Privacy Policy

Cyril is operated by:

LIOT Ltd
Company number: 13112711
Registered address: 20-22 Wenlock Road, London, England, N1 7GU
United Kingdom

For any privacy question, or to exercise your data rights, contact us at hello@meetcyril.com.

LIOT Ltd is the data controller for the personal data described in this policy.

Cyril is built around a small number of privacy commitments. These are not just promises; they are how the product is designed.

Household isolation. Your data belongs to your household and is never shown to another household. We do not pool, compare, or share personal data between households. The only data shared across households is public school reference information (such as term dates and public school calendar links), which contains no personal data about you or your children.

We do not read your inbox. Cyril does not connect to, log into, or read your email account. We never request access to your Gmail, Outlook, iCloud, or any other inbox. Cyril only ever sees the specific emails, messages, photos, and notes that you choose to forward or upload to it.

We keep raw inputs only as long as we need them. The original content you forward or upload (the raw email, the photo, the voice note) is typically deleted within 90 days. We keep the structured information Cyril extracts from it (for example, “school trip on 14 March”) until you delete your household.

Your data is yours. You can delete your data permanently at any time.

We collect the following categories of personal data.

Information you give us when you set up your account. Your email address (used to sign in), and the names, year groups, and school enrolments of the children in your household. You may also invite other adults to your household, in which case we hold their email addresses.

Content you choose to forward or upload. This is the heart of the Service. It includes emails you forward to your unique Cyril address, messages and voice notes you forward from messaging apps, and photos or documents you upload (for example, a photographed paper letter). This content may contain personal data about you, your children, and other people mentioned in those communications.

Information Cyril extracts from that content. From the content you provide, Cyril identifies actions, events, dates, and reminders, and organises them into your household plan.

Subscription and billing information. When you subscribe, payment is handled by Apple’s App Store or Google Play, not by us. We receive confirmation of your subscription status from those platforms (via our subscriptions provider) but we do not receive or store your card details.

Technical and usage information. Basic information about how you use the app, the device you use, and diagnostic data used to keep the Service working and to fix errors.

Cyril processes information aboutchildren (such as a child’s name, year group, school, and school events) so that parents and authorised adults can manage their family’s school admin. The data subject using Cyril is the adult account holder, not the child. Children do not have accounts and do not use the Service directly.

We take the sensitivity of children’s information seriously and handle it in the spirit of the ICO’s Age Appropriate Design Code. We do not use children’s information for advertising, profiling, or any purpose other than providing the Service to your household.

We use your personal data to:

• Provide the Service: organising your forwarded content into a per-child action list, calendar, reminders, and an assistant you can ask about your family’s school life.
• Send you notifications and reminders you have asked for, including the weekly digest.
• Manage your subscription and account.
• Keep the Service secure, diagnose problems, and improve reliability.
• Respond to your support requests.

Our lawful bases under UK GDPR are:

• Performance of a contract (Article 6(1)(b)): processing your data to deliver the Service you have subscribed to.
• Legitimate interests (Article 6(1)(f)): keeping the Service secure and reliable, and improving it, in ways you would reasonably expect and that do not override your rights.
• Consent (Article 6(1)(a)): where we ask for it, such as for certain notifications. You can withdraw consent at any time.

We do not sell your personal data. We do not use it for third-party advertising.

Cyril includes an assistant that answers questions about your family’s school life. It only ever draws on your household’s own data and public school reference information. It does not draw on other households’ data. To generate answers, relevant content from your household is processed by our AI provider (see “Who we share data with” below) under strict confidentiality terms; it is not used to train their models.

We use a small number of trusted service providers (“processors”) to run Cyril. They process your data only on our instructions and under contract. They include providers for:

• AI processing of the content you forward (to extract actions and answer your questions).
• Cloud hosting and databases.
• File and image storage.
• Inbound email and messaging routing.
• Transactional email (such as sign-in links).
• Subscription management.
• Error monitoring and diagnostics.

Some of these providers may process data outside the UK. Where they do, we rely on appropriate safeguards (such as UK International Data Transfer Agreements or equivalent) to protect your data.

We may also disclose data if required by law, or to protect our rights, users, or the public.

• Raw forwarded and uploaded content: typically deleted within 90 days.
• Extracted actions, events, and your household information: kept until you delete them or delete your household.
• Account and subscription records: kept for as long as your account is active, and for a reasonable period afterwards where we are required to retain records (for example, for tax or legal reasons).

When you delete your household, we permanently delete your personal data, subject to any limited records we are legally required to keep.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Eraseyour data (“right to be forgotten”).
• Restrict or object to certain processing.
• Data portability: receive your data in a usable format.
• Withdraw consent where we rely on it.

You can delete your household directly in the app. To exercise your other rights, including access to your data, contact us at hello@meetcyril.com. We will respond within the timeframes required by law.

You also have the right to complain to the ICO (ico.org.uk), though we hope you will contact us first so we can help.

We protect your data using technical and organisational measures, including access controls that keep each household’s data strictly separate and never visible to another household, encryption in transit, and restricted access to production systems. No system is perfectly secure, but we take reasonable steps appropriate to the sensitivity of the data.

We may update this policy from time to time. If we make material changes, we will notify you in the app or by email. The “last updated” date at the top shows when it was last revised.

LIOT Ltd
20-22 Wenlock Road, London, England, N1 7GU
hello@meetcyril.com