Privacy Policy

PRIVACY POLICY - INKWELL AI GMAIL ASSISTANT CHROME EXTENSION

Last Updated: January 25, 2026

1. INFORMATION WE COLLECT

Inkwell AI collects data through the following methods:

Account Information

  • Email Address: Used for account creation and identification (via Google OAuth)

  • Google Account: You authenticate through Google's OAuth - we do not store your password

  • User Profile: Name and profile picture from your Google Account (optional)

Email Data

  • Email Content: Subject lines, sender information, and message bodies are accessed through Gmail API for AI processing

  • Real-Time Processing: Email content is processed immediately and NOT permanently stored on our servers

  • Message Metadata: Email IDs, timestamps, and label information for threading context

  • Limited Scope: We only access emails you explicitly process through the extension (not your entire mailbox)

Usage Data

  • Feature Usage: Which features you use (summarize, reply, compose, labeling)

  • Daily/Monthly Statistics: Summary count for billing purposes

  • Extension Activity: Timestamps of when features are used

  • Error Logs: Technical errors for improving service quality

Payment Information

  • Stripe Processing: Payment cards are processed directly through Stripe

  • We Never Store: Credit card numbers, full card details, or sensitive payment information

  • Billing Records: Invoice history and subscription status

Gmail API Permissions

We request the following Gmail API scopes:

  • gmail.modify: To read emails, apply labels, and send replies

  • gmail.readonly: To read email content (if applicable)

  • userinfo.email: To identify your email address

  • userinfo.profile: To retrieve basic profile information

2. HOW WE USE YOUR INFORMATION

Core Functionality

  • AI Processing: Your email content is sent to OpenAI's GPT models to generate summaries, replies, and suggestions

  • Real-Time Only: Content is processed immediately and deleted from our servers after response generation

  • Account Management: Email address used to create and manage your account

  • Subscription Billing: Usage statistics determine your plan limits and billing

Service Improvements

  • Analytics: Aggregated usage data helps us improve features

  • Error Fixes: Technical logs help us diagnose and fix issues

  • Feature Development: Understanding which features are used helps prioritize improvements

Communications

  • Account Notifications: Password resets, billing alerts, security notifications

  • Opt-In Updates: Product announcements and feature updates (you can unsubscribe)

3. INFORMATION SHARING AND DISCLOSURE

Third Parties We Share With

OpenAI (GPT AI)

  • What: Email subject, sender, body text sent for AI processing

  • Why: To generate AI responses, summaries, and suggestions

  • Privacy: https://openai.com/privacy

Google (Gmail API)

  • What: Gmail API access requires authentication and permission through Google

  • Why: To read your emails and apply labels through the official Gmail API

  • Privacy: https://policies.google.com/privacy

  • Note: Google's privacy policy governs how Google handles API access

Stripe (Payment Processing)

  • What: Payment information (processed but not stored by us)

  • Why: To process subscription payments securely

  • Privacy: https://stripe.com/privacy

What We Do NOT Do

  • We do NOT sell your data to advertisers

  • We do NOT sell your email content to data brokers

  • We do NOT share your data with marketing companies

  • We do NOT trade or rent your personal information

Legal Requirements

We may disclose information if required by law (court order, government request, etc.), but will notify you when legally permitted.

4. DATA SECURITY

Technical Measures

  • OAuth Authentication: You authenticate through Google (we never see your password)

  • HTTPS Encryption: All data in transit is encrypted using TLS/SSL

  • Server Security:

    • Secure token storage with encryption

    • Regular security audits

    • Limited staff access to production data

    • Automatic backups with encryption

Email Content Handling

  • No Permanent Storage: Email content is processed in real-time and immediately deleted

  • No Caching: We don't cache email bodies on our servers

  • Transient Processing: Content exists only during API call to OpenAI

API Access

  • Revocable: You can revoke Inkwell's access to Gmail at any time through Google Account settings

  • Scope Limited: We request only necessary permissions

  • Token Management: Access tokens are securely stored and regularly rotated

5. YOUR RIGHTS AND CHOICES

Access and Control

  • View Your Data: You can request a copy of all data we have about you

  • Correct Information: You can update your account information anytime

  • Delete Your Account: You can delete your account and all associated data

  • Revoke Access: Revoke Gmail API access from your Google Account settings anytime

Marketing Preferences

  • Opt-Out: Unsubscribe from non-essential emails in your account settings

  • Marketing Communications: We don't share your data for third-party marketing

Data Portability

  • Export Data: Request your account data in standard formats

  • Portability: Move your data to another service if needed

6. DATA RETENTION

Active Accounts

  • Account Data: Retained while your account is active

  • Usage Statistics: Kept for billing and service improvement

Deleted Accounts

  • Immediate Deletion: Account data deleted within 30 days of account deletion request

  • Backup Retention: Automated backups may contain data for up to 90 days

  • Email Content: Deleted immediately after processing

Legal Requirements

  • We may retain data if required by law (financial records, legal disputes, etc.)

