Privacy Policy

Last updated: March 2026

Short version: We read your Gmail to analyze it. We don't store your emails. We don't sell your data. Ever.

Who we are

MailAudit is a personal inbox management tool that connects to your Gmail account to help you understand and clean your inbox. MailAudit is operated as an independent product.

What data we access

When you connect your Gmail account, MailAudit accesses the following:

Email sender information (who sent you emails)
Email subject lines (to categorize emails)
Unsubscribe headers (to identify newsletters)

We do not read the full content of your emails. We only read the metadata needed to analyze and organize your inbox.

What we do with your data

Your email data is used exclusively to:

Show you who is sending you the most emails
Identify newsletters and bulk emails
Delete newsletters on your request
Identify priority emails that need your attention
Generate AI summaries and suggested actions for priority emails
Draft email replies on your request — email content is read temporarily and never stored
Send your daily digest email every morning at 8 AM
Send replies on your behalf when you use the draft reply feature

Data storage

MailAudit stores the following data on secure servers to provide the daily digest service:

Your Gmail email address
Your Google OAuth credentials (encrypted access token) — used only to send your daily digest
Your digest email address

We do not store your emails, email content, or any personal information beyond what is listed above.

Your OAuth credentials are stored securely and are only used to fetch your priority emails for the daily digest. You can revoke access at any time through your Google Account settings, which will immediately delete your ability to receive digests.

Data sharing

We do not sell, trade, or share your personal data or email data with any third parties. Ever.

Google API usage

MailAudit uses the Gmail API provided by Google. Our use of Google user data is limited to the practices described in this privacy policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.

Security & Data Protection

We take the protection of your data seriously. Here is how we protect it:

OAuth 2.0 — We use Google's OAuth 2.0 protocol to connect to your Gmail. We never see or store your Google password.
Encrypted storage — Your OAuth credentials are stored in an encrypted database on secure servers.
HTTPS only — All data transmitted between your browser and MailAudit is encrypted using HTTPS/TLS.
Minimal data collection — We only store what is strictly necessary: your email address, OAuth token, and digest email address.
No email storage — Email content is processed in real-time and never stored on our servers.
Limited access — Only MailAudit's systems have access to your stored credentials. We never share them with third parties.
Revocation — You can revoke MailAudit's access at any time through your Google Account settings or by clicking "Disconnect Gmail" in the app.

We use Google Cloud infrastructure and Railway hosting, both of which maintain industry-standard security certifications.

Your rights

You can disconnect MailAudit from your Gmail at any time by visiting your Google Account permissions page and revoking access. This immediately stops MailAudit from being able to access your Gmail.

Changes to this policy

If we make significant changes to this privacy policy, we will update the date at the top of this page.

Contact

If you have any questions about this privacy policy, please contact us at: madax8510@gmail.com