Privacy Policy

Last updated: March 10, 2026

1. Introduction

Attaché AI ("Attaché," "we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Data: Your name, email address, and Google account information when you sign in via Google OAuth.
  • Email Data: Email metadata (subject lines, sender/recipient addresses, thread IDs, timestamps) accessed through the Gmail API to provide inbox triage and outreach functionality.
  • Prospect Data: Information from Google Sheets you link to the Service, including names, email addresses, company names, and other prospect details.
  • Draft Content: Email drafts generated by or edited within the Service.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, including features used, actions taken, and timestamps.
  • Device & Browser Data: Browser type, operating system, IP address, and device identifiers.
  • Cookies & Local Storage: Session tokens and preferences stored in your browser to maintain your authenticated state.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To classify and triage your emails, generate AI-powered email drafts, manage outreach campaigns, and provide real-time notifications.
  • Personalization: To research prospects and craft personalized outreach based on the data you provide.
  • Authentication: To verify your identity and maintain secure access to your account.
  • Improvement: To analyze usage patterns and improve the Service's features, performance, and user experience.
  • Communication: To send you service-related announcements, updates, and support responses.

4. Google API Data & Limited Use Disclosure

Attaché's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to the Gmail and Google Sheets scopes necessary to provide the Service's core functionality.
  • We do not use Google user data for serving advertisements.
  • We do not sell Google user data to third parties.
  • We do not use Google user data for purposes unrelated to the Service.
  • Human access to Google user data is limited to what is necessary for security, compliance, or legal obligations, or with the user's affirmative consent.

5. Data Storage & Security

We store classification metadata, usage statistics, and account settings in Google Cloud Firestore. OAuth tokens are encrypted and stored securely. Email body content is not permanently stored on our servers — it is fetched in real-time from the Gmail API and processed transiently.

We implement industry-standard security measures including HTTPS encryption in transit, secure credential storage, and access controls. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. AI Processing

We use Google's Gemini AI models to analyze email content and generate drafts. Email content is sent to the AI model for processing and is subject to Google's AI terms of service. AI-generated content is provided as suggestions and should be reviewed before sending.

7. Data Sharing & Third Parties

We do not sell your personal information. We may share data with:

  • Google Cloud Platform: For hosting, data storage (Firestore), and AI processing (Gemini).
  • Google APIs: Gmail API and Google Sheets API to provide core functionality.
  • Legal Compliance: If required by law, regulation, legal process, or governmental request.

8. Data Retention

We retain your account data and classification metadata for as long as your account is active. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your data from our systems within 30 days, except where retention is required by law.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing.
  • Export your data in a portable format.
  • Revoke Attaché's access to your Google account at any time via your Google Account permissions.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: mathai@thefluency.app