Privacy Policy

Email Labeler is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have. It applies to all information collected through our website and the Email Labeler web application (collectively, the "Service").

1. Information We Collect

We use Google Sign‑In only for authentication and access your mailbox via IMAP. Specifically, we collect:

  • Basic Google profile – email address, name, and profile picture (scopes: userinfo.email, userinfo.profile, openid).
  • Mailbox metadata & content via IMAP – message headers, body text (decoded), and existing folders/labels required to analyse and categorise email. This access happens over IMAP using an App Password you generate in your Google account. We do not request Gmail API scopes beyond basic profile.
  • IMAP credentials (App Password) – the App Password you provide is encrypted at rest and used solely to connect to your mailbox via IMAP.

2. How We Use Data

  • Google profile data: to authenticate you and display your account information in the UI.
  • IMAP mailbox data: to read incoming emails, analyse content with AI models, and automatically apply the labels you configure.
  • IMAP folders/labels: to create, update, or remove user‑created labels as requested by you in the dashboard.
  • IMAP credentials: to securely connect to your mailbox for the purposes above.

We do not use Google user data to serve advertising, nor do we sell or share it with third parties for their independent marketing purposes.

3. Data Protection & Security

  • Encryption in transit and at rest – All traffic between your browser and our servers is encrypted via TLS. IMAP credentials (App Password) and any stored email metadata are encrypted at rest in our database.
  • Minimal retention – Email bodies are processed in-memory and are not persisted after label application. We store only label configuration, message IDs, and logs required to provide the service.
  • Principle of least privilege – Access to production data is restricted to authorised personnel who require it to operate or improve the Service.
  • Regular reviews – We periodically audit our code, infrastructure, and third-party vendors in line with industry best practices.

4. Data Sharing & Disclosure

We do not share Google user data with third parties except in the following limited circumstances:

  • With cloud service providers (e.g., hosting, database, AI processing) who process data on our behalf and are bound by confidentiality agreements.
  • To comply with legal obligations, court orders, or to protect the rights and safety of users.
  • With your explicit consent for any other purpose.

5. Your Choices & Controls

  • You may revoke Google Sign‑In access to your account via Google security settings.
  • For IMAP access, you can revoke/rotate your App Password via App Passwords or update/remove your credentials in the app.
  • You can delete your Email Labeler account (and all associated data) from the dashboard.
  • Contact us using this contact form for any data access or deletion requests.

6. Data Retention

IMAP credentials and necessary session data are retained for as long as your account remains active. Upon account deletion or revocation/rotation of your App Password, the associated credentials and cached metadata are permanently deleted within 30 days.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Effective date” below.

Effective date: April 7, 2025