Privacy Policy
1. Introduction
Welcome to Gmail Admin AI Agent (“we,” “our,” or “us”). This Privacy Policy explains how Zora Digital collects, uses, discloses, and safeguards your information when you use our web application and related services.
By using Gmail Admin AI Agent, you agree to the collection and use of information in accordance with this policy.
2. Information we collect
2.1 Information from Google and your use of Gmail
When you sign in with Google and use the service, we may process:
- Account identifiers from Google OAuth — Information Google provides as part of sign-in (such as your email address and tokens used to access Google APIs), as permitted by the permissions you grant
- Email content and metadata — Subject lines, snippets, message bodies (as loaded for analysis), sender/recipient information, labels, and related data needed to provide search, analysis, trash moves, replies, and assistant features you initiate
- Assistant and analyze context — Text derived from your mail and your prompts, held in server memory for your active session to power features you request
2.2 Optional logging you enable
If enabled in configuration, the service may write progress logs to a CSV file on the server. Those logs can include message identifiers and fields such as subject, sender, and snippet. You should only enable logging if you accept that file’s visibility and retention on the server.
2.3 Operational and aggregated data
- Sign-in tally — We may store an aggregate count of completed Google sign-ins (for example, in a small data file on the server) for operational or support purposes. This is not used to profile individual message content.
- Server logs — Standard technical data such as IP address, timestamps, request paths, and error information, as typical for web applications and security monitoring
2.4 Automatically collected information
- Usage data — How you interact with the application (for example, which features you invoke) in the course of providing the service
- Device and connection data — Browser type, operating system, and IP address
- Cookies — We use a session cookie to keep you signed in after Google OAuth. The cookie holds an opaque session identifier; OAuth tokens and mail data are handled on the server according to the sections below.
3. How we use your information
We use collected information to:
- Provide and maintain the service (sign-in, Gmail access you authorize)
- Run analysis, summaries, and assistant features using third-party AI when configured (for example, OpenAI)
- Perform actions you request in Gmail (such as moving messages to Trash, sending replies, or managing labels) using your authorized Google credentials
- Optional progress logging when you enable it
- Protect the service, prevent abuse, and comply with applicable law
- Improve reliability and security (for example, rate limiting and error handling)
4. AI processing
When you use AI features (summaries, delete suggestions, chat, or similar), text derived from your mail and your prompts may be sent to an AI provider (for example, OpenAI) for processing. That provider processes data under its own privacy policy and terms. We configure the service to use your data to operate the product for you; we do not use your Gmail content to train our own models. Retention and subprocessors are governed by the AI provider’s policies in effect at the time of processing.
5. Data storage and security
We implement reasonable administrative, technical, and organizational measures designed to protect information, including HTTPS for browser connections where configured, HTTP security headers, rate limiting on sensitive routes, and careful handling of credentials.
Session and credentials: Google OAuth tokens for your session are stored in server memory and are cleared when you sign out or when the server process restarts (unless and until a future version persists them differently and updates this policy).
Analyze and chat context may be held in memory for your session to support the assistant and related features.
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Third-party services
We rely on third-party services that handle information under their own policies, including for example:
- Google — Sign-in (OAuth) and Gmail API
- OpenAI (or another AI provider we configure) — AI-powered summaries, suggestions, and chat when those features are enabled
- Hosting providers — Infrastructure used to run the application
Each provider’s privacy policy governs how it processes data on its systems. We are not responsible for third parties’ independent practices.
7. Your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict processing of personal data, or to object to certain processing. You can:
- Revoke access — Sign out of the application and remove or limit the app’s access in your Google Account security settings
- Stop AI use — Do not use AI-powered features if you do not want content sent to an AI provider
- Request assistance — Contact us for privacy requests applicable to data we control
To exercise rights or ask questions, contact us at info@zora.digital or yewande@zora.digital.
8. Data retention
OAuth tokens and in-memory session data are retained until you sign out or the server restarts, as described above. Server logs and operational files may be retained for a limited period consistent with security and operations. Optional CSV fetch logs you enable are retained on the server according to your policy. We may retain certain information where required by law.
9. Children’s privacy
Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us.
10. International data transfers
Your information may be processed in countries other than your country of residence, including where our servers or service providers operate. Those countries may have different data protection laws. By using the service, you understand that such transfers may occur.
11. Changes to this privacy policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page and change the “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy where permitted by law.
12. Contact us
If you have questions about this Privacy Policy, please contact us:
- Email: info@zora.digital, yewande@zora.digital
- Company: Zora Digital
- Jurisdiction: Illinois, United States
Related: Terms of Service
Your privacy matters
We are committed to protecting your privacy and being transparent about our data practices. If you have concerns or questions, please contact us at info@zora.digital or yewande@zora.digital.