Privacy Policy

1. Introduction

This Privacy Policy explains how the Gmail Voice Agent ("we," "our," or "the Service") collects, uses, and protects your information when you use our voice-activated email assistant. The Gmail Voice Agent is designed to provide hands-free interaction with your Gmail account through natural language conversation.

2. Information We Collect

2.1 Account Information

We access your Gmail account using OAuth 2.0 authentication in compliance with Google's security protocols.

2.2 Email Data

When you use our Service, we process information from your Gmail account to perform functions you request, such as reading unread messages, composing emails, suggesting replies, searching your inbox, organizing emails, extracting meeting details, and providing notifications. This includes access to email headers and, when necessary for specific functions, email content.

2.3 Voice Data

We collect and process audio recordings of your voice commands to enable speech recognition functionality. By default, voice recordings are processed in real-time and are not stored beyond the time needed to process your request.

2.4 Usage Information

We collect data about how you interact with the Service, including commands used, features accessed, and performance metrics to improve functionality.

3. How We Use Your Information

We use your information to:

  • Provide the core functionality of the Service, including reading, composing, managing, and searching Gmail messages
  • Maintain and improve the accuracy of speech recognition and natural language understanding
  • Personalize your experience based on your preferences and usage patterns
  • Generate appropriate responses to your voice commands
  • Debug issues and optimize performance
  • Ensure compliance with our service level objectives and security standards

4. Data Storage and Security

Our Service implements industry-standard security measures to protect your information:

  • OAuth 2.0 PKCE authorization for secure access to your Gmail account
  • AES-256 encryption for stored refresh tokens
  • Structured data minimization principles: we store email IDs and headers but not email body content unless explicitly required for a feature you've requested
  • Transient audio buffers held in memory only during processing
  • Secure storage of metadata in PostgreSQL for user preferences and redacted conversation logs
  • Secrets management via HashiCorp Vault with KMS encryption

5. Data Retention

By default, voice recordings are not retained after processing your request is complete. We maintain logs of interactions with our Service for troubleshooting and improvement purposes, but these logs do not include the audio of your voice commands unless you have explicitly opted in to our quality improvement program.

6. Sharing Your Information

We do not sell your personal information to third parties. We may share limited information with:

  • Service providers who help us deliver specific components of our Service, such as speech recognition or text-to-speech services
  • Google, as necessary to integrate with Gmail API services
  • Law enforcement when required by law

All third-party service providers are contractually obligated to use your information solely for providing services to us and in compliance with this Privacy Policy.

7. Your Rights and Choices

You can control your data through the following options:

  • Enable or disable wake word functionality
  • Adjust notification settings and rules
  • Opt in or out of quality improvement programs that involve storing voice recordings
  • Select language preferences
  • Revoke access to your Gmail account at any time
  • Request a copy of your data, correction of inaccurate data, or deletion of your data in accordance with applicable privacy laws

8. Children's Privacy

Our Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete this information promptly.

9. International Data Transfers

If you use our Service from a location outside the United States, your information may be transferred to and maintained on servers located in the United States or other countries. We implement appropriate safeguards for cross-border transfers as required by applicable law.

10. Compliance with Regulations

Our Service is designed to comply with applicable privacy regulations including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Google API Services User Data Policy

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website and, where appropriate, via email. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Product
Features
Docs
Pricing
Company
About
Blog
Jobs
Resources
Contact
Privacy PolicyTerms of Service
Terms of ServicePrivacy Policy
Report Abuse
©2025 Brandish. All rights reserved.
100 S Murphy Ave
STE 200 PMB4024
Sunnyvale, CA 94086
US