MailDigest AIMailDigest AI
Last updated: March 2026

Privacy Policy

1. Who we are

MailDigest AI is a SaaS service that generates intelligent email summaries through artificial intelligence. The service is provided by MailDigest AI ("we", "our").

2. Data we collect

We collect the following data:

  • Account data: name, email address, password (cryptographic hash, never stored in plain text)
  • Gmail OAuth tokens: encrypted with AES-256-GCM, used exclusively to read the user's emails
  • Email content: temporarily processed in memory by AI to generate the digest, not permanently stored
  • Preferences: digest schedules, language, delivery channels, grouping contexts
  • Digest history: generated summaries, timestamps, usage statistics

3. How we use the data

Data is used exclusively for:

  • Generating email digests according to user preferences
  • Classifying emails by priority (urgent, follow-up, informational)
  • Delivering digests through chosen channels (email, Telegram)
  • Improving the service and providing user statistics

We do not sell, share, or use email data for advertising.

4. Gmail data processing

Access to Gmail data is limited to the <code>gmail.readonly</code> scope. Email content is:

  • Read via Gmail API at the time of digest generation
  • Sent to the AI model (Claude by Anthropic) for classification and summarization
  • Processed in memory and not permanently stored
  • Never shared with third parties for purposes other than digest generation

The use of Gmail data complies with the Google API Services User Data Policy, including Limited Use requirements.

5. Data security

  • OAuth tokens encrypted with AES-256-GCM
  • Passwords protected with scrypt hash
  • HTTPS connections with Let's Encrypt certificates
  • PostgreSQL database with access limited to internal Docker network

6. Data retention

Account data is retained until account deletion. Digest history is retained for 12 months. OAuth tokens can be revoked by the user at any time by removing the Gmail account from the dashboard.

7. User rights

In compliance with GDPR, the user has the right to:

  • Access: request a copy of their data
  • Rectification: correct inaccurate data
  • Deletion: request removal of the account and all associated data
  • Portability: export their data in a readable format
  • Revoke consent: revoke Gmail access at any time

8. Cookies

We use a single technical cookie (md_session) to maintain the login session. We do not use tracking or third-party cookies.

9. Contact

For privacy questions or to exercise your rights, contact: [email protected]