Privacy Policy
Last updated: 2026-05-11
This application ("Emily Agent") uses Google OAuth 2.0 to access your Gmail and Google Calendar data solely on your behalf and at your direction. This policy describes how your data is handled.
SMS Messaging
If you choose to provide your phone number for SMS notifications, we collect and store your phone number solely for the purpose of delivering text messages through our messaging provider, Twilio. Key points:
- Entirely optional. SMS is an optional additional channel. All core functionality is available through other channels (WhatsApp, Telegram, Discord) without providing a phone number.
- No sharing. Your phone number will never be sold or shared with any third party beyond Twilio, our messaging provider, which processes messages on our behalf.
- Your control. You can unsubscribe at any time by replying STOP to any message, after which no further messages will be sent.
- Standard rates. Message and data rates may apply depending on your mobile service plan.
- Retention. Your phone number is retained for as long as you remain opted in. If you unsubscribe, it is removed from our active messaging list.
Data We Access
With your explicit consent via Google's OAuth consent screen, we request access to:
- Gmail (modify): Read, compose, send, and manage your email (no permanent deletion bypassing trash)
- Gmail settings (basic): View and manage email filters and vacation responders
- Gmail settings (sharing): View send-as aliases, forwarding addresses, and delegates (read-only)
- Google Calendar: See, create, edit, and delete calendar events
- Identity: Your email address and OpenID identity (for authentication)
How We Use Your Data
All data access is performed exclusively in response to your direct instructions. We never:
- Store your email messages or calendar data outside the Google ecosystem
- Share your data with any third party
- Use your data for training, analytics, or any purpose other than executing your commands
- Retain access tokens after you revoke them
Data Storage
OAuth refresh tokens are stored locally in an encrypted file keyring on the server you control. No tokens are transmitted to any third party. Message content is processed ephemerally in memory and not persisted beyond your session.
Data Retention
We do not maintain a separate data store of your Google data. Your emails and calendar events remain in your Google account and are only accessed on demand. Logs of session activity (metadata only, not message content) may be retained for operational debugging.
Data Deletion
You can revoke access at any time via your Google Account permissions page. Revoking access immediately terminates the application's ability to read your data.
Contact
Søren L. Hansen
Oakland, CA, USA
Email: sorenisanerd@gmail.com
Changes to This Policy
If this policy changes, users will be notified via the application's release notes. Continued use after changes constitutes acceptance of the updated policy.