Privacy Policy

Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We do not store your Google password.

Email Data

With your explicit permission, EmailHQ reads your Gmail messages to classify them into categories (Urgent, Client, Invoice, Personal, Marketing, Notification) and to generate draft replies. We access only the data necessary to provide these features. We do not sell or share your email content with third parties.

Calendar Data

If you grant calendar access, EmailHQ reads your upcoming events to provide availability context when drafting replies. We do not modify your calendar events.

Google Drive Data

If you use the file-based draft feature, EmailHQ reads the content of specific files you select. We do not access files you have not explicitly chosen.

Usage Data

We collect anonymous usage statistics (e.g. feature interactions, error logs) to improve the product. This data cannot be linked back to your identity.

AI Classification & Drafting

Email content is sent to the Groq API solely for the purpose of classifying emails and generating draft replies on your behalf. This processing happens in real time; we do not permanently store the raw content of your emails on our servers.

Gmail Label Sync

We apply labels to your Gmail messages reflecting the AI-assigned category. These labels are written back to your Gmail account using the Gmail API.

Service Improvement

Aggregated, anonymised data may be used to improve classification accuracy and feature development. Individual email content is never used for model training.

OAuth Tokens

Your Google OAuth refresh token is encrypted with AES-256-CBC before being stored in our database. Access tokens are short-lived and rotated automatically by Google.

Database

We use a hosted PostgreSQL database (Neon) with encryption at rest. Access is restricted to authenticated application services only.

Transmission

All data in transit is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints.

Data Retention

Email metadata (sender, subject, category) is retained to power your inbox view. Raw email body content is not persisted beyond the immediate processing request. You can request full account deletion at any time.

Google APIs

EmailHQ's use of Google APIs (Gmail, Calendar, Drive) is subject to Google's Privacy Policy and Terms of Service. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Groq

Email content is processed by the Groq API to perform classification and draft generation. Groq's data processing terms apply to this processing.

Hosting & Infrastructure

EmailHQ is hosted on Cloudflare Pages. Infrastructure providers may process data in the course of providing their services, subject to their respective privacy policies.

Access & Portability

You may request a copy of the personal data we hold about you at any time by contacting us at privacy@emailhq.app.

Deletion

You may request deletion of your account and all associated data. Upon request, we will delete your account, encrypted tokens, and email metadata within 30 days.

Revoking Access

You can revoke EmailHQ's access to your Google account at any time via your Google Account Security settings (myaccount.google.com/permissions). Revoking access will disable EmailHQ functionality but will not automatically delete stored data.

GDPR & CCPA

If you are located in the European Economic Area or California, you have additional rights under GDPR and CCPA respectively, including the right to object to processing and the right to know what personal data is sold (we do not sell personal data).

Session Cookies

We use strictly necessary session cookies to keep you logged in. We do not use third-party tracking cookies or advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the app or by email. Continued use of EmailHQ after changes are posted constitutes acceptance of the revised policy.

Questions about this policy? Reach us at privacy@emailhq.app or by mail at EmailHQ, 1 Canada Square, London, E14 5AB, United Kingdom.