✉ Secretary

Legal

Privacy Policy

This policy applies specifically to Secretary and explains what Google user data and other information the app accesses, how that data is used, when it is shared, how long it is kept, and how users can request deletion.

About Secretary

Secretary is the Gmail triage application available on this website. It connects to a user's Google account so the user can review inbox messages, archive them, unsubscribe, and prepare reply drafts with AI assistance. The service processes Google user data only to provide or improve the visible, user-facing features of Secretary.

By connecting a Google account, entering an OpenAI API key, or using Secretary, you instruct the app to process the information described below to provide the features you requested.

Google User Data and Other Information Collected

  • Basic Google account information from Sign-In, such as your email address, profile name, and profile identifier.
  • Google OAuth tokens required to authenticate you and access Gmail on your behalf.
  • Gmail message data needed to run Secretary's features, including sender and recipient details, subject lines, snippets, message bodies, thread identifiers, labels, timestamps, attachment filenames, and list-unsubscribe headers when present.
  • The OpenAI API key you provide in settings, which is stored encrypted and used only to make OpenAI API calls for your account.
  • User settings such as prompts, selected models, name, and HTML signature.
  • Temporary working copies of inbox messages needed to show your inbox in the app and process the actions you trigger.
  • Session and short-lived cache data used for login state, linked-account switching, CSRF protection, and temporary skip-memory behavior.
  • Standard server logs and security logs needed to operate, debug, and protect the service.

How Google User Data Is Used

Secretary uses Google user data only to provide features that are visible and prominent in the application interface. This includes signing you in, fetching your inbox view, displaying messages, suggesting actions, generating reply drafts, sending replies you explicitly confirm, archiving messages, marking messages as spam, and reading unsubscribe headers when you ask the app to unsubscribe.

Secretary does not sell Google user data, does not use Google user data for advertising, does not use Google user data to build data broker datasets or generalized profiles, and does not use Google user data to train generalized AI or machine-learning models.

Important: AI classification and drafting require sending relevant email content to OpenAI using the API key you provide. This happens server-side only when needed to deliver the feature you requested. If you do not provide an OpenAI API key, those AI features will not run.

Sharing and Third Parties

Your data is shared only with service providers required to operate the product or complete the features you request:

  • Google, to authenticate your account and carry out Gmail actions.
  • OpenAI, when you enable AI features by supplying your own API key and ask the app to classify messages or draft replies.
  • Hosting, infrastructure, logging, backup, and security providers to the extent reasonably necessary to operate the service.

Data is not sold. Data is not shared with advertisers. Google user data is not transferred to third parties except as needed to provide or secure Secretary's user-facing functionality, comply with law, or respond to a support request you initiated and consented to.

Retention and Deletion

  • Temporary inbox copies stored by the app are operational data and are replaced or removed during normal use. They are not intended to be a permanent archive.
  • OAuth tokens, settings, and the encrypted OpenAI API key are retained while your account remains active in the service or until they are updated or removed.
  • Linked-account session data and temporary cache entries are retained only as long as required for those session features.
  • Logs may remain in backups or operational systems for a limited period consistent with maintenance, security, and recovery needs.

You can stop using Secretary at any time, revoke Google access in your Google account permissions, or request deletion of stored account data by emailing secretary@xaviesteve.com.

Security

The service uses reasonable technical and organizational safeguards intended to protect user data in transit and at rest. OAuth tokens and OpenAI API keys are stored encrypted within the application. Access is limited to what is required to operate and secure the product.

No internet-connected system is perfectly secure, so absolute security cannot be guaranteed.

Your Choices

  • You can stop using the app at any time.
  • You can revoke the app's Google access from your Google account permissions.
  • You can remove or rotate your OpenAI API key in the app settings.
  • You can request deletion of stored account data by emailing secretary@xaviesteve.com.

Policy Changes

This policy may be updated if Secretary's data practices or features change. The current version will remain available on this page, and material updates will be reflected here before new processing practices take effect.

Contact

For privacy questions, access requests, or deletion requests related to Secretary, email secretary@xaviesteve.com.