Last updated: March 2026
When you text Ping AI, your phone number and message content are processed only long enough to generate a reply using xAI's Grok model.
After the reply is sent, your message and phone number are immediately and permanently deleted from our systems. We do not keep logs, backups, or archives of any conversations.
We do not sell, rent, license, or share your phone number or any message content with third parties for marketing or any other purpose.
The only information we temporarily receive is:
- Your phone number (required by the carrier to send a reply)
- The text of your message (required to generate the AI response)
Both are deleted within seconds after the reply is delivered.
If you connect your Google Calendar for flight tracking, we access only the minimum calendar data needed to detect flight events. Specifically:
- We request read-only access to your Google Calendar events.
- We scan calendar entries solely to identify flight-related events (e.g., airline reservations, flight numbers).
- We store your OAuth refresh token using AES-256 encryption at rest, protected by environment-level secrets that are never committed to source code.
- Calendar event data (flight details extracted from events) is stored only as long as the associated flight is actively being tracked. Once a flight lands or tracking expires, the extracted data is automatically deleted.
- Your OAuth tokens are stored only while your calendar connection is active. When you disconnect (by texting CALENDAR OFF or via the web interface), your tokens are immediately and permanently deleted from our database.
- We do not access, store, or process any non-flight calendar data (personal appointments, meetings, etc.).
We implement the following measures to protect your data, including any Google user data:
- Encryption in transit: All communications between your device, our servers, and third-party APIs (including Google) use TLS/HTTPS encryption.
- Encryption at rest: Sensitive credentials (OAuth tokens, API keys) are encrypted using AES-256 before storage in our database.
- Access controls: Database access is restricted to authenticated application processes only. No human operators have direct access to user data in production.
- Minimal data collection: We collect only the minimum data necessary to provide the requested service functionality.
- Secure infrastructure: Our application runs on managed cloud infrastructure with automatic security patching and isolated execution environments.
We retain your data only as long as necessary to provide our services:
- SMS messages: Deleted within seconds after generating a reply. No message content is retained.
- Conversation context: A short rolling window of recent messages (up to 8) is kept for up to 24 hours to maintain conversation context, then automatically purged.
- Google Calendar tokens: Retained only while your calendar connection is active. Deleted immediately upon disconnection.
- Flight tracking data: Retained only while flights are actively tracked. Automatically deleted after tracking concludes.
- Subscription data: Phone number and subscription status are retained while you have an active subscription. Deleted upon request.
- Alert preferences: Your alert configuration is retained while active. Deleted when you remove your alerts or upon request.
Your right to deletion: You may request complete deletion of all your data at any time by emailing hello@textping.ai or by texting DELETE MY DATA to Ping AI. We will process deletion requests within 7 business days and confirm completion.
U.S. carriers require us to keep standard delivery metadata (date/time, delivery status) for 30-90 days for billing and compliance. This metadata contains no message content and is automatically deleted afterward.
Ping AI uses xAI's Grok model (a third-party AI service) to generate conversational responses in the SMS chatbot. When you send a text message, your message text is sent to xAI's API for processing. xAI processes the data according to their own privacy policy. No personally identifiable information (such as your phone number) is sent to xAI - only the message content needed to generate a response.
Ping AI maintains complete, auditable segregation between Google user data and third-party AI services. The Google Calendar integration operates on an entirely separate data pipeline from the AI chatbot and is never connected to xAI or any other AI provider.
How Google Calendar data is processed:
1. Ping AI requests read-only access to your Google Calendar via the Google Calendar API (scope: calendar.readonly).
2. Calendar events are retrieved and processed locally on our server using deterministic pattern matching (regular expressions) to identify flight-related entries (e.g., "AA 1234 DFW-LAX").
3. Only the extracted flight identifier (e.g., "AAL1234"), origin airport code, destination airport code, and departure time are stored in our database. No other calendar event data (titles, descriptions, attendees, locations, notes, or any non-flight content) is retained.
4. The extracted flight identifier is sent to FlightAware's AeroAPI to retrieve real-time flight status. FlightAware receives only the flight number — no Google user data.
5. Flight status updates are delivered to the user via SMS through SignalWire.
What is never sent to xAI (Grok) or any AI service:
- Google OAuth tokens or credentials
- Google Calendar event data (titles, descriptions, locations, attendees, or any event metadata)
- Google user profile information (email, name, or account identifiers)
- Any data obtained via any Google API
Architectural enforcement:
- The calendar sync functions (sync_calendar_events, parse_flight_from_event, activate_upcoming_calendar_flights) operate in a completely separate code path from the xAI chat functions.
- Calendar processing uses only local regex parsing and the FlightAware API — no AI API calls are made at any point in the calendar data pipeline.
- The xAI chat pipeline receives only user-typed SMS message text. It has no access to Google OAuth tokens, calendar event data, or any Google API responses.
- These two pipelines share no data structures, API clients, or function calls.
Ping AI is not intended for children under 13. We do not knowingly collect data from children under 13.
If we ever change this policy, we will post the new version here and update the "Last updated" date.
Questions? Email: hello@textping.ai
That's it — no tracking, no cookies, no data collection beyond the split second needed to reply.