7. THIRD-PARTY INTEGRATIONS

Gmail API (Google)

  • Provider: Google LLC

  • Purpose: Access to your Gmail account

  • Privacy: https://policies.google.com/privacy

  • Your Control: Manage permissions at https://myaccount.google.com/permissions

OpenAI (GPT AI)

  • Provider: OpenAI

  • Purpose: AI-powered email processing

  • Data Sent: Email subject, sender, and body

  • Privacy: https://openai.com/privacy

  • Retention: Email content not permanently stored per OpenAI's data usage policy

Stripe (Payment Processing)

  • Provider: Stripe, Inc.

  • Purpose: Secure payment processing

  • Data Sent: Payment information (processed but not stored by us)

  • Privacy: https://stripe.com/privacy

Chrome Web Store (Google)

  • Provider: Google

  • Purpose: Extension distribution and review

  • Privacy: https://policies.google.com/privacy

8. CHILDREN'S PRIVACY

  • Not for Children: Inkwell AI is not designed for users under 13 years old

  • COPPA Compliance: We do not knowingly collect information from children under 13

  • Parental Concern: If you believe we collected data from a child under 13, contact us immediately

9. INTERNATIONAL USERS

Data Transfer

  • Processing Location: Data may be processed in Canada, United States, or other countries

  • Standard Contractual Clauses: We maintain compliance with GDPR and CCPA

  • GDPR Compliance: If in EU, you have additional rights (access, erasure, portability, objection)

Regional Rights

  • Canada: Privacy Act and PIPEDA compliance

  • US (California): CCPA/CPRA rights (access, deletion, opt-out)

  • EU: GDPR rights (access, rectification, erasure, data portability, objection)

10. CHANGES TO THIS POLICY

  • Updates: We may update this policy to reflect changes in our services or legal requirements

  • Notification: Material changes will be posted on this page with an updated date

  • Continued Use: Using the extension after changes constitutes acceptance of the updated policy

11. CONTACT US

Support

  • Email: ceosmartresponces@gmail.com

  • Response Time: Within 24 hours for general inquiries

  • Priority Support: Premium subscribers receive priority support

Data Requests

  • Access Requests: Submit data access requests to the email above

  • GDPR/CCPA: Include "Data Request" in subject line for formal legal requests

  • Processing Time: Up to 30 days for formal requests

Privacy Concerns

  • Report Issues: Email ceosmartresponces@gmail.com with detailed description

  • Escalation: Include "Privacy Concern" in subject for urgent review

12. KEY CHANGES FROM PREVIOUS VERSION

Updated to reflect Gmail API integration:

  • Removed password collection (now using Google OAuth)

  • Replaced DOM scraping with official Gmail API

  • Added Gmail API permissions and scopes

  • Clarified real-time processing (no permanent email storage)

  • Added Google OAuth and token security details

  • Improved transparency about third-party data sharing

  • Added international compliance information (GDPR, CCPA)

13. ADDITIONAL TECHNICAL INFORMATION

How Emails Are Processed

  1. You initiate: Click summarize, reply, or compose in the extension

  2. API access: Extension uses your Gmail API token to fetch email

  3. AI processing: Email sent to OpenAI GPT for processing

  4. Response generated: AI returns response to extension

  5. Immediate deletion: Email content deleted from our servers

  6. User action: You decide whether to send/use the response

What We DON'T Store

  • Your email bodies

  • Your email addresses (except account email)

  • Your password

  • Your Gmail data

  • Your generated responses (unless you choose to send them)

What IS Stored

  • Your account email (for identification)

  • Your account name (from Google profile)

  • Usage statistics (count of features used)

  • Subscription status

  • Access tokens (encrypted)

Questions about this policy? Contact: ceosmartresponces@gmail.com