top of page

Privacy Policy

Effective Date: Feb 28, 2026
 

1. Introduction

At DataAssistant-ai, in the Ai-email system application: ai-email-frontend-1028460022981.us-central1.run.app/

we believe your email data belongs to you. Our business model is based on providing premium AI tools, not on data monetization. We do not sell, rent, or lease your email content, metadata, or account information to any third party, ever.

2. Information We Collect, Data We Process

  • Account Data: When you register, we collect your name, email address, and billing information.

  • Authentication Data: We use OAuth 2.0 to access your email accounts (Gmail and Microsoft Outlook). We do not see or store your passwords. We store encrypted access tokens and refresh tokens to provide the service.

  • Email and Communication Data: To provide AI-powered features, our system processes email headers, metadata, and body content.

  • Usage Data: We collect information on how you interact with the service, such as feature usage and login timestamps.

  • Authentication: We use OAuth 2.0. We store encrypted refresh tokens to maintain your connection; we never see or store your passwords.

  • Email Content: We access headers, metadata, and body content strictly to power the Smart Reply (RAG) and Smart Inbox features.

  • Knowledge Base: Files you upload are stored in an isolated, encrypted environment for your tenant only.

3. Use of Data and Legal Basis

We process your data under the following legal bases:

  • Contractual Necessity: To provide the email organization and "Smart Reply" features you requested.

  • Consent: Where you have given us explicit permission to process specific data types.

  • Legitimate Interests: To maintain system security and improve our AI orchestration logic.
     

4. Google & Microsoft API Disclosure

DataAssistant-ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Service User Data Policy, including the Limited Use requirements. We do not use your email data for advertising or unauthorized profiling.

Our use of information received from Google/Microsoft APIs adheres to the Limited Use requirements. We strictly prohibit:

  • Transferring data to third-party "data brokers."

  • Using email content for serving advertisements.

  • Using your data to train "global" AI models that are shared with other users.

5. International Data Rights

  • European Union (GDPR): You have the right to access, rectify, or erase your personal data. We utilize Standard Contractual Clauses (SCCs) for data transfers outside the EEA.

  • Thailand (PDPA): We process data in compliance with the Personal Data Protection Act. You may withdraw your consent for data processing at any time.

  • United States (CCPA/CPRA): We do not sell your personal information. California residents have the right to request a disclosure of the categories of data collected.

6. Data Security and Retention

We employ industry-standard AES-256 encryption for sensitive tokens. Your data is retained only for as long as your account remains active or as required by law. Upon account termination, your tokens and synchronized metadata are purged from our active databases.


7. Data Permanent Deletion Function

We provide you with full control over your data. At any time, you may utilize the Permanent Delete function within your account settings:

  • Instant Disconnection: Revokes all OAuth tokens for Gmail and Outlook.

  • Data Purge: All synchronized email metadata, Knowledge Base embeddings, and AI-generated drafts are permanently erased from our active databases.

  • No Residual Storage: Once deleted, this data cannot be recovered by our team.

bottom of page