MailDigest AIMailDigest AI
Last updated: May 2026

Privacy Policy

1. Who we are

MailDigest AI is a SaaS service that generates intelligent email summaries through artificial intelligence. The service is provided by MailDigest AI ("we", "our").

2. Data we collect

We collect the following data:

  • Account data: name, email address, password (cryptographic hash, never stored in plain text)
  • Gmail OAuth tokens: encrypted with AES-256-GCM, used exclusively to read the user's emails
  • Email content: temporarily processed in memory by AI to generate the digest, not permanently stored
  • Preferences: digest schedules, language, delivery channels, grouping contexts
  • Digest history: generated summaries, timestamps, usage statistics

3. How we use the data

Data is used exclusively for:

  • Generating email digests according to user preferences
  • Classifying emails by priority (urgent, follow-up, informational)
  • Delivering digests through chosen channels (email, Telegram)
  • Improving the service and providing user statistics

We do not sell, share, or use email data for advertising.

4. Gmail data processing

Access to Gmail data is limited to the <code>gmail.readonly</code> scope. Email content is:

  • Read via Gmail API at the time of digest generation
  • Sent to the AI model (Claude by Anthropic) for classification and summarization
  • Processed in memory and not permanently stored
  • Never shared with third parties for purposes other than digest generation

The use of Gmail data complies with the Google API Services User Data Policy, including Limited Use requirements.

5. Data sharing and sub-processors

To operate the service we share strictly necessary data with the following categories of recipients (sub-processors), each bound by data protection terms:

  • Anthropic, PBC (USA) — provides the Claude AI models used to classify and summarize emails. Email subject, sender and body are sent in real time and processed in memory; Anthropic does not retain inputs to train models (see Anthropic Privacy Policy).
  • Hetzner Online GmbH (Germany, EU) — hosts our infrastructure (PostgreSQL database, Next.js API, Python AI agent). Stores encrypted Gmail OAuth tokens, account data and digest history.
  • Resend, Inc. (USA) — delivers transactional emails (verification, notifications) and the digest itself via SMTP. Receives recipient addresses and digest body, which may contain subjects and short snippets of the user's emails.
  • Telegram FZ-LLC (UAE/global) — delivers digests to users who opt in to the Telegram channel. Receives the digest body, which may contain subjects and short snippets.
  • Stripe, Inc. (USA) — processes subscription payments. Receives only billing data (name, email, payment method); does not receive any Gmail data.
  • Google LLC (USA) — provider of the Gmail API; we authenticate with Google to read the user's emails on the user's behalf.

We do not sell, rent or transfer Gmail data to advertising networks, data brokers or any other party not listed above. We do not use Gmail data, or data derived from Gmail data, to develop, improve or train generalized AI/ML models. International transfers outside the EU rely on Standard Contractual Clauses or equivalent legal safeguards.

6. Data security

  • OAuth tokens encrypted with AES-256-GCM
  • Passwords protected with scrypt hash
  • HTTPS connections with Let's Encrypt certificates
  • PostgreSQL database with access limited to internal Docker network

7. Data retention

Account data is retained until account deletion. Digest history is retained for 12 months. OAuth tokens can be revoked by the user at any time by removing the Gmail account from the dashboard.

8. User rights

In compliance with GDPR, the user has the right to:

  • Access: request a copy of their data
  • Rectification: correct inaccurate data
  • Deletion: request removal of the account and all associated data
  • Portability: export their data in a readable format
  • Revoke consent: revoke Gmail access at any time

9. Cookies

We use a single technical cookie (md_session) to maintain the login session. We do not use tracking or third-party cookies.

10. Contact

For privacy questions or to exercise your rights, contact: privacy@maildigest.ai