Privacy Policy
Last updated: 24 May 2026
reply2mail connects to your email account to read, classify and reply to messages on your behalf. This policy explains what we access, how we protect it, and your choices.
What we access
To work, reply2mail connects to your mailbox over IMAP/SMTP using credentials you provide, or via OAuth where supported. We read incoming messages to analyze and (in your chosen mode) reply to them.
We store: your account email, agent settings (persona, rules, signature), knowledge you add (RAG sources), calendar events the agent creates, and usage logs.
How we protect it
Mailbox passwords are encrypted at rest (AES/Fernet); a leaked database row never reveals your password. Connections use TLS. We never display your password back to you.
We do not sell your data. Email content is processed only to provide the service (analysis, drafting, replies) and is not used to train third-party models beyond what the LLM provider requires to fulfill a request.
AI processing
Message content is sent to our LLM provider (OpenRouter) to generate analyses and replies. Only the content needed for the current task is sent. Sensitive topics (money, contracts, legal) are escalated to you rather than auto-answered.
Your choices
You control the agent mode (off / suggest / auto). You can delete knowledge sources, disconnect your mailbox, or delete your account at any time, which removes your stored settings and credentials.
Google user data & Limited Use
When you connect Gmail via Google OAuth, reply2mail requests access to your Gmail messages (the mail.google.com scope) solely to provide the features visible to you: reading and classifying incoming mail, drafting replies, organizing your inbox, and — only in the mode you choose — sending replies you approve. We never send mail without your explicit approval.
reply2mail’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Google user data only to provide and improve these user-facing features; we do not transfer or sell it to third parties for advertising, market research, or any unrelated purpose; we do not use it to train generalized AI/ML models; and no humans read your Google user data except where you explicitly grant permission for support, where required for security or to comply with applicable law, or on data that is aggregated and anonymized.
Google access tokens are encrypted at rest. You can revoke reply2mail’s access at any time from your Google Account permissions page or by deleting the connected account in reply2mail, which removes the stored tokens.
Contact
Questions about privacy? Email [email protected].