ReplAI - Email Assistant LogoReplAI - Email Assistant

Privacy Policy

Last updated: February 21, 2026

This Privacy Policy describes how ReplAI - Email Assistant (the "Service", "we", "us", or "our") collects, uses, and shares information when you access our web back‑office and/or install and use our Gmail Add‑on (collectively, the "Applications").

1. Information We Collect

1.1 Account and Organization Data

  • Identity & contact: name, email address, optional phone number.
  • Organization details: organization name, description, business type, company size, website, phone, authorized email addresses, and the user who created the organization.
  • Authentication data: Google OAuth access and refresh tokens (web back‑office only), token expiry, and application‑issued session/JWT identifiers.

1.2 Content You Provide

  • Knowledge base documents (web back‑office): uploaded files or links (including metadata such as filename, size, MIME type) that may be stored in cloud storage and processed into vector embeddings to enable search and context for AI responses.
  • Gmail Add‑on — current email only: when you use the Gmail Add‑on, access is limited to the single email message you have selected and opened. We process only: subject line, sender address ("From"), and message body text. This access is user‑initiated each time you click "Generate AI Reply." We do not access your inbox, other messages, or attachments from the Add‑on.
  • Web back‑office — Gmail: if you use optional Gmail features from the web back‑office (e.g., syncing Gmail history to your knowledge base), we may process thread identifiers, sender/recipient information, subject lines, message body text, and attachment metadata. Such features require your explicit consent and additional OAuth scopes.
  • AI responses: content generated for suggested replies and moderation/feedback you provide about those replies.

1.3 Usage Data

  • Log data related to authentication and API requests.
  • Device, app version, and basic diagnostic information.
  • Performance metrics (e.g., response times, selected variations).

2. How We Use Information

  • Provide, operate, and maintain the Applications.
  • Authenticate users and secure access (including token refresh where applicable).
  • Generate AI‑suggested email replies based on the content you provide.
  • Store and search document embeddings to surface relevant context for responses.
  • Communicate with you about updates, security, and support.
  • Comply with legal obligations and enforce terms.

3. Legal Bases (EEA/UK users)

Where applicable, we process your personal data on the basis of contract performance, legitimate interests (e.g., securing the Service, improving features), consent (where required, such as connecting your Google account), and compliance with legal obligations.

4. Data Sharing and International Transfers

We share information with service providers strictly to operate the Service:

  • Google APIs: to authenticate users (OAuth), obtain email addresses for account association, and—when you use the Gmail Add‑on—to read the currently selected email and create draft replies. We do not use Google user data to train or improve generalized AI or machine learning models.
  • OpenAI: to analyze email/document content and generate suggested replies. Data sent to OpenAI is processed only to provide the requested feature (e.g., reply generation). It is not used to train OpenAI's general‑purpose models. See OpenAI's data usage policy for details.
  • AWS S3: to store uploaded documents and generate time‑limited download links.
  • Chroma (Vector DB): to store vector embeddings and related metadata for semantic search.

These providers may process data in jurisdictions outside your own. Where required, we rely on appropriate safeguards for international transfers (e.g., standard contractual clauses). We do not sell personal data.

5. Data Retention

  • Account and organization data are retained while your account is active and for a reasonable period thereafter for legal, audit, and backup purposes.
  • Uploaded documents are retained until you delete them; vector embeddings persist until corresponding documents are removed.
  • OAuth tokens are retained while needed to provide the Service and are revoked upon disconnect or account deletion.
  • AI‑generated responses and related logs may be retained to operate the Service and for auditability, subject to your organization's settings.

6. Your Choices and Rights

  • Access, correct, or delete personal data (subject to exceptions).
  • Disconnect Google access at any time and/or revoke tokens.
  • Delete documents and associated embeddings.
  • Object to or restrict certain processing where applicable by law; you may also withdraw consent where processing is based on consent.

7. Gmail Add‑on — Scope and Use of Google Data

The Gmail Add‑on is a limited‑scope integration. Its use of Google data is governed by the following:

  • User‑initiated access: The Add‑on accesses Gmail only when you open it and select an email. It reads only the currently opened message (subject, sender, body). It does not browse your inbox, search messages, or access other emails.
  • Identity scopes (openid, userinfo.email): Used solely for authentication and to associate your Add‑on session with your Email Assistant account. Your email address is used for login and account lookup only.
  • gmail.readonly: Used only to read the single email message you have selected when you request an AI‑suggested reply.
  • gmail.compose: Used only to create draft replies. Emails are not sent automatically on your behalf. When you choose "Use This Reply," a draft is created; you decide whether to send, edit, or discard it.
  • script.external_request: Used to communicate with our backend to verify your account and request AI‑generated replies.
  • gmail.addons.execute, gmail.addons.current.action.compose: Required by the Gmail Add-on platform to run the add-on and create draft replies. They do not grant access to data beyond the scopes above.
  • No AI training on Google data: We do not use Google user data (including Gmail content) to train or improve generalized AI or machine learning models.

8. Web Back‑Office

The web back‑office is separate from the Gmail Add‑on. It uses Google OAuth for sign‑in (email, profile) and to manage your account and organization. If you use optional features that require additional Gmail access (e.g., syncing Gmail history to your knowledge base), those features will request additional scopes with your consent. Document uploads, knowledge base management, and AI response settings are handled through the web back‑office.

9. Security

We implement technical and organizational measures appropriate to the risk, including token‑based authentication, scoped access, and time‑limited signed URLs for downloads. No system is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes to this Policy

We may modify this Privacy Policy from time to time. Material changes will be communicated through the Applications or by email where appropriate. Your continued use constitutes acceptance.

12. Contact

Questions or requests can be sent to: usmanazeezbello@gmail.com. Please include your organization name and the email associated with your account.