Privacy Policy

Email Assistant

This Privacy Policy explains how Email Assistant, an application developed and published by AI Lab (the "developer", "we", "us", "our"), collects, uses, stores, and shares information when you connect mailboxes, generate reply drafts, manage mailbox knowledge documents, and use subscription features on macOS, iPhone, iPad, and Apple Vision Pro.

Effective date: May 4, 2026 Developer: AI Lab Contact: support@ai-lab.com.au Applies to Email Assistant on macOS, iPhone, iPad, Apple Vision Pro
Email Assistant does not automatically send emails. It can create reply drafts and, if you enable the relevant setting, it can automatically generate and save drafts to your mailbox.

Summary

  • Email Assistant connects to Gmail, Outlook, and other IMAP/SMTP accounts that you choose to add.
  • OAuth access tokens are stored locally in the platform Keychain.
  • The Gmail OAuth scopes requested are openid, email, profile, gmail.readonly, and gmail.compose.
  • The app stores connected account details, settings, polling state, and draft metadata locally on your device.
  • When you generate a reply or use knowledge base features, relevant data is sent to Firebase-hosted backend functions, which then call OpenAI on the server side.
  • Mailbox knowledge documents you upload or export may be stored in a mailbox-specific OpenAI vector store and linked through Firebase Firestore.
  • Subscription purchases are handled through Apple StoreKit.
  • Some builds may send limited usage analytics events through Firebase Analytics.
  • We do not sell Google user data or use it for advertising, credit decisions, lending, or AI model training.

Google User Data

Email Assistant uses Google user data only to provide and improve user-facing mailbox, draft, and knowledge-base features in Email Assistant. The app's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google data accessed

  • Google account identity data, including your email address, display name, and stable Google user identifier.
  • Gmail profile data, including the connected Gmail address.
  • Gmail message and thread metadata, including sender, recipient, subject, snippet, timestamp, message ID, thread ID, labels needed to identify drafts, unread state, and related header values.
  • Gmail message content from inbox threads you open, generate replies for, or export into a mailbox knowledge base, including supported inline image attachments when available.
  • Gmail draft data, including draft identifiers and generated draft content that you save, send, or delete through the app.
  • Google OAuth tokens needed to keep the mailbox connection active until you disconnect the account or revoke access.

Why Google data is requested

Email Assistant requests the following Google OAuth scopes, and each is used only for the user-facing purpose described next to it:

  • openid, https://www.googleapis.com/auth/userinfo.email, and https://www.googleapis.com/auth/userinfo.profile — identify the Google account you chose to connect, display your email and name in the mailbox picker, and derive a stable mailbox ownership key so the correct knowledge base is used for that mailbox.
  • https://www.googleapis.com/auth/gmail.readonly — show your inbox, open selected threads, read the message content needed for reply drafting, and optionally export selected thread content into a mailbox knowledge base that you control.
  • https://www.googleapis.com/auth/gmail.compose — create reply drafts in the correct Gmail thread and manage drafts you choose to send or delete from within Email Assistant. Email Assistant never sends messages automatically.

Limited Use commitments

  • We do not sell, rent, or trade Google user data.
  • We do not use Google user data for targeted advertising, retargeting, personalized advertising, interest-based advertising, credit-worthiness, or lending purposes.
  • We do not use Google user data to train generalized AI or machine-learning models.
  • We do not transfer Google user data to data brokers, information resellers, or advertising platforms.
  • Humans do not read Google user data unless you ask for support involving specific data, it is necessary for security or abuse investigation, or it is required by law.

Information We Collect

1. Account and sign-in information

When you connect a mailbox, the app receives account information from Google or Microsoft such as your email address, display name, mailbox provider, and OAuth tokens needed to access the mailbox features you authorize.

2. Mailbox content and metadata

To show your inbox, thread view, and drafts, the app processes message metadata and content such as sender and recipient details, subject lines, snippets, message bodies, timestamps, message identifiers, thread history, unread state, and draft identifiers.

When you request AI reply generation, the app may send a limited representation of the relevant thread to the backend, including the latest message text, a portion of earlier thread history, sender details, your reply goal, your saved writing preferences, and supported inline image attachments from the latest message when available.

3. Knowledge base documents

If you upload files or export inbox threads into the knowledge base, the app processes the file content, filename, mailbox account identifier, and related thread metadata. Approved knowledge documents may be stored for later retrieval when generating future replies for that mailbox.

4. Local settings and app state

The app stores local settings and state including connected accounts, polling interval, auto-draft preferences, user writing preferences, seen message history, new message markers, and generated draft metadata such as subject, body, confidence score, and timestamps.

5. Subscription and purchase information

The app checks subscription entitlements and product identifiers through Apple StoreKit to determine access to mailbox and knowledge base limits. Payment processing is handled by Apple.

6. Limited analytics

Some builds may include limited Firebase Analytics usage events, such as a reply-generation event with fields like mailbox provider, whether a goal was supplied, and a confidence value. The app code does not send full email body text through this analytics event.

