Gmail AI Assistant Privacy Policy

Last updated: 01/ 15/ 2025

We, the Apps Record LLC (“us”, “Owner”, “Data Controller”), respect the privacy of our customers (“Customers”) and any user of our websites and other services, including job applicants and others referred to as “Users” or “you” in this privacy policy. This privacy policy (“Privacy Policy”) applies to all Users of our app (“AI Assistant plugin for Gmail”) and our websites “www.appsrecord.com” and any subdomains (collectively referred to as “Websites”), referred to as “Our app”, “our apps”, “the product”, “the app” or “the plugin”.

The content on our websites and the Gmail AI Assistant app’s main functionalities are collectively called the “Services” in this privacy policy. This privacy policy explains the types of data collected by our app. In this privacy policy, the term ‘data’ refers to both the information collected directly from users and the information users grant access to via Gmail when they install the plugin. You agree to the terms outlined in this privacy policy by installing and using this Google Workspace Marketplace Plugin.

Owner and Data Controller

Apps Record LLC

5900 Balcones Drive Ste 8139

Austin, TX 78731

Owner contact email: info@appsrecord.com

Data protection officer: Ziyoda Mirsaidova, ziyoda@appsrecord.com

Types of data we collect

Unless specified otherwise, all data requested by the owner is mandatory and failure to provide this data may make it impossible to offer the services. If we explicitly state that certain data is not compulsory, users may choose not to provide this information without affecting the availability or functioning of the service.

We or third-party service providers engaged with our app use cookies or other tracking tools solely to deliver the service requested by the user.

Personal Data

We collect personal information to provide and improve the functionality of the AI Assistant plugin. This includes:

  • Email Address, Full Name, and Photo URL: Collected through Google account OAuth authentication to identify and personalize your experience.
  • Primary Google Account Email Address: Accessed to link the plugin functionality to your account.
  • Personal data you provide us in email/chat/text messaging or any other free-text entry box, either as part of your account or as part of any use of the services while connecting with other Users, and any personal data you include in an email while using the app or services

We do not access or store your Google passwords. All OAuth-secured data resides within your Google account, except for necessary identification information like your name and email, which we securely store.

Technical Data

This includes your browser type, version, time zone, country, language, device information, and operating system. These details help us optimize the product’s performance.

Usage Data

We collect usage logs to analyze user interactions with the app, improve performance, and troubleshoot issues. This includes detailed logs of actions taken within the app.

Document Uploads

The product stores a user-uploaded knowledge base for the next sessions to provide a service. 

Data from Google 

We collect your email through your permission while installing the app. Refer to the Google Data Handling section in this privacy policy to learn more. 

How we collect data

Through Google Analytics Tracking Services

Google Analytics is a web analytics service offered by Google Inc. (“Google”). It uses collected data to monitor and analyze the usage of our app, generate activity reports, and share this information with other Google services.

 This integration with Google Analytics ensures IP address anonymization by shortening users’ IP addresses within European Union member states or other countries that are part of the European Economic Area. 

In rare cases, the full IP address is transmitted to a Google server and then shortened in the United States.

Personal Data processed: Cookies; Usage Data,

Place of processing: United States – Privacy PolicyOpt Out

Data processing agreement

Through Contact Form (WP Forms)

Our app uses the contact form on the website developed by WP Forms LLC to collect personal data. By filling in the contact form with their Data, the User authorizes BulkSignature to use these details to provide customer service or to answer the inquiry

Personal Data processed: first name, last name, email address

WP Forms Privacy Policy

Through your interaction with the app

The app opens in the right pane of your inbox. You interact with the app by opening the app icon on the right panel. Although the app can access the content of your emails to provide the service to you, we don’t store the content of your emails on our side. The main purpose of the app is to provide the service by protecting your privacy. 

We do however store the knowledge base documents you upload while interacting in the app. This allows us to provide a quality service to you without asking you to upload documents every time. 

 

Google Data Handling

To operate, the product requires specific permissions in Gmail. These are:

See, edit, create, and delete all your Google Docs documents 

The app uses this permission to provide the service to a user, namely, to enable the user to use the knowledge base in responding the emails. The knowledge base uploaded to Google Docs will be used as a context for providing the main functionality of the app. 

We store the knowledge base uploaded by you. 

We do not access or store all your other documents.

Why this permission is needed: to have easy access to the knowledge base. Uploading the knowledge base to Google Docs allows you to make changes to it online. Once you make the changes, the app uses it to provide you with better responses to your emails 

Manage drafts and send emails when you interact with the add-on

The app uses this permission to provide a service. We do not store your email drafts. The app accesses the email drafts only while you are interacting with it. 

We do not store your emails, send your email drafts on your behalf, or share your content with third parties.

