Privacy Policy

Last updated: 2026-05-22

1. Overview

M'sM ("Michael's Mail") is a personal email client built and operated by Michael Pruneda for individual use. It integrates Gmail and Microsoft Outlook accounts into a single inbox view with AI-assisted features such as smart labeling and reply drafting. This policy describes what data M'sM accesses, how it is stored, and how it is used.

2. Data We Access

When you connect a Google account to M'sM, the app requests these OAuth scopes:

gmail.readonly — Read message metadata, headers, and body content to display in the unified inbox.
gmail.send — Send new messages, replies, and forwards on your behalf when you click "send" in M'sM.
gmail.modify — Mark messages as read/unread, starred, archived to keep state in sync with Gmail.
drive.file — Upload invoice/receipt PDFs that M'sM extracts from emails into a Drive folder you own. Access is limited to files M'sM creates.
openid, userinfo.email, userinfo.profile — Identify your account.

3. How Data Is Used

Display: Emails are shown in the M'sM web UI for the signed-in user only.
Smart features: Email subject + snippet (not full body) may be sent to Anthropic Claude API for label classification and reply draft generation. Claude API is used as a stateless model provider; data is not used for training.
Invoice automation: PDF attachments matching invoice patterns are extracted and saved into a user-owned Google Drive folder for accounting purposes.
M'sM does not use Google user data to train or improve generalized AI/ML models.

4. Data Storage

Email metadata (sender, subject, snippet, received date) is cached in a private Supabase Postgres database for fast display.
Email body HTML/text is cached only when the user opens the message, and stored in the same database.
OAuth access/refresh tokens are encrypted at rest using Fernet symmetric encryption (44-byte key) before being written to the database.
Database is hosted on Supabase Cloud (managed PostgreSQL); the application backend is hosted on Render.

5. Data Sharing

M'sM does not share, sell, transfer, or disclose your Google data to any third party except:

Anthropic (Claude API): Email subjects/snippets (not full body) are sent for AI features. Anthropic does not retain inputs for training.
Supabase: Used as the database provider; the database is private and only accessible by the M'sM backend.
Render: Hosts the backend service. No human at Render reads user data.

Data is never sold or used for advertising.

6. Data Retention & Deletion

Cached email metadata is retained as long as the connected account is active.
You can disconnect any account at any time from the M'sM "Accounts" page. Disconnection removes the encrypted OAuth tokens from M'sM's database.
You can revoke M'sM's access at any time via your Google Account settings: https://myaccount.google.com/permissions
For full data deletion, email the contact below and the cached emails associated with your account will be permanently removed within 7 days.

7. Security

All traffic between the browser, M'sM backend, Google, Microsoft, and Supabase is encrypted in transit via TLS.
OAuth tokens are encrypted at rest with Fernet (AES-128 in CBC mode + HMAC-SHA256).
The M'sM backend runs as an isolated service on Render with environment-variable-based secret management.

8. Google API Services User Data Policy Compliance

M'sM's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Children's Privacy

M'sM is not intended for users under 13 and does not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of M'sM after changes constitutes acceptance.

11. Contact

Questions, deletion requests, or other privacy concerns:
Michael Pruneda — anthony1232123@gmail.com