Privacy Policy

Effective date: 15 February 2026 · Last updated: 15 February 2026

1. Introduction

GAutoMail ("we", "our", or "us") operates the GAutoMail email automation service (the "Service"). This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our Service. By using GAutoMail you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

• Account Information: Your email address, hashed password, and authentication credentials when you create an account.
• Gmail Data: When you connect your Gmail account via OAuth 2.0, we access your email messages (subject lines, message bodies, sender and recipient addresses, timestamps) solely to provide AI-powered response generation. We request only the minimum scopes necessary (see Section 4).
• Knowledge Base Content: Business information, FAQs, response templates, and other content you provide to train the AI assistant.
• Usage Data: Features used, responses generated, interaction timestamps, and service performance metrics.
• Device & Browser Information: Browser type, operating system, IP address, and referring URLs collected automatically for security and analytics purposes.

3. How We Use Your Information

We use the information we collect exclusively for the following purposes:

• To provide, operate, and maintain the email automation Service
• To generate AI-powered email response drafts based on your knowledge base
• To send emails on your behalf through your connected Gmail account, only after your explicit approval
• To learn from your edited responses to improve future AI suggestions for your account only
• To improve and personalise your experience with the Service
• To communicate with you about service updates, security alerts, and support
• To detect, prevent, and address technical issues and security threats

4. Google API Services & Limited Use Disclosure

4.1. Scopes Requested

We request only the minimum OAuth 2.0 scopes necessary to deliver our Service:

• gmail.readonly — To read your incoming email messages for AI-powered response generation. We access subject lines, message bodies, and sender information to understand context and generate appropriate replies.
• gmail.send — To send approved email responses on your behalf. Emails are only sent after you explicitly review and approve each response.

We do not request or use any broader scopes (such as gmail.modify or full account access) beyond what is strictly required for the Service to function.

4.2. Limited Use Compliance

In accordance with Google's Limited Use requirements, we commit to the following:

1. Limited use: We use Google user data only to provide and improve the user-facing features of GAutoMail that are prominent in our application interface. We do not use this data for any other purpose.
2. No transfers to third parties: We do not transfer, sell, or share Google user data with any third parties, except:
   • As necessary to provide or improve the Service (e.g. processing via our AI model to generate responses)
   • For security purposes such as investigating abuse
   • To comply with applicable law
3. No advertising use: We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
4. No human reading: We do not allow humans to read your Google user data unless:
   • You provide affirmative consent to view specific messages (e.g. for customer support)
   • It is required for security purposes such as investigating a bug or abuse
   • It is necessary to comply with applicable law
   • The data is aggregated and anonymised for internal operations
5. No credit or lending use: We do not use Google user data to determine credit-worthiness or for lending purposes.

4.3. Data Processing

Your Gmail data is processed as follows:

• Email content is transmitted securely over HTTPS/TLS encryption
• Email data is processed by our AI system to generate draft responses
• Email metadata (sender, subject, timestamp) is stored to display your inbox within the Service
• AI-generated responses are stored until you approve, edit, or discard them
• We do not create permanent copies of your full email content beyond what is necessary to provide the Service

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption at rest: All sensitive data, including Gmail OAuth tokens, is encrypted at rest using AES-256 encryption
• Encryption in transit: All data transmitted between your browser, our servers, and Google's APIs is protected using TLS 1.2 or higher
• Access controls: Strict role-based access controls limit who can access production systems
• Infrastructure: Our Service is hosted on secure, SOC 2-compliant cloud infrastructure
• Token security: Gmail OAuth refresh tokens are encrypted and stored securely. Access tokens are short-lived and refreshed as needed

6. Data Sharing & Disclosure

We do not sell, trade, rent, or share your personal data or email content with third parties. We may disclose information only in the following circumstances:

• Service providers: We may share data with trusted service providers who assist us in operating the Service (e.g. cloud hosting, AI processing), subject to strict confidentiality obligations
• Legal requirements: We may disclose data if required by law, regulation, legal process, or governmental request
• Safety: We may disclose data if we believe in good faith that it is necessary to protect the safety of users or the public
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred, with prior user consent where required

7. Data Retention

We retain your data according to the following guidelines:

• Account data: Retained for as long as your account is active
• Email data: Synced email metadata is retained while your Gmail account is connected. Full email content is processed in real-time and not permanently stored
• Knowledge base: Retained while your account is active and deleted upon account closure
• OAuth tokens: Retained while your Gmail connection is active; immediately deleted when you disconnect your Gmail account
• Logs and analytics: Retained for up to 90 days for security and debugging purposes

You can request deletion of all your data at any time by contacting us. Upon account deletion, all associated data — including emails, knowledge base content, AI-generated responses, and Gmail tokens — will be permanently and irreversibly removed within 30 days.

8. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data and account
• Portability: Request your data in a machine-readable format
• Withdraw consent: Withdraw consent for data processing at any time
• Disconnect Gmail: Revoke GAutoMail's access to your Gmail account at any time through the Service settings or via your Google Account permissions page

To exercise any of these rights, please contact us using the information in Section 11.

9. Cookies & Tracking

We use essential cookies and local storage to maintain your session and preferences. We do not use third-party tracking cookies, analytics trackers, or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• WhatsApp: +44 7951 579147
• Website: https://gautomail.com