Back to Home

Privacy Policy

Last updated: November 22, 2025

Introduction

Email Ferret ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service to filter AI BDR spam from your Gmail account.

Information We Collect

Gmail Data

When you connect your Gmail account, we access the following information with your explicit consent:

  • Email messages and their metadata (sender, subject, date, headers)
  • Message content and snippets for analysis
  • Email labels and label management
  • Authentication tokens (stored securely and encrypted)

Account Information

We collect basic account information including:

  • Email address
  • Subscription tier and status
  • Usage metrics (emails processed, labels created)
  • Allowlist entries (trusted senders and domains)

How We Use Your Information

Email Analysis

We use your email data exclusively to:

  • Determine if emails are from known contacts or spam: We analyze sender information, email headers, and content patterns to identify AI BDR outreach and spam emails.
  • Create and manage labels: We create Gmail labels (such as ".AI-Spam") to help you organize your inbox.
  • Apply labels to messages: We automatically apply labels to emails that match our spam detection criteria.
  • Archive emails (if configured): If you enable this feature in your settings, we may archive emails that are identified as spam. This action moves emails from your inbox to the archive, but does not delete them.

Important:

We will never send emails or reply to emails on your behalf. We do not have permission to send, compose, or reply to any emails. Our service is read-only for email composition and sending purposes.

Google API Data Usage and OAuth Permissions

Email Ferret uses Google APIs to access and process your Gmail data. This section explains what data we access, how we use it, and the permissions we request.

Google API Services We Use

We use the following Google API services to provide our email filtering service:

  • Gmail API: To read email messages, access message metadata (sender, subject, date, headers), and manage Gmail labels
  • Gmail Labels API: To create and manage custom labels for organizing your inbox
  • OAuth2 API: To securely authenticate and authorize access to your Gmail account
  • Userinfo API: To retrieve your Gmail email address for account management

OAuth Scopes and Permissions

We request the following Google OAuth scopes to provide our service:

https://www.googleapis.com/auth/gmail.modify

Allows us to read messages, apply labels, and archive emails (if configured). We do not use this permission to send or reply to emails.

https://www.googleapis.com/auth/gmail.labels

Allows us to create and manage Gmail labels for organizing your inbox.

https://www.googleapis.com/auth/userinfo.email

Allows us to retrieve your Gmail email address to associate your Gmail account with your Email Ferret account.

These permissions are required for our core functionality. You can revoke access at any time through your Google Account settings or by disconnecting your Gmail account in our application.

Gmail Data We Access via Google APIs

When you connect your Gmail account, we access the following information through Google APIs with your explicit consent:

  • Email messages and their full content
  • Message metadata (sender, recipient, subject, date, headers)
  • Email labels and label information
  • Your Gmail email address
  • OAuth tokens (stored securely and encrypted)

How We Use Google API Data

We use Google API data exclusively to provide our email filtering service:

  • Email Analysis: We analyze email content, headers, and metadata to identify AI-generated cold outreach and spam using heuristic scoring algorithms
  • Label Management: We create and apply Gmail labels (such as ".AI-Spam") to help you organize your inbox
  • Email Archiving: If you enable this feature, we may archive emails identified as spam (moves emails from inbox to archive, does not delete them)
  • Account Management: We use your Gmail email address to associate your Gmail account with your Email Ferret account

Google API Services User Data Policy Compliance

Email Ferret's use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only use Google API data to provide our email filtering service
  • Do not use Google API data for advertising purposes
  • Do not sell or share Google API data with third parties
  • Do not use Google API data to create user profiles for advertising
  • Do not use Google API data for any purpose other than providing our service

All Google API data is processed securely and stored in compliance with industry standards. OAuth tokens are encrypted using AES-256-GCM encryption before storage.

Data Storage and Security

Encryption

All Gmail OAuth tokens are encrypted using AES-256-GCM encryption before being stored in our database. We never store your Gmail password.

Data Retention

We retain your account information and allowlist entries for as long as your account is active. Message logs are retained for up to 90 days for service improvement purposes. You can request deletion of your data at any time.

Third-Party Services

We use the following third-party services:

  • Supabase: For secure database storage (hosted on secure infrastructure)
  • Vercel: For application hosting (serverless infrastructure)
  • Stripe: For payment processing (we do not store credit card information)

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share aggregated, anonymized data for service improvement purposes, but this data cannot be used to identify individual users.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Disconnect your Gmail account at any time
  • Export your allowlist data
  • Opt out of data collection (by disconnecting your account)

Children's Privacy

Our service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

support@emailferret.io