Effective Date: July 30, 2025

Last Updated: July 30, 2025

Application: AI Email Agent (Project ID: emailautomation-466523)

Developer: Simul Bista

1. Information We Collect

The AI Email Agent is designed with privacy-first principles. We collect minimal data necessary for functionality:

Email Data Access

  • Email metadata (sender address, subject line, date/time)
  • Email snippet (preview text, typically first 150 characters)
  • Email labels and folder information
  • Read/unread status of emails

Authentication Data

  • Google OAuth 2.0 tokens (access and refresh tokens)
  • User's Gmail account identifier
  • Scope permissions granted

🚨 What We Do NOT Collect

  • Full email content or bodies
  • Email attachments of any kind
  • Personal contacts or address book data
  • Draft emails or sent emails
  • Email history beyond current processing session

2. How We Use Your Information

Your data is used exclusively for the following purposes:

Primary Functions

  • Email Classification: AI analysis to categorize emails (Jobs, Investments, Keep)
  • Label Management: Applying appropriate Gmail labels for organization
  • Folder Organization: Moving emails to designated folders
  • Processing Reports: WhatsApp notifications about actions taken

AI Processing

Email metadata and snippets are processed by Google Gemini AI for classification purposes. This processing happens in real-time and no data is retained after classification.

3. Data Storage and Retention

No Permanent Storage

We follow a zero-retention policy for email content:

  • Email data is processed in memory only
  • No email content is written to disk or databases
  • Processing occurs during active session only
  • All temporary data is cleared after each run

Authentication Tokens

  • OAuth tokens stored securely in GitHub Actions secrets
  • Tokens encrypted at rest and in transit
  • Automatic token refresh without user intervention
  • Tokens can be revoked by user at any time

Logs and Debugging

  • Processing logs retained for 7 days maximum
  • Logs contain no email content, only metadata counts
  • Error logs help improve system reliability
  • All logs automatically purged after retention period

4. Third-Party Services

We use the following trusted third-party services, each with their own privacy policies:

🔗 Google Gmail API

Purpose: Email access and label management

Data Shared: OAuth tokens only

Privacy Policy: Google Privacy Policy

🤖 Google Gemini AI

Purpose: Email content classification

Data Shared: Email metadata and snippets

Processing: Real-time, no storage

📱 Twilio WhatsApp API

Purpose: Processing notifications

Data Shared: Summary statistics only

Privacy Policy: Twilio Privacy Policy

⚙️ GitHub Actions

Purpose: Automated daily execution

Data Shared: Encrypted authentication tokens

Privacy Policy: GitHub Privacy Statement

5. Data Security

🔐 Encryption

  • All data transmission encrypted with TLS 1.3
  • OAuth tokens encrypted at rest
  • GitHub Actions secrets use AES-256 encryption

🛡️ Access Control

  • Minimal OAuth scope: gmail.modify only
  • No human access to email content
  • Automated processing with no manual intervention

🔄 Token Management

  • Automatic token refresh mechanism
  • Short-lived access tokens (1 hour expiration)
  • Secure refresh token storage

6. Your Rights and Controls

✋ Revoke Access

You can revoke the AI Email Agent's access to your Gmail account at any time through your Google Account settings.

Manage Google Account Permissions →

📧 Data Requests

Request information about what data has been processed (limited to processing logs and statistics).

🗑️ Data Deletion

All processing data is automatically deleted. Request immediate token revocation if needed.

📋 Processing Transparency

Receive detailed WhatsApp summaries of all actions taken on your emails.

7. Legal Compliance

Google API Services User Data Policy

This application complies with the Google API Services User Data Policy, including the Limited Use requirements.

Data Protection Regulations

  • GDPR compliance for EU users
  • CCPA compliance for California users
  • Minimal data collection principle
  • User consent and control mechanisms

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending a WhatsApp notification about significant changes
  • Posting a notice on our main application page

Your continued use of the AI Email Agent after any changes indicates your acceptance of the updated Privacy Policy.

9. Contact Information

📧 Privacy Questions

For privacy-related inquiries and data protection questions:

Email: simulbista@gmail.com

Subject Line: "AI Email Agent - Privacy Inquiry"

👨‍💻 Developer Contact

Name: Simul Bista

LinkedIn: linkedin.com/in/simul-bista

GitHub: github.com/simulbista

⏱️ Response Time

We aim to respond to all privacy inquiries within 48 hours during business days.

For urgent security concerns, please mark your email as "URGENT" in the subject line.

10. Effective Date and Acknowledgment

This Privacy Policy is effective as of July 30, 2025. By using the AI Email Agent, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Google OAuth Verification: This privacy policy has been prepared to meet Google's OAuth verification requirements and demonstrates our commitment to protecting user data and privacy.