Privacy Policy

Last updated: June 09, 2025

Our Commitment to Privacy

At vAI Email, we believe that privacy is a fundamental right. Our email solution is built with privacy at its core, and we're committed to being transparent about how we handle your data.

Important: vAI Email is a client-only email application. We DO NOT store your emails on our servers. All email data is processed directly between your browser and Gmail.

Our verified privacy commitments:

  • vAI Email Storage: We never store your emails - they remain in your Gmail account
  • Client-Side Processing: All email processing happens in your browser
  • Built on Open Source: vAI Email is built on the open source Zerodotemail platform
  • Minimal Data: We only request essential Gmail and Google Calendar API permissions
  • User Control: You can revoke our access to your Gmail at any time

Google Account Integration

When you use vAI Email with your Google Account:

  • We request access to your Gmail data only after receiving your explicit consent
  • We access only the necessary Gmail and Google Calendar API scopes required for email and calendar functionality
  • Your Google account credentials are never stored on our servers
  • We use secure OAuth 2.0 authentication provided by Google
  • You can revoke our access to your Google account at any time through your Google Account settings

Data Collection and Usage

Google Services Data Handling

  • Email data is processed in accordance with Google API Services User Data Policy
  • We only process and display email data - we don't store copies of your emails
  • All data transmission between our service and Google is encrypted using industry-standard TLS 1.3 protocols
  • We maintain limited temporary caches only as necessary for application functionality, with a maximum retention period of 24 hours
  • Cached data is encrypted at rest using AES-256 encryption
  • We collect basic usage analytics (page views, feature usage) to improve the service, but this data is anonymized
  • Error logs are retained for 30 days to help diagnose and fix issues

Calendar Data Handling

  • Calendar data is processed with the same privacy standards as email data
  • Event information is only accessed when you use the calendar features
  • Appointment detection from emails is processed locally in your browser
  • Calendar events created through vAI Email are stored in your Google Calendar
  • We do not share your calendar data with any third parties

Data Processing Locations

  • All data processing occurs in secure data centers in the United States
  • We comply with international data transfer regulations
  • Data processing agreements are available upon request

Data Protection and Security

Security Measures

  • End-to-end encryption for all email communications using industry-standard protocols
  • Secure OAuth 2.0 authentication for Google services with strict scope limitations
  • Regular security reviews of our codebase
  • Built on the security foundation of Zerodotemail
  • Compliance with Google API Services User Data Policy and security requirements
  • Real-time monitoring for suspicious activities and potential security threats
  • Automated security patches and dependency updates

Infrastructure Security

  • All servers are hosted in SOC 2 Type II certified data centers
  • Network-level security with enterprise-grade firewalls
  • Regular backup and disaster recovery testing
  • Multi-factor authentication required for all administrative access
  • Encryption at rest for all stored data using AES-256

Security Response

  • Prompt security incident response
  • Clear notification procedures for any security issues
  • Continuous security monitoring and updates

Google User Data Handling

Data Access and Usage

  • We access the following Google user data through the Gmail and Google Calendar APIs:
    • Email content and attachments
    • Email metadata (subject, dates, recipients)
    • Labels and folder structure
    • Basic profile information
    • Calendar data (when using calendar features)
  • This data is used exclusively for providing email and calendar functionality within vAI Email
  • No Google user data is used for advertising, marketing, or profiling purposes
  • We maintain detailed audit logs of all data access for security and compliance
  • Access to user data is strictly limited to essential personnel

Data Sharing and Transfer

  • Google user data is never shared with third parties except as required for core service functionality
  • When necessary, we only work with service providers who comply with Google API Services User Data Policy
  • All service providers are bound by strict confidentiality agreements
  • We maintain a current list of all third-party service providers with access to Google user data
  • Data sharing agreements are reviewed annually
  • Users are notified of any material changes to our data sharing practices

Data Retention and Deletion

  • Email data is processed in real-time and not permanently stored
  • Temporary caches are automatically cleared after 24 hours
  • Users can request immediate deletion of their cached data
  • Account deletion process:
    • All user data is immediately marked for deletion
    • Cached data is purged within 24 hours
    • Audit logs are retained for 30 days then permanently deleted
    • Backup data is removed within 7 days
  • We provide a data export tool for users to download their settings

User Rights and Controls

  • Right to access: Request a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Export your data
  • Right to object: Opt-out of certain data processing

Limited Use Disclosure

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Your Rights and Controls

  • Right to revoke access to your Google account at any time
  • Right to request deletion of any cached data
  • Right to export your data
  • Right to lodge complaints about data handling

Contact

For privacy-related questions or concerns:

sumon@vai.email

Updates to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes through our application or website.