Privacy Policy

Last updated: September 14, 2025

Use of Google User Data (Gmail & Calendar)

We use Google APIs to access your Gmail and Google Calendar solely to provide and improve user-facing features of Notenugget (detecting out-of-office replies, preparing follow-up drafts, and creating calendar reminders).

  • No Ads / Marketing: We do not use Google user data for advertising, profiling, or marketing communications.
  • No Selling / No Unnecessary Transfers: We do not sell Google user data. We only share it with service providers acting on our behalf to deliver these features under strict confidentiality and security obligations.
  • Limited Human Access: No human reads Google user data unless you explicitly consent, it’s necessary for security or to comply with law, or to debug an issue at your request.
  • Data Minimization & Retention: We store only the minimum Gmail/Calendar data needed and retain it only as long as necessary to deliver the features. We do not persist email message bodies; content is processed in-memory solely to detect out-of-office (OOO) replies. Drafts and reminders are stored in your Google account; any temporary processing artifacts we create are promptly deleted.
  • User Control: You can disconnect Google access at any time; we will delete any stored Google-sourced data associated with your account.

Google OAuth Scopes We Request

  • https://www.googleapis.com/auth/gmail.readonly — Used to detect OOO replies by subscribing to Gmail push notifications and retrieving message metadata and specific messages needed for detection (e.g., headers, labels, snippet). Email bodies are not stored; processing happens in-memory. Minimal identifiers (e.g., Gmail message/thread IDs) may be stored to prevent duplicates.
  • https://www.googleapis.com/auth/gmail.compose — Used to create drafts and send follow-up emails only after explicit user action (e.g., scheduling or confirming a follow-up). We do not send emails automatically without user consent.
  • https://www.googleapis.com/auth/calendar.events — Used to create and manage calendar events that help track OOO periods and schedule follow-up reminders.

Our use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements. This section governs our handling of Google user data and takes precedence over general statements elsewhere in this policy.

1. Information We Collect

Notenugget collects information to provide and improve our services. This includes:

  • Email metadata (sender, subject, timestamps)
  • Out-of-office message content for processing
  • Calendar event details for follow-up scheduling
  • Account information (name, email, company)
  • Usage data and analytics

We do not persist email message bodies; content is processed in-memory for OOO detection. Minimal metadata and identifiers may be retained temporarily to deliver features and prevent duplicates.

2. How We Use Your Information

We use collected information to:

  • Process out-of-office emails and schedule follow-ups
  • Create calendar reminders and email drafts
  • Improve our detection algorithms and services
  • Provide customer support
  • Send service updates and notifications

Data Retention

We retain only what’s needed to deliver the service:

  • Gmail/Calendar metadata: Minimal identifiers (e.g., message/thread IDs, sender, subject, timestamps, label IDs, detection status) for up to 30 days to support OOO detection and prevent duplicates.
  • Email bodies: Not stored; processed in-memory only.
  • Drafts and reminders: Stored in your Google account.
  • Temporary processing artifacts: Deleted promptly after use.

3. Data Security

We implement industry-standard security measures to protect your data:

  • 256-bit encryption for data in transit and at rest
  • SOC 2 Type II certified infrastructure
  • Regular security audits and penetration testing
  • Strict access controls and monitoring
  • GDPR and CCPA compliant data handling

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

  • Service providers who assist in our operations
  • Legal authorities when required by law
  • Successor entities in case of merger or acquisition

5. Your Rights

You have the right to:

  • Access your personal data
  • Request data correction or deletion
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Lodge a complaint with supervisory authorities

6. Contact Us

For privacy-related questions or requests, contact us at:

support@intake44.com