Privacy Policy

Last Updated: March 20, 2026

1. Introduction

Guard My Email ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email security service and Gmail add-on.

2. Information We Collect

2.1 Email Content (Temporary Processing Only)

When you scan an email using our service:

• We temporarily process the email content (sender, subject, body, headers) only when you click "Scan Now"
• This data is sent to Claude AI (Anthropic) for real-time phishing analysis
• We do NOT store, log, or retain any email content after analysis is complete
• Email content is processed in memory only and immediately discarded
• We do NOT access your inbox or emails you don't explicitly scan

2.2 Account Information

We collect and store only essential information:

• Email address (for user identification and quota tracking)
• Google account user ID (for Gmail add-on authentication)
• Usage statistics (number of scans per month, timestamps)
• Subscription tier (free or premium)
• Stripe customer ID and subscription ID (if you subscribe to premium)

2.3 Technical Information

• Error logs and performance data (for service improvement)
• Browser type and version (for compatibility)

3. How We Use Your Information

3.1 Limited Use Compliance

Gmail data accessed through Google APIs is used ONLY for providing email phishing detection functionality. Specifically:

• We access email content only when you click "Scan Now"
• Email content is used solely for AI phishing analysis
• We do NOT use Gmail data for advertising purposes
• We do NOT use Gmail data for AI model training
• We do NOT sell or transfer Gmail data to third parties (except Claude API for analysis, see below)
• We do NOT display Gmail data to humans except you (the email owner)

3.2 Other Uses

We use non-Gmail information to:

• Authenticate your account and manage subscriptions
• Track usage against quota limits (free: 5 scans/month, premium: unlimited)
• Send service updates and security notifications
• Improve service quality and detection accuracy
• Comply with legal obligations
• Detect and prevent fraud or abuse

4. Data Sharing and Third Parties

4.1 Anthropic (Claude AI)

Email content is sent to Anthropic's Claude API for AI-powered phishing analysis:

• Purpose: Real-time email threat analysis only
• Data Sent: Email content (headers, body, sender)
• Retention: Anthropic does NOT retain email content per their privacy policy
• Usage: Anthropic does NOT use customer data to train AI models
• Privacy Policy: https://www.anthropic.com/legal/privacy

4.2 Google Cloud Platform

We use Google Sheets to store user quota information:

• Data Stored: Email addresses, scan counts, subscription tiers
• Security: Encrypted at rest with AES-256 (Google-managed)
• Access: Limited to our backend service account only

4.3 Stripe (Payment Processing)

If you subscribe to premium:

• Payment information is processed and stored by Stripe (PCI DSS Level 1 certified)
• We only store your Stripe customer ID and subscription ID
• We never see or store your credit card information

4.4 What We Do NOT Do

• We do NOT sell your personal information to third parties
• We do NOT share your email content with advertisers
• We do NOT use your emails for marketing purposes
• We do NOT store your email content beyond the analysis session
• We do NOT allow humans to read your emails
• We do NOT use Gmail data for purposes other than phishing detection

5. Data Retention

• Email Content: Zero retention (processed in memory only, immediately discarded)
• Email Addresses: Retained while your account is active
• Usage Statistics: Retained indefinitely (for quota tracking)
• Payment Records: Retained per Stripe's policies and legal requirements

To delete your account and all associated data, contact support@guardmyemail.com

6. Data Security

We implement industry-standard security measures:

• Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
• Encryption at Rest: User data stored in Google Sheets encrypted with AES-256
• Access Controls: Limited to service accounts only, no human access to user data
• Security Certification: CASA Tier 2 certified (Google-required security assessment)
• OAuth Security: Google OAuth verified for all Gmail API access
• API Key Protection: Stored encrypted in Google Apps Script Properties Service

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and all data
• Portability: Receive your data in a machine-readable format (CSV export available)
• Revoke Access: Remove Gmail permissions at any time via Google Account settings
• Withdraw Consent: Uninstall add-on or revoke permissions at any time

To exercise these rights, contact privacy@guardmyemail.com

8. GDPR Compliance (EU Users)

If you are in the European Union, we comply with GDPR:

• Legal Basis: Consent (you authorize Gmail access) and Legitimate Interest (fraud prevention)
• Data Protection by Design: Zero email content retention by default
• International Transfers: Data sent to Anthropic (US) uses Standard Contractual Clauses
• Your Rights: Access, rectification, erasure, restriction, portability, objection
• Data Protection Officer: dpo@guardmyemail.com
• Supervisory Authority: You may lodge a complaint with your local data protection authority

9. CCPA Compliance (California Users)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by businesses
• Opt-out of sale of personal information (we do not sell data)
• Non-discrimination for exercising privacy rights

To exercise CCPA rights, contact privacy@guardmyemail.com

10. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13. If we discover such collection, we will delete the information immediately.

11. Gmail Add-on Specific Disclosures

11.1 Permissions

Our Gmail add-on requests the following permissions:

• gmail.readonly: Read email content when you click "Scan Now"
• gmail.addons.current.message.readonly: Access email metadata in add-on sidebar
• gmail.addons.execute: Run as Gmail add-on
• script.external_request: Send email content to Claude API for analysis
• userinfo.email: Identify your account for quota tracking

11.2 What We Access

We ONLY access:

• Emails you explicitly scan by clicking "Scan Now"
• Your email address for account identification

11.3 What We Do NOT Access

• Emails you don't scan
• Your inbox or other folders
• Email attachments (only text content is analyzed)
• Sent emails, drafts, or archived emails
• Contacts or calendar

11.4 Google Limited Use Disclosure

Guard My Email's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means:

• Gmail data is used only for providing phishing detection functionality
• Gmail data is not transferred to third parties except for the stated purpose (Claude API analysis)
• Gmail data is not used for serving advertisements
• Gmail data is not used to build user profiles
• Gmail data is not used to train AI models

12. Email Forwarding Service

If you use our email forwarding option (scan@guardmyemail.com):

• Emails forwarded to scan@guardmyemail.com are processed the same way as Gmail add-on scans
• Email content is analyzed in real-time and immediately deleted
• Analysis results are emailed back to you
• We do not store forwarded email content

13. Contact Us

For privacy-related questions or requests:

• Privacy Inquiries: privacy@guardmyemail.com
• General Support: support@guardmyemail.com
• Data Protection Officer (EU): dpo@guardmyemail.com
• Website: guardmyemail.com
• Response Time: We respond to requests within 30 days

This Privacy Policy was last updated on March 20, 2026. Previous versions are available upon request.