Privacy Policy for Octosh LLC

Last updated on 03/31/2025

We're a small team building a tool to help you manage your emails better. This privacy policy explains in simple terms how we handle your information. Since we're still in early stages with just a few users, some processes mentioned here may be handled manually rather than through automated systems.

1. How We Access Your Emails

Google Login

  • When you sign in, Google will show you exactly what we're asking permission to access
  • We request specific Google API scopes including 'gmail.readonly' and 'profile' to read your emails and basic profile information
  • You'll need to approve these permissions before we can help organize your emails
  • After you approve, Google provides us with access tokens and refresh tokens
  • Access tokens are temporary and allow us to read your emails for a short time
  • Refresh tokens are long-term and let us get new access tokens when needed
  • These tokens are stored securely in our Supabase database with Row Level Security (RLS) protection
  • We never see or store your Google password
  • You can revoke our access at any time through your Google Account settings (https://myaccount.google.com/permissions)

For security, we handle token refreshing through a dedicated secure service (AWS Lambda). This way, your long-term refresh tokens stay protected in our database and aren't exposed to your browser.

We use Supabase as our authentication infrastructure provider to manage the OAuth flow securely. Supabase handles the technical aspects of the authentication process while Google remains the identity provider you interact with.

AI Technology

We use Google's Gemini AI to help suggest email replies. This AI helps us understand your emails so we can offer appropriate reply suggestions that you can choose to use. We never send replies automatically or on your behalf - you always review and choose which suggestions to use, if any.

How We Process Your Emails

  • We store some of your email data on our secure servers to provide our service
  • This helps us work faster by avoiding too many requests to Gmail and quickly finding similar emails when creating reply suggestions for you
  • When we use AI to analyze your emails, your data is kept private and encrypted
  • We do not use your emails to train AI models - your data is only used to provide the service you signed up for
  • Google's AI (Gemini), which we use to provide our service, does not keep or use your emails to improve its own systems
  • We explicitly affirm that Google Workspace APIs data is not used to develop, improve, or train generalized/non-personalized AI and/or ML models
  • You remain in control of your data and can request its deletion at any time

2. What We Store in Your Browser

Our Chrome extension stores only what's needed to keep you logged in:

  • Login tokens that verify your identity
  • These remain in your browser until you clear your browser data or remove our extension

3. Information We Collect

Usage Information

  • We collect basic information about how you use our service through a service called Langfuse
  • This helps us understand if our AI is giving helpful responses
  • We use this information only to improve our service
  • We don't sell this information or use it for advertising

Payment Information

  • Our subscription service offers a two-week free trial
  • Processes payments securely
  • Only stores information needed to manage your subscription

4. Your Rights

You can:

  • See what information we have about you
  • Ask us to correct any mistakes
  • Request that we delete your information

Since we're a small team, these requests are handled manually. To make any of these requests, email us at octosh.com@gmail.com and we'll respond as soon as we can.

Uninstalling our extension doesn't automatically delete your data from our servers. For that, you'll need to contact us directly.

5. How We Keep Your Information Safe

We take several steps to protect your information:

  • Secure login through Google
  • Protection controls on our database
  • Encryption when your data is being transferred or stored

6. Other Services We Use

Our service works with:

  • Google (for login and accessing your emails)
  • Supabase (for authentication infrastructure and secure data storage)
  • AWS (for processing your emails)
  • Langfuse (for understanding how our service is performing)
  • Stripe (for handling payments)

7. Age Restrictions

Our service isn't meant for children under 13, and we don't knowingly collect their information.

8. International Data

Your information may be stored on servers located in different countries, which may have different privacy laws than where you live.

9. Contact Us

Have questions? Reach out to us:

Octosh LLC
octosh.com@gmail.com

10. Changes to This Policy

As our small project grows, this policy may change. We'll post updates on our website and in the extension. The date at the top of this page shows when we last updated it.