Privacy Policy

1. Information We Collect

We only store and use the following data:

  • OAuth Access Tokens:
    • We securely store verified OAuth access tokens provided by Google and Microsoft after user authentication.
    • These tokens are encrypted and stored for session management.

We do not collect or store:

  • Personal identifying information (name, address, etc.)
  • Email content or file content beyond the current session
  • Any data not directly related to service operation

2. How We Use Your Data

Google Services (Gmail)

Your OAuth token is used exclusively for:

  • Making authorized API requests to Gmail with these scopes:
    • gmail.readonly (read email content and metadata)
    • gmail.metadata (not used - this permission is not used because gmail.readonly already includes metadata access capabilities, using both would cause permission conflicts)
  • Additional scope required by Google OAuth (automatically included):
    • openid (Associate your account with basic Google profile info)
      • This is a default scope enforced by Google's OAuth system to identify your account during authentication.
      • We do not use or store your Google profile data (e.g., name, profile picture). It is only used to link your Gmail access to a valid Google account.

Google Services (Google Drive) - Currently Not Supported

Note: Google Drive integration is planned for future releases but not currently active.

When implemented, Google Drive access will use these scopes:

  • drive.readonly (read files and file metadata from Google Drive)
  • drive.metadata.readonly (read file metadata only)

All Google Drive data handling will follow the same privacy principles outlined in this policy.

Microsoft Services (Outlook)

Your OAuth token is used exclusively for:

  • Outlook Email Access with these scopes:
    • Mail.Read (read email content and metadata)
    • Mail.ReadBasic (read basic email properties)

Microsoft Services (OneDrive)

Your OAuth token is used exclusively for:

  • OneDrive File Access with these scopes:
    • Files.Read.All (read files and file metadata from OneDrive)

AI Processing for All Services

  • Using AI solely to:
    • Generate search filters for API queries (Gmail, Outlook, OneDrive)
    • Filter and summarize search results from your emails and files
    • Extract relevant content based on your queries
  • Temporarily caching search results (automatically cleared under server pressure)

3. Data Handling

  • Token Usage:
    • Tokens are used only when you actively make requests
    • All API calls are made in real-time during your session
  • AI Processing Restrictions:
    • All AI operations are performed on-demand for your queries only
    • No email data (headers, body, or attachments) or file content is used for model training
    • No email or file content is retained after processing your request
  • Caching:
    • Search results may be cached temporarily to improve performance
    • Cached data contains no personal identifiers
    • All caches are automatically purged regularly

4. Data Protection Commitments

We absolutely never:

  • Use your Google or Microsoft account data for any AI model training
  • Store or transmit email content (headers, body, or attachments) or file content to third parties
  • Retain processed email or file data beyond what's needed for your immediate query
  • Use your data for any purpose other than providing the requested service

5. Security Measures

We implement:

  • Industry-standard encryption for all stored tokens
  • Regular security audits
  • Strict access controls to token storage
  • Process isolation for AI operations

6. Third-Party Sharing

We never:

  • Share your data with third parties
  • Use your data for advertising
  • Sell or monetize your information in any way

7. User Rights

You can:

  • Revoke our access via your Google Account or Microsoft Account settings at any time
  • Request deletion of your stored tokens

8. API Compliance

Google API Compliance

Our use and transfer of information received from Google APIs adhere to:

  • Google API Services User Data Policy, including the Limited Use requirements
  • All data obtained via Google APIs is used solely for:
    • Providing and improving user-facing features
    • Enhancing email search and organization functionality
  • We do not:
    • Transfer Google user data to other apps or services except as necessary for core functionality
    • Use Google user data for serving ads
    • Use Google user data for creditworthiness assessment
    • Use Google user data for any form of human review

Microsoft Graph API Compliance

Our use and transfer of information received from Microsoft Graph APIs adhere to:

  • Microsoft Graph API Terms of Service and Microsoft Privacy Statement
  • All data obtained via Microsoft Graph APIs is used solely for:
    • Providing and improving user-facing features
    • Enhancing email and file search functionality
  • We do not:
    • Transfer Microsoft user data to other apps or services except as necessary for core functionality
    • Use Microsoft user data for serving ads
    • Use Microsoft user data for creditworthiness assessment
    • Use Microsoft user data for any form of human review

9. Changes to This Policy

We will notify users of any material changes to this policy via email or in-app notification.