, that organization may be responsible for certain privacy decisions and requests relating to your use of the Services.

3. Information We Collect

Depending on how you interact with the Services, we may collect the following categories of information:

3.1 Information You Provide Directly

Name
Email address
Company name
Account login information
Billing and payment details, processed through third-party payment processors if applicable
Communications with us
Prompts, notes, instructions, preferences, corrections, and feedback
Waitlist, scheduling, or onboarding information you choose to submit

3.2 Information from Connected Accounts and Integrations

If you connect email, calendar, messaging, or other third-party services, we may access and process information made available through those integrations, such as:

Email metadata, including sender, recipient, subject line, timestamps, labels, and thread identifiers
Email content and attachments, to the extent permitted by the permissions you authorize and reasonably necessary to provide the Services
Calendar event metadata and content, including titles, times, attendees, descriptions, and locations
Message metadata and message content from supported messaging integrations
Contacts and attendee information
Account or workspace metadata related to authorized integrations

3.3 Automatically Collected Information

Device and browser information
IP address
Approximate location derived from IP address
Usage logs and diagnostics
Interaction data, feature usage, and performance metrics
Cookies and similar technologies

3.4 Information from Third Parties

We may receive information from service providers, analytics providers, authentication providers, payment processors, scheduling tools, and connected third-party services.

4. How We Use Information

We may use personal information to:

provide, operate, maintain, and improve the Services;
authenticate users and manage accounts;
connect, synchronize, and support authorized integrations;
identify open loops, deadlines, tasks, follow-ups, waiting items, blockers, dependencies, and related work;
generate summaries, reminders, suggested actions, classifications, and draft messages or other service outputs;
respond to support requests and communicate with you;
monitor usage, troubleshoot issues, prevent fraud, detect abuse, and protect the Services;
enforce our Terms and comply with legal obligations;
perform analytics and develop aggregated or de-identified insights; and
if clearly disclosed and permitted under applicable law and platform rules, improve product functionality using de-identified, aggregated, or other lawfully usable data.

5. Legal Bases for Processing

Where required by applicable law, we process personal information based on one or more of the following legal bases:

Performance of a contract with you;
Our legitimate interests in operating, securing, maintaining, improving, and supporting the Services;
Your consent, where required;
Compliance with legal obligations; and
Establishment, exercise, or defense of legal claims.

6. Important Afi-Specific Data Use Limits

Afi is designed to help you manage work, but we do not guarantee complete or perfect extraction, classification, or surfacing of tasks, deadlines, follow-ups, or communications.

If you connect email, calendar, or messaging accounts, we process data from those sources solely to provide, maintain, secure, support, and improve the Services as described in this Privacy Policy and related in-product disclosures.

Google Workspace API Data: Notwithstanding anything else in this Privacy Policy, if Afi receives information from Google Workspace APIs, Afi's use of that information will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Afi does not use data obtained from Google Workspace APIs to develop, improve, or train generalized or non-personalized AI and/or machine learning models.

7. How We Disclose Information

We may disclose personal information to:

Service providers and subprocessors that help us operate the Services, such as hosting, storage, authentication, analytics, payment, logging, support, communications, scheduling, and infrastructure providers;
AI or model providers acting on our behalf, to the extent necessary to provide the Services and consistent with our disclosures to you and applicable law and platform rules;
Connected third-party services or providers when you direct us to interact with them;
Professional advisors, auditors, insurers, and legal counsel;
Authorities, regulators, or other third parties when required by law or to protect rights, safety, and security;
A successor entity in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets; and
Others with your direction or consent.

We do not sell personal information obtained through Google Workspace APIs, and we do not use such data for advertising purposes.

8. Human Access to Data

We limit access to personal information to authorized personnel and service providers who need that access to operate, secure, maintain, troubleshoot, support, or improve the Services, investigate abuse, comply with law, or respond to a customer request.

