Privacy & Data Use

We only index email headers (From, To, Subject, Date, List-Unsubscribe, List-Unsubscribe-Post, DKIM-Signature, Authentication-Results). We do not store or process email bodies.

• Gmail scopes: gmail.metadata (preferred) or gmail.readonly for header indexing.
• Microsoft Graph scope: Mail.Read for header indexing.
• Tokens are encrypted at rest using AES-256-GCM and stored in Supabase Postgres.
• You can disconnect your mailbox at any time.
• We respect RFC 8058 one-click unsubscribe where provided by senders.

For production, ensure your Google app is verified for restricted scopes if applicable, and maintain a clear, public privacy policy.