← Back to EmailActions
Privacy Policy
Last updated: January 29, 2025
EmailActions ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our email productivity service.
1. Information We Collect
1.1 Account Information
When you sign up, we collect:
- Your Google account email address
- Basic profile information provided by Google (name, profile picture)
1.2 Email Data
When you connect a Gmail account, we access:
- Email metadata (sender, recipient, subject line, date)
- Email body content (processed temporarily to identify actionable items)
Important: We do NOT store your full email content. Email bodies are processed in-memory only and are never written to our database. We only store extracted obligation summaries (title, description, due date, counterparty).
1.3 Data We Store
| Data Type |
Purpose |
Retention |
| Email address |
Account identification |
Until account deletion |
| OAuth tokens |
Gmail API access |
Until account disconnection |
| Obligation summaries |
Display in dashboard |
Active: until completion
Completed: 30 days |
| Gmail thread IDs |
Link obligations to emails |
Same as obligation |
2. How We Use Your Information
We use your information solely to:
- Authenticate you via Google Sign-In
- Read your emails to identify actionable items (payments, deadlines, appointments, tasks)
- Display extracted obligations in your personal dashboard
- Provide data export and account deletion features
We do NOT use your data for:
- Advertising or marketing
- Training AI models
- Selling to third parties
- Any purpose other than providing the EmailActions service
3. AI Processing
EmailActions uses Google Gemini AI to analyze your emails and extract actionable items. When processing your emails:
- Email content is sent to Google's Gemini API for analysis
- Processing occurs in real-time; content is not stored by our service
- Google's AI services are subject to Google's Privacy Policy
4. Third-Party Services
We use the following third-party services:
| Service |
Purpose |
Data Shared |
| Supabase |
Database & Authentication |
Account data, obligation summaries (encrypted) |
| Google Gemini |
Email analysis |
Email content (processed, not stored) |
| Google OAuth |
Sign-in & Gmail access |
Authentication tokens |
| Vercel |
Hosting |
Standard web logs |
5. Data Security
We implement the following security measures:
- Encryption in transit: All data is transmitted over HTTPS
- Encryption at rest: Sensitive obligation data (titles, descriptions, counterparty names, and evidence quotes) is encrypted using AES-256-GCM before being stored in our database. Encryption keys are derived from your account identity, meaning this data cannot be read directly from the database.
- Row-level security: Database policies ensure users can only access their own data
- Token security: OAuth tokens are stored securely and never exposed to the frontend
- Minimal data storage: We only store what's necessary to provide the service
6. Your Rights
You have the right to:
- Access: View all data we store about you (via Privacy & Data in the app)
- Export: Download your data as a CSV file at any time
- Delete: Permanently delete your account and all associated data
- Revoke: Disconnect Gmail accounts and revoke our access to your Google account
To exercise these rights, use the "Privacy & Data" option in the app menu, or contact us at contactemailactions@gmail.com.
7. Data Retention
- Active obligations: Retained until you mark them complete or delete them
- Completed obligations: Automatically deleted after 30 days
- Account data: Retained until you delete your account
- Email content: Never stored (processed in-memory only)
8. International Users
EmailActions is operated from India and uses servers that may be located in various countries. By using our service, you consent to the transfer of your data to these locations. We comply with applicable data protection laws including:
- GDPR (European Union): You have rights to access, rectify, erase, and port your data
- CCPA (California): You have rights to know, delete, and opt-out of data sales (we do not sell data)
9. Children's Privacy
EmailActions is not intended for users under 18 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email to your registered address.
11. Contact Us
For privacy-related questions or concerns, contact us at:
Email: contactemailactions@gmail.com
12. Google API Services User Data Policy
EmailActions' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.