Access to personal information is provided on a need-to-know basis and is subject to internal access controls, role-appropriate permissions, and confidentiality obligations. We do not permit unrestricted developer access to customer data.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, use, alteration, and disclosure.

These safeguards include encryption of data in transit using industry-standard transport security protocols and encryption of data at rest, as well as access controls designed to limit access to authorized personnel and service providers.

However, no method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting your personal information, we will notify affected customers within 72 hours of confirming the incident.

10. Data Retention

We retain personal information for as long as reasonably necessary to:

provide the Services;
maintain accounts and integrations;
comply with legal, tax, accounting, and contractual obligations;
resolve disputes and enforce our agreements;
maintain security logs and business records; and
pursue legitimate business purposes consistent with this Privacy Policy.

When we no longer need personal information for these purposes, we will delete, anonymize, or de-identify it, unless retention is required or permitted by law. Some information may remain in backups or archives for a limited period before deletion.

11. International Processing and Transfers

We may process personal information in the United States and other countries where we or our service providers operate. By using the Services, you understand that your personal information may be transferred to and processed in countries outside your own, which may have different data protection laws than your jurisdiction.

Where required by applicable law, we will use appropriate safeguards for cross-border transfers of personal information.

12. Your Choices and Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or request portability of your personal information, or to object to or restrict certain processing.

You may also:

disconnect integrations through available settings;
update account information;
opt out of marketing communications; and
request deletion of your account, subject to lawful retention needs.

If we process personal information on behalf of a business customer, that customer may be responsible for handling your request.

If you are a business customer and need a data processing agreement or additional privacy information for procurement or review, contact us at hello@getafi.com.

To exercise privacy rights or submit a privacy request, contact us at hello@getafi.com.

13. California Privacy Rights

If you are a California resident, and to the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), applies to our processing of your personal information, you may have certain rights, subject to applicable exceptions and verification requirements, including the right to know, access, delete, correct, and receive information about our handling of your personal information.

You may also have the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Afi does not sell or share personal information for cross-context behavioral advertising.

You also have the right not to be discriminated against for exercising your privacy rights.

To exercise any applicable California privacy rights, contact us at hello@getafi.com. We may need to verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf, subject to applicable verification requirements.

14. EEA and UK Privacy Rights

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), you may have certain rights under applicable data protection law, subject to applicable conditions and limitations. These rights may include the right to access, correct, delete, restrict, object to certain processing, and receive a portable copy of your personal data, and where we rely on consent, to withdraw that consent.

You may also have the right to lodge a complaint with your local supervisory authority or data protection regulator if you believe our processing of your personal data violates applicable law.

To exercise any applicable EEA or UK privacy rights, contact us at hello@getafi.com.

15. Australia Privacy Information

If you are in Australia, and to the extent the Privacy Act 1988 (Cth) and the Australian Privacy Principles apply to our handling of your personal information, this Privacy Policy is intended to describe how we manage your personal information in an open and transparent way.

Subject to applicable law, you may request access to personal information we hold about you and request correction of inaccurate personal information. To make a request or submit a privacy complaint, contact us at hello@getafi.com. We will review your request or complaint and respond within a reasonable time.

We may disclose or process personal information outside Australia, including in the United States and other countries where we or our service providers operate. Where required by applicable law, we will take reasonable steps to help protect personal information that is disclosed overseas.

16. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, pixels, and similar technologies to operate the Services, remember preferences, analyze usage, and improve performance. You can control cookies through your browser settings, although some features may not function properly if cookies are disabled.

17. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13.

18. Organization Accounts

If you use the Services through an organization, or if your organization administers your account, that organization may have access to information associated with your use of the Services and may control or restrict aspects of your account.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy, sending an email, providing in-product notice, or by other reasonable means. The "Last Updated" date indicates when this Privacy Policy was last revised.

20. Contact Us

If you have questions or requests regarding this Privacy Policy or our privacy practices, contact us at:

Nori Lab Inc., d/b/a Afi hello@getafi.com