Back to Home

Privacy Policy

Last Updated: December 16, 2025

Introduction

This Privacy Policy describes how the Gmail AI Agent application ("we", "our", or "the application") collects, uses, and protects your personal information when you use our service.

Information We Collect

Personal Information

  • Email Addresses: We collect your Gmail email address to identify and manage your account
  • User Names: We may collect your display name from your Google account
  • Google User ID: We store your Google user ID for account linking

Email Processing

  • Email Processing: We process email content in real-time when you use our AI agent features
  • Email Metadata: We store message IDs, thread IDs, sender domains (not full addresses), and truncated subject lines for automation purposes
  • Writing Style: We analyze and store your writing tone/style to personalize responses

Note: We do NOT store full email body content in our database. Email content is processed in real-time and not persisted.

Authentication Data

  • OAuth Tokens: We securely store encrypted OAuth2 access and refresh tokens for Gmail API access
  • JWT Tokens: We issue JWT tokens for session management (stored client-side)

Usage Data

  • Automation Logs: We log automation events with minimal PII (domains only, truncated subjects)
  • Agent Configuration: We store your agent settings, instructions, and preferences
  • API Usage: We track API calls and usage patterns for service improvement

How We Use Your Information

  1. Service Provision: To provide AI-powered email automation and management features
  2. Authentication: To authenticate and authorize access to your Gmail account
  3. Personalization: To customize AI responses based on your writing style
  4. Service Improvement: To analyze usage patterns and improve our services
  5. Error Handling: To diagnose and fix technical issues

Data Storage and Security

Storage Location

  • Data is stored in secure databases (PostgreSQL)
  • OAuth tokens are encrypted at rest using Fernet symmetric encryption
  • Email content is NOT stored - processed in real-time only
  • Only email metadata (message IDs, domains, truncated subjects) is stored

Security Measures

  • Encryption: OAuth tokens encrypted using industry-standard Fernet encryption
  • Access Control: Authentication required for all API endpoints
  • Token Security: JWT tokens with expiration and refresh mechanisms
  • Secure Transmission: HTTPS/TLS for all data transmission
  • Security Headers: Implementation of security headers (HSTS, CSP, X-Frame-Options)
  • Rate Limiting: Protection against abuse and brute-force attacks
  • Data Minimization: We store only the minimum data necessary for service functionality

Data Retention

  • Active Accounts: Data is retained while your account is active
  • Inactive Accounts: Data may be retained for up to 90 days after last activity
  • OAuth Tokens: Retained until revoked or account deletion
  • Email Metadata: Retained as needed for service functionality
  • Logs: Retained for up to 30 days for debugging and security purposes

Your Rights

💡 Quick Access: To manage your data, sign in to your account and navigate to "Privacy & Data" in the sidebar menu. This page provides all the tools you need to export or delete your data.

Access Your Data

You have the right to access your personal data stored in our system.

How to access your data:

  1. Sign in to your account
  2. Navigate to "Privacy & Data" in the sidebar menu
  3. Click the "Export My Data" button to download your data in JSON format

Delete Your Data

You have the right to request deletion of your personal data at any time.

How to delete your data:

  1. Sign in to your account
  2. Navigate to "Privacy & Data" in the sidebar menu
  3. Scroll to the "Delete All My Data" section
  4. Click the "Delete My Data" button and confirm the deletion

⚠️ Warning: This action cannot be undone. All your data will be permanently deleted.

Export Your Data (Data Portability)

You have the right to export your data in a machine-readable format (JSON).

How to export your data:

  1. Sign in to your account
  2. Navigate to "Privacy & Data" in the sidebar menu
  3. Click the "Export My Data" button
  4. Your data will be downloaded as a JSON file

Revoke OAuth Access

You can revoke Gmail API access at any time through:

  • Google Account Settings: Visit Google Account Permissions and remove access to this application
  • Application Settings: Use the revoke access option in your account settings (if available)

Third-Party Services

Google Services

  • We use Google OAuth2 for authentication
  • We access Gmail API with your explicit consent
  • Data is processed according to Google's API Terms of Service
  • We only request necessary OAuth scopes

AI Services

  • We use OpenAI and/or Anthropic APIs for AI processing
  • Email content is sent to these services for processing (not stored by us)
  • These services have their own privacy policies
  • Email content is only sent during active processing, not stored

Cookies and Local Storage

  • JWT Tokens: Stored in browser localStorage for session management
  • User Preferences: Stored in localStorage for user experience
  • No Tracking Cookies: We do not use third-party tracking cookies

Compliance

GDPR (European Union)

  • Right to access, rectification, erasure, and portability
  • Right to object to processing
  • Lawful basis: Consent and legitimate interest
  • Data minimization: We store minimal PII (domains, not full emails)

CCPA (California)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for material changes

Contact Us

For privacy-related inquiries, data deletion requests, or questions about this policy:

Email: rahulbaboota08@gmail.com