Privacy Policy

SmartEmails ("we", "our", "us") is an AI-powered email classification service. This Privacy Policy explains how we collect, use, and protect your information when you use our web application and Chrome extension.

Account Information: When you sign up, we collect your email address and name via Google or Microsoft OAuth.

Email Metadata: We access your email metadata (sender, subject, date) to classify your emails.

Email Preview ("snippet"): For each email we also store a short preview of the body — capped at 400 characters and provided directly by Gmail or Outlook (we do not perform the truncation ourselves). This is the same one-line preview that you already see in your inbox list. The snippet is needed to give the AI enough context to classify reliably, and to display a useful preview in the dashboard.

What we do NOT store:

• The full body of your emails — never persisted to our database.
• Recipients (To, Cc, Bcc) — never read or stored.
• Attachments — never accessed.
• AI-generated draft replies — generated on demand when you click, never stored.

At classification time, the full body is fetched live from Gmail or Outlook, sent to the AI provider, and immediately discarded on our side. Only the resulting category, priority and short reason are kept.

Classification Data:We store the AI-generated category, priority, and a short reason (one sentence) for each classified email — for example "Action requested from the recipient".

Thread summaries (cache):If you open a long thread inside our Chrome extension, we cache the AI-generated summary and extracted action items so we don't have to regenerate them every time. This cache can be cleared by deleting your account.

Usage Data: We collect basic usage statistics (number of emails classified, sync frequency) to improve our service.

When you connect a Gmail account, SmartEmails requests the following Google API scopes. Each is required for a specific feature; we do not request access we do not use:

• gmail.readonly — read the metadata and body of incoming emails so the AI can classify them and produce a one-sentence reason.
• gmail.labels — create and manage the SmartEmails labels (e.g. SmartEmails/To-Reply, SmartEmails/Newsletter) used to surface classification results inside your inbox.
• gmail.modify — apply those labels to your messages, mark threads as read/unread when you act on them from the dashboard, and archive on request. We never permanently delete your messages.
• gmail.compose — create draft replies that you explicitly request (one click on "Generate draft reply"). Drafts are saved as Gmail drafts under your account; we never send mail on your behalf without an explicit user action.
• userinfo.email / userinfo.profile — identify your account during sign-in.
• calendar — optional, used by the meeting-scheduling feature to propose free slots and create events that you confirm.

You can revoke these grants at any time at myaccount.google.com/permissions, or by disconnecting your mailbox from the SmartEmails dashboard (which also revokes the OAuth token on our side).

SmartEmails' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Concretely, this means:

• We use Google user data only to provide and improve the user-facing features described in this Privacy Policy (classification, labels, drafts, scheduling).
• We do not transfer Google user data to third parties except as necessary to provide or improve those features (see "Data Sharing" below), to comply with applicable law, or as part of a merger/acquisition with adequate notice.
• We do not use Google user data for advertising purposes, ever.
• We do not allow humans to read Google user data unless we have your affirmative consent for a specific message, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or our use is limited to aggregated, anonymized data for internal operations and that data has been de-identified.
• We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Email content sent to Anthropic for classification is processed under Anthropic's standard commercial API terms, which contractually exclude that data from training Anthropic's models.

We do NOT sell your data. We share data only with:

• Anthropic (Claude AI) — when an email is classified, its subject, sender and body are transmitted to Anthropic's API and a result (category, priority, short reason) is returned. The body is not stored on our side after classification. We use Anthropic's standard commercial API terms, which contractually exclude customer data from being used to train Anthropic models (default policy for all API customers since 2023). We have not negotiated additional terms beyond this standard agreement.
• Supabase — our database provider, hosted in the EU.
• Stripe — for payment processing (billing data only).
• Vercel — our hosting provider.

Your data is stored securely on Supabase (PostgreSQL) with row-level security. API keys and tokens are encrypted. We use HTTPS for all communications. OAuth tokens are stored securely and used only to access your email on your behalf.

You have the right to:

• Access your data — view all classified emails in your dashboard
• Correct your data — reclassify any email
• Delete your data — disconnect your account to stop processing, or contact us to delete all data
• Export your data — contact us for a data export
• Withdraw consent — disconnect your email account at any time

We retain your email classification data for as long as your account is active. When you disconnect your email account, we stop processing new emails. You can request full deletion by contacting us.

Our Chrome extension accesses Gmail and Outlook Web to display classification badges, a sidebar, and action buttons. The extension communicates only with our servers — no data is sent to third parties. The extension requires the following permissions:

• storage — to store your authentication token locally
• activeTab — to inject the sidebar into Gmail/Outlook
• Host permissions — to communicate with our API and inject content scripts

We use essential cookies only for authentication (Supabase session). We do not use tracking cookies or analytics cookies.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

For any questions about this Privacy Policy or to exercise your rights, contact us at:

Email: privacy@smartemails.ai