← Back to GateMail

Privacy Policy

Last updated: March 15, 2026

1. Introduction

GateMail ("we," "us," or "our") operates the GateMail email filtering service accessible at gatemail.co. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

We collect the following categories of information. "Google user data" refers to data obtained via Google APIs.

  • Account information: Your email address and name provided when you sign in via Google or Microsoft OAuth.
  • Email metadata (Google user data): Sender email addresses, sender names, and email subjects processed through our filtering pipeline. We do not read or store the body of your emails.
  • Gmail labels and settings (Google user data): Label assignments and mailbox settings accessed via the Gmail API to apply filtering actions on your behalf.
  • Usage data: Filter verdicts, rules matched, and pipeline events associated with incoming messages.
  • Billing information: Payment details processed securely by Stripe. We do not store your full card number.
  • OAuth tokens (Google user data): Refresh tokens for Google and Microsoft APIs, used solely to manage your inbox on your behalf.

3. How We Use Your Information

  • To provide and operate the email filtering service.
  • To authenticate your identity and authorize inbox access.
  • To process billing and manage your subscription.
  • To show you your filtering history and pipeline activity in the dashboard.
  • To send service-related communications (e.g., billing receipts, important updates).

We do not sell your personal information to third parties.

Google user data obtained via gmail.modify and gmail.settings.basic is used exclusively to provide and improve the email filtering features you have requested. We request only the minimum permissions necessary to deliver those features. Google user data is never used for purposes unrelated to the user-facing features of GateMail, including but not limited to advertising, analytics sold to third parties, or any other secondary purpose.

4. Third-Party Services

GateMail relies on the following third-party services, each with their own privacy policies:

  • Google / Microsoft: OAuth authentication and Gmail/Outlook API access for email filtering.
  • Supabase: Database and authentication infrastructure hosting user account data.
  • Stripe: Payment processing and subscription management.
  • Cloudflare: Infrastructure, CDN, and Workers runtime powering our backend.
  • Amazon SES: Transactional email delivery for challenge and notification emails.

Restrictions on Google user data sharing

Google user data is never transferred to any third party for the following purposes, and we do not permit our service providers to use Google user data for these purposes:

  • Serving advertisements or building advertising profiles.
  • Sale or transfer to data brokers or data aggregators.
  • Retargeting, remarketing, or behavioral advertising.
  • Credit assessment or financial risk scoring.
  • Surveillance, tracking, or monitoring unrelated to the email filtering service.
  • Any purpose unrelated to providing the core GateMail service to you.

5. Google API Services — Limited Use Disclosure

GateMail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  1. Limited use: Data obtained from Google APIs is used only to provide and improve the user-facing email filtering features of GateMail. It is not used for any other purpose.
  2. Restricted human access: GateMail employees and contractors do not read Google user data unless the user has given affirmative agreement, it is necessary for security purposes (e.g., investigating abuse), it is required by law, or it is used in aggregated and anonymized form for internal service improvement.
  3. No transfer for advertising: Google user data is not transferred to third parties and is not used to serve advertisements or for any advertising-related purpose.
  4. No transfer to data brokers: Google user data is never sold, rented, or transferred to data brokers or data aggregators.
  5. No unrelated use: Google user data is not used for any purpose unrelated to the core email filtering functionality described in this policy.

6. Data Retention

We retain pipeline logs and filtering history for as long as your account is active. If you delete your account, we will delete your personal data — including all Google user data such as OAuth tokens, email metadata, and any stored label or settings information — within 30 days, except where we are required to retain it for legal or billing purposes (e.g., Stripe transaction records). Upon account deletion, we will also revoke any outstanding OAuth tokens issued to GateMail.

You may also revoke GateMail's access to your Google account at any time via your Google Account permissions page. To request data deletion or account removal, contact us at privacy@gatemail.co or use the Settings page within the GateMail dashboard.

7. Security

We implement industry-standard security measures to protect your data both in transit and at rest:

  • TLS encryption: All data transmitted between your browser, our servers, and third-party APIs is encrypted using TLS.
  • Encrypted token storage: OAuth refresh tokens are encrypted at rest and used only to perform actions you have authorized.
  • Access controls: Access to production systems and user data is restricted to authorized personnel on a need-to-know basis.
  • Regular review: We regularly review and update our security practices to address evolving threats.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Revoke OAuth access granted to GateMail via your Google or Microsoft account settings.

To exercise these rights, contact us at the address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date, and, where appropriate, through in-product notifications within the GateMail dashboard. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions about this policy? Email us at privacy@gatemail.co.