How We Use Information

  • To authenticate you with Google and Microsoft and maintain mailbox access.
  • To fetch inbox threads, render message content, create drafts, and save drafts back to your mailbox.
  • To generate AI-assisted reply suggestions based on the thread you selected and the preferences you saved.
  • To maintain a mailbox-specific knowledge base that can improve future reply suggestions.
  • To operate subscription gating, enforce product limits, and restore purchases.
  • To monitor app behavior at a limited level where analytics is enabled.
  • To protect the service, diagnose failures, and improve reliability.
  • To improve user-facing Email Assistant features, such as draft quality, mailbox routing, and knowledge-base retrieval.

How Information Is Shared

Email Assistant shares information only as needed to operate the app’s features.

  • Google: for Gmail OAuth and Gmail API access.
  • Microsoft: for Outlook OAuth and Microsoft Graph access.
  • Firebase Authentication: to authenticate the app before backend calls.
  • Firebase Functions: to receive reply-generation and knowledge-base requests.
  • Firebase Firestore: to store mailbox-to-vector-store mappings for knowledge base features.
  • OpenAI: to generate reply suggestions and power mailbox knowledge retrieval through the backend.
  • Apple: to process in-app subscriptions through StoreKit.

We do not sell your personal information, and the app is designed so the OpenAI API key stays on the server and is not returned to the client app.

Google user data is transferred to Firebase-hosted backend functions and OpenAI only when needed to provide user-facing reply generation, draft creation, mailbox ownership verification, and knowledge-base retrieval features. Google user data is not transferred for advertising, resale, credit, lending, or generalized AI model training.

Storage, Retention, and Deletion

On your device

  • OAuth tokens are stored in the platform Keychain for as long as the mailbox remains connected.
  • Connected account data, settings, polling state, and draft metadata are stored locally in the app’s Application Support files.
  • Generated draft text may remain in local app state so the app can show draft continuity and saved-draft status.
  • Reply-generation requests sent to the backend are processed in-memory to produce a draft and are not retained as request logs tied to your identity beyond short-lived operational logs used for debugging and abuse prevention.

On backend services

  • Reply-generation requests are processed through Firebase-hosted callable functions. Google user data sent in a reply request is used to produce the draft and is not persisted after the request completes, except for the knowledge-base documents you explicitly export below.
  • Knowledge-base documents you upload or export are stored in mailbox-scoped OpenAI vector stores and retained until you delete them, delete the mailbox knowledge base, or the linked subscription entitlement ends.
  • Mailbox-to-vector-store mappings, subscription linkage records, and mailbox ownership identifiers may be stored in Firebase Firestore while the knowledge base exists.
  • Subscription receipts received from Apple are retained for as long as the subscription is active or required for fraud and refund investigation.

How to delete your data

  • Disconnect a mailbox from inside the app. This removes the locally stored token, account settings, and poll-state data for that account from the device.
  • Delete the knowledge base from inside the app. Open the mailbox’s knowledge base and delete individual documents or clear it entirely. This removes the mailbox’s OpenAI vector store content and its Firestore mapping.
  • Revoke Email Assistant’s Google access. Visit myaccount.google.com/permissions and remove Email Assistant. Revocation prevents future Gmail API access unless you reconnect the account.
  • Request full backend deletion by email. Send a request to support@ai-lab.com.au from the email address associated with the mailbox you connected. We will delete the associated vector stores, Firestore records, and subscription linkage records within 30 days and confirm completion by email.
  • Generated Gmail drafts remain in your Gmail Drafts folder until you send or delete them in Email Assistant or Gmail; Email Assistant does not delete drafts on your behalf without your action.

Your Choices

  • You can choose whether to connect Gmail, Outlook, or any IMAP/SMTP mailbox (or any combination).
  • You can disconnect accounts from within the app.
  • You can revoke Google OAuth access from your Google Account permissions page.
  • You can decide whether to use AI reply generation.
  • You can disable automatic draft generation and saving in Settings.
  • You can upload, refresh, delete individual knowledge documents, or delete a mailbox knowledge base.
  • You can manage or cancel subscriptions through Apple.

Security

Email Assistant uses platform and service controls such as Keychain storage for OAuth tokens and server-side handling of the OpenAI API key through Firebase Functions secrets. Backend calls use HTTPS, and mailbox-scoped backend actions verify mailbox ownership with the selected Gmail or Outlook access token, or by verifying IMAP login with the supplied credentials, before using mailbox knowledge resources. No security measure is perfect, and you should avoid using the app for highly sensitive or regulated workflows unless you have independently assessed whether the current deployment is appropriate for that use.

International Data Transfers

Because Email Assistant relies on cloud providers such as Google, Microsoft, Firebase, OpenAI, and Apple, information may be processed on servers located outside your country or region.

Children’s Privacy

Email Assistant is not directed to children under 13, and it is not intended for use by children.

Changes to This Policy

This Privacy Policy may be updated from time to time. When it is updated, the new version will be published at this URL with a revised effective date shown at the top of the page. Material changes that affect how Google user data is accessed, used, stored, or shared will be highlighted in the app or communicated by email to the address associated with your connected mailbox before the change takes effect.

Contact

Email Assistant is developed and published by AI Lab. For privacy questions, data-access requests, or data-deletion requests, contact us at:

We typically respond within 2 business days (Australian Eastern Time). Please include the email address associated with the mailbox you connected so we can locate the relevant records.

© 2026 AI Lab

Email Assistant Privacy Policy