Privacy Policy

Last updated: 26 June 2026

ColorfulEmail ("we", "us") helps you triage your Gmail and extract structured information into Google Sheets. This policy explains what data we access, what we do and don't store, and the choices you have. We've written it to be read, not to be skimmed past.

The short version. We process your email with an offline AI we host and operate ourselves. Your email content is never sent to a third-party AI provider such as OpenAI, Anthropic, or Google's AI models — no leaks. We do not keep copies of your mailbox — we read each message only to process it, and store only the result (labels and the fields you ask us to extract). We never train any model on your data, and the system can never delete your email.

1. The Google data we access

When you connect your account with "Sign in with Google," we request the minimum scopes needed to provide the service:

Your basic profile and email address — to identify your account and contact you.
Gmail (read and modify) — to read message content for triage and extraction, and to apply labels, file messages, and create drafts. This scope cannot permanently delete mail.
Google Sheets — to write the structured data you ask us to extract into spreadsheets you choose.

You can review and revoke our access at any time at myaccount.google.com/permissions.

2. How we use it — and how we process it

We use your Google data only to provide and improve the features you've asked for: sorting your inbox, learning your filing preferences, and extracting data into your Sheets.

All understanding of your email happens on a large language model that we host and control on our own infrastructure — an offline AI with no outbound connections to third-party providers. Because we run the model ourselves, your email content is never transmitted to any third-party AI provider. We host the model rather than running it on your device, so the precise claim is "processed only on infrastructure we control, never sent to a third-party AI" — not "never leaves your device."

3. What we store — and what we don't

We practice data minimization deliberately, because the safest data is the data we never hold.

We do not store copies of your emails. We fetch each message on demand, process it, and discard the raw content. We do not maintain a mirror, archive, or backup of your mailbox.
We store only derived results: the labels we apply, your filing preferences (for example, "mail from this sender is a receipt"), and the specific structured fields you've configured us to extract.
Your Google OAuth tokens are stored encrypted at rest using per-account encryption keys.
Operational logs record that processing happened (timestamps, counts, errors) but are designed not to contain email body content.

4. Google API Services — Limited Use

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google user data only to provide and improve the user-facing features described here.
We do not use Google user data to train, develop, or improve generalized or non-personalized AI/ML models. Any "training" we describe is per-account personalization of your own sorting preferences only.
We do not sell Google user data, and we do not transfer it for advertising, credit, or other unrelated purposes.
We do not allow humans to read your email except where you explicitly grant support access, where required for security, or where required by law.

5. Sharing

We do not sell your data. We share it only with infrastructure providers strictly necessary to run the service (for example, our hosting and database). We do not share email content with any AI provider. If we ever add payment processing, the payment provider receives only billing details — never your email content.

6. Security

OAuth tokens and other secrets are encrypted at rest with per-account keys.
Connections are protected with TLS in transit.
Our processing systems are not exposed to the public internet via open ports.
Access to systems is restricted and audited.

No system is perfectly secure, but we design to hold as little sensitive data as possible so that a breach would expose as little as possible.

7. Data retention and deletion

You can disconnect at any time by revoking access in your Google account or by emailing us. When you disconnect or ask us to delete your data, we delete your stored derived data and encrypted tokens. Because we never stored your emails, there is no mailbox copy to remove.

8. Your rights

You may request access to, export of, or deletion of the data we hold about you. Contact us and we'll respond promptly.

9. Children

ColorfulEmail is not directed to children under 16 and we do not knowingly collect their data.

10. Changes

We'll update this page when our practices change and revise the date above. Material changes will be communicated to connected users.

11. Contact

Questions or requests: privacy@colorfulemail.com.