View your email message metadata when the add-on is running

This permission is needed to be able to provide a service. This permission is used for getting metadata (subject, recipients…) of current email messages so that the app can better analyze the context and provide a better response.

The app does not store your email messages nor it transfers your messages to any third parties.

Run as a Gmail add-on

This permission enables the app to be able to run as an add-on inside your inbox. While the app operates as an add-on, it does not track your behavior, monitor your email activity, or share any of your data with third parties. 

Connect to an external service

The app connects to OpenAI API as a part of its service, to provide better responses to your emails using the knowledge base. 

The following user data is transferred to the external OpenAI API through your interaction with the app:

  • Email content 
  • Knowledge base 
  • Email Meta Data

The app ensures that all data transfers through the API are conducted using robust and secure methods. By employing industry-standard encryption protocols and advanced security measures, we prioritize the protection of your information at every step, safeguarding it from unauthorized access or misuse. 

The owner does not use or share any user-provided content to train large language models (LLMs). Any data shared by the user remains strictly private and is never utilized for AI training, machine learning purposes, or to enhance any external or internal algorithms. 

Allow this application to run when you are not present

This permission is essential to ensure the app can perform necessary operations, such as processing tasks, syncing data, or executing scheduled actions, without requiring your immediate presence.

View your country, language, and timezone

This permission is essential for personalizing your experience, ensuring that the app provides accurate, localized information and functions seamlessly based on your regional settings

See your primary Google Account email address

This allows the app to identify your account and personalize your experience, such as ensuring proper functionality, syncing data, or providing account-specific features.

See your info, including any personal info you’ve made publicly available

This permission enables the app to identify your account, tailor its features to suit your preferences and deliver services that depend on basic account details. Please note that the app only accesses information necessary for its functionality and does not collect or use additional data beyond what is required.

 

Mode and place of processing the Data

Methods of Processing

The owner is responsible and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

Data processing is carried out using third-party data storage and processing services, such as Amazon AWS RDS and other third-party cloud-enabled tools and services.

Apart from the owner, other bodies responsible for various aspects of the app’s operation (including administration, sales, marketing, legal, and system administration), as well as external data processors (such as third-party technical service providers, mail carriers, hosting providers, IT companies, and communications agencies), may have access to the data in certain cases. However, the owner ensures that only the necessary information is shared, limiting access strictly to what is required for the specific task or function being performed. All data sharing is governed by strict confidentiality agreements and policies to prevent unnecessary or unauthorized exposure of user information. The owner is committed to maintaining high standards of data protection and ensures that personal data is handled responsibly and transparently at all times.

The list of updated data sub-processors includes, but is not limited to the following:

Sub-processorServicesNature and Purpose of ProcessingCategories of personal dataLocation of ProcessingData Processing Agreement
Amazon Inc.AWS Virtual Private Networks, AWS RDS, AWS Lambda, data centerData Center Services, Cloud Storage Services, database hosting, website hosting, andAll data mentioned above to provide access to servicesUnited StatesAWS Data Processing Addendum
Open AIAI content Email response generation, analysis of contextEmail messages, metadata United StatesData Processing Agreement
Tawk.toOnline Chat WidgetIdentifying the user for customer serviceFirst name, last name, email, IP address, country, location device name, page visitsUnited StatesData Processing Addendum
Alphabet Inc.Google Workspace API, Gmail APICollecting user data, to provide basic servicesPersonal data such as company data, and employee dataUnited StatesCloud Data Processing Addendum

 

Legal basis of processing

When collecting personal data, the owner assesses the purposes for which the data is needed and the lawful basis that applies. Where consent is the legal basis, you will always have the choice to provide or withhold your consent. We ensure that all processing aligns with the principles of the GDPR.

  1. Consent (Article 6(1)(a) GDPR)
  2. We will process your data when you have provided clear and explicit consent for us to do so. For example:
    • Sending you marketing communications, newsletters, and promotional offers.
    • Storing optional cookies (where required by law).
    • Signing you up for events, contests, or voluntary activities.
  3. You have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the details provided in the “Contact Us” section or use the unsubscribe link provided in our emails.
  1. Performance of a Contract (Article 6(1)(b) GDPR)
    We process your data when it is necessary to enter into or fulfill a contract with you or to take steps at your request before entering into a contract. For example:
    • To process your orders and deliver purchased goods or services.
    • To manage your account and provide customer support.
    • To execute contracts or agreements that you are a party to.
  1. Compliance with a Legal Obligation (Article 6(1)(c) GDPR)
    We process your data to comply with applicable legal obligations. For example:
    • Retaining invoice and payment information to comply with tax laws.
    • Disclosing data to regulatory authorities if required by law.
    • Maintaining accurate records for auditing or employment purposes.
  1. Legitimate Interests (Article 6(1)(f) GDPR)
  2. We process your data when it is necessary for our legitimate interests or the legitimate interests of a third party, provided such interests are not overridden by your fundamental rights and freedoms. For example:
    • Improving the functionality, security, and performance of our website or services.
    • Conducting fraud prevention activities and ensuring network security.
    • Personalizing your experience and optimizing marketing efforts.
    • Analyzing our users’ behaviors to better understand how our services are used.
  3. You have the right to object to processing based on legitimate interests at any time. To exercise this right, please see the “Your Rights” section below.

Data Shared with Third Parties

The owner does not share your Google data with third parties for purposes other than those described in this privacy policy.  The owner is responsible for safeguarding your information and will only share the minimum amount of data necessary to perform a specific task or fulfill contractual obligations with our trusted sub-processors.

Every third-party service provider or sub-processor we work with is carefully vetted to ensure they adhere to strict data protection standards and comply with applicable privacy regulations. The owner maintains rigorous oversight to ensure that your data is used solely for the intended purposes, and these parties are contractually obligated to respect the confidentiality and security of your data. Under no circumstances will your Google data be sold, shared, or used for any unauthorized purposes, such as advertising or profiling, without your explicit consent.

Data Security

We are committed to protecting your personal information and ensuring the security of data collected through the Gmail AI Assistant plugin. To safeguard your information against unauthorized access, alteration, disclosure, or destruction, we implement industry-standard security measures and continually enhance our practices to stay ahead of evolving threats.

Our systems are designed with secure data transmission protocols, including Secure Socket Layer (SSL) encryption, to protect your data as it travels between your device and our servers. We also employ advanced encryption methods to secure sensitive data both in transit and at rest, ensuring that your information remains confidential at all times.

Access to user data is strictly controlled and limited to authorized personnel who require it to perform their roles effectively. These individuals are bound by confidentiality agreements and are regularly trained on the importance of privacy and data security. Furthermore, we enforce robust authentication measures, such as OAuth 2.0, to ensure secure access to your Gmail account and related data.

Our servers are hosted in secure facilities that meet rigorous physical and technological security standards. These facilities are monitored continuously, and access is restricted to authorized personnel. We use firewalls, intrusion detection systems, and real-time monitoring to protect against unauthorized access or potential security breaches.

Activity logs are maintained to track system operations, allowing us to monitor for suspicious activity and respond promptly to potential risks. In the event of a detected threat or vulnerability, we act swiftly to investigate and mitigate any impact on user data.

While we implement robust security measures, it is also essential for users to practice good security hygiene. We encourage you to protect your Google account by using strong, unique passwords and enabling two-factor authentication. If you suspect any unauthorized activity related to our plugin, please report it to us immediately.

If a data breach involving your personal information occurs, we are committed to taking immediate action. We will notify affected users promptly and comply with all applicable legal requirements regarding breach notification. Your trust is important to us, and we strive to be transparent and proactive in addressing any security concerns.

For questions or concerns about our data security practices, please contact our support team. We are here to ensure that your information is handled responsibly and securely at all times.

Data Retention and Deletion

We retain your personal information for as long as necessary to provide and improve the tool, ensuring its seamless operation and fulfilling the purposes outlined in this privacy policy. During your active use of the plugin, your data will be maintained securely to enable features such as draft generation and AI-assisted email responses.

If you stop using the plugin or uninstall it, your data will no longer be actively processed. Upon cessation of usage, we will securely delete your personal information within a reasonable time frame, ensuring compliance with applicable legal and regulatory requirements. Any data retained temporarily for operational reasons will also be removed once it is no longer needed.

We respect your right to control your personal information. At any time, you may request that we delete your data by contacting us. Once we verify your request, we will erase your information from our systems promptly, except where retention is required to comply with legal obligations, resolve disputes, or enforce agreements.

Certain non-personal or anonymized data may be retained for analytics and to improve the plugin’s functionality. This data does not include any information that can identify you or associate your actions with your account. We are committed to ensuring that all retained data is managed securely and used responsibly.

For audit and troubleshooting purposes, activity logs and error reports may be maintained temporarily to help us investigate and resolve issues. These logs are handled in compliance with data protection standards and are securely erased when no longer necessary.

Your Rights

If you are located in the EU or another jurisdiction with data protection regulations, you have the following rights:

  • Access: Request access to your data.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data.
  • Objection: Object to the processing of your data.
  • Portability: Request a copy of your data in a portable format.

To exercise these rights, please contact us at info@appsrecord.com.

Changes to the Privacy Policy

We may update this policy from time to time. Material changes will be communicated via email. For minor updates, please review the privacy policy on our website.