Back to Privacy Policy

Google API Services User Data Disclosure

Last updated: May 30, 2026

About this page

This page describes, in standalone form, how Daybriefer accesses, uses, stores, and shares data received from Google APIs — including Gmail and Google Calendar.

Daybriefer is operated by Studio Pi & Pi BV (KBO/VAT BE0439165619), Kartuizerlaan 32, 9000 Gent, Belgium. This disclosure is in addition to, and consistent with, our full Privacy Policy. Where the two could be read inconsistently, the Privacy Policy controls.

How Daybriefer differs from Gmail's built-in AI

Gmail now ships its own AI features. They are useful, but they make a different deal with you than Daybriefer does. We think it's worth saying that out loud — not to disparage Google's product, but so you can make an informed choice.

  • Training data. Gmail's general AI features run on models that Google trains on broad corpora and continues to evaluate against real user behaviour. Daybriefer's AI sub-processor is OpenAI, accessed via API with the default no-training setting — your messages are never used to train, fine-tune, or evaluate any model. We do not opt in to model training and we never will.
  • Scope of access. Gmail's AI runs inside Gmail itself with full access to every message, label, attachment, and contact. Daybriefer runs as an external app and asks for only the specific OAuth scopes listed below — read access to mail and calendar, plus compose/send for the replies you explicitly review. We never ask for a wider scope than the feature requires.
  • Where your data lives. Honest version: your message bodies and metadata are stored in Supabase Postgres in the EU (Frankfurt, Germany). The Daybriefer web app itself runs on Railway in the United States (Oregon), and email bodies are sent to OpenAI in the United States for transient analysis under EU Standard Contractual Clauses. So at-rest storage is European; processing transits the US. Gmail's own AI runs across Google's global infrastructure with broad data residency, so this is a meaningful but not absolute difference.
  • Retention. Message bodies cached for AI analysis are purged on a 30-day rolling window (see §6 of the Privacy Policy). Metadata (sender, subject, received-at, AI-extracted summaries) stays until you disconnect or delete your account. Gmail retains data indefinitely under its own terms.

If any of the above changes, this page changes first and we update the "last updated" date at the top. We don't surprise you.

1. Limited Use commitment

Daybriefer's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Daybriefer does not:

  • Use Gmail or Calendar data to develop, train, or improve generalised or personalised AI/ML models, including those of our sub-processors. Our AI sub-processor (OpenAI) does not use API inputs or outputs to train models by default; we do not opt in to training.
  • Transfer Google user data to third parties except as necessary to provide or improve the user-facing Daybriefer features (e.g. summarisation), to comply with applicable law, or as part of a merger/acquisition with advance notice to users.
  • Use Google user data for serving advertisements, audience targeting, or building user profiles for advertising or marketing purposes.
  • Allow humans to read Google user data, except (a) with the user's affirmative agreement for specific messages, (b) when necessary for security or to comply with applicable law, (c) to perform internal operations such as user-requested support, where the data is aggregated and anonymised.

2. OAuth scopes we request, and why

Daybriefer requests only the OAuth scopes strictly necessary for the features the user sees. Each scope below lists the exact Google scope string, the user-facing feature it powers, and the data we read or write under it.

Gmail — read, draft, and trash (one consolidated scope)

https://www.googleapis.com/auth/gmail.modify
Daybriefer requests a single Gmail scope — gmail.modify — that covers all three Gmail actions the product needs. We use a single consolidated scope (rather than gmail.readonly + gmail.compose + a third scope) because Google requires us to ask for the minimum-necessary set, and gmail.modify is the smallest scope that authorises all three actions below.

What we use it for:

  • Read. The core daily brief reads recent Gmail messages to classify them as Urgent / Needs Reply / Informational, extract action items, and summarise threads. Data accessed: message metadata (sender, subject, thread, headers, received-at) and message body content.
  • Draft. When a user clicks "Draft reply" inside Daybriefer, we generate an AI draft and surface it for review.
  • Send. When the user clicks Approve / Send on a reviewed draft (typically a meeting confirmation or a reply), we send that one message via the Gmail API on the user's behalf. There is no background, scheduled, or bulk send — every send is a per-message, per-click action initiated by the user.
  • Trash mirror. When a user deletes an email inside Daybriefer, we move the same message to Gmail's trash so the user's two surfaces stay in sync. Trashed messages remain in Gmail's trash for 30 days and the user can restore them; we do not permanently delete.

What we never do with this scope: we never send messages without an explicit per-message user click — there is no background or scheduled send. We do not modify message bodies, we do not change labels other than UNREAD, INBOX, and TRASH (for the read, archive, and delete actions you trigger), and we never request the broader https://mail.google.com/ scope.

Calendar — events

https://www.googleapis.com/auth/calendar.events
Why we need it: read the user's events to detect conflicts on incoming meeting requests, and create a new event when the user clicks Accept on a proposed time inside Daybriefer.
What we never do: we do not modify or delete events we did not create. We do not request the broader https://www.googleapis.com/auth/calendar scope.

Calendar — free/busy

https://www.googleapis.com/auth/calendar.freebusy
Why we need it: check whether the user is free at a proposed meeting time. Returns busy/free intervals only — never event titles, attendees, locations, or descriptions.

Identity

https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Why we need it: show who is signed in inside the application UI.

3. What we store, where, and for how long

Data received from Google APIs is stored at rest in our Supabase Postgres database, encrypted at rest by the provider (AES-256) and in transit (TLS 1.2+). The Postgres instance is hosted in the European Union.

Concretely we persist:

  • Google OAuth access tokens and refresh tokens, scoped to the permissions above, with their expiry timestamps and granted scopes.
  • Email metadata: Gmail message ID, thread ID, sender, subject, snippet, headers, received-at timestamp, and Daybriefer's internal classification (Urgent, Needs Reply, Informational).
  • Email body text, cached for 30 days only so the brief renders quickly without re-fetching from Google on every page load. A nightly cron purges raw bodies older than 30 days; the metadata and AI summary remain.
  • AI-generated summaries and extracted action items derived from message content.
  • Drafts the user creates in Daybriefer, plus the conflict-check results we run against their calendar.

Retention. While the account is active, we retain the data above so the product is fast and the user's history is searchable. When the user deletes their account, all of the above is permanently removed from Postgres within 30 days, with row-level cascading deletes on bodies, summaries, drafts, and conflict checks. Database backups (Supabase rolling 7-day window) age out within 7 days after that.

4. Sub-processors who may receive Google user data

  • Supabase Inc. — managed Postgres + auth. Hosts the application database in the European Union.
  • Railway — application hosting (the Next.js process serving daybriefer.com). Receives data in transit only; does not persist it.
  • OpenAI, L.L.C. (USA) — language models used to classify emails and generate summaries and draft replies. Email content is sent to the OpenAI API. OpenAI does not use API inputs or outputs to train its models by default; we do not opt in to training.
  • Google LLC — the source of the data itself, via Gmail and Calendar APIs.

A current list is available at ask@daybriefer.com.

5. How a user revokes access

  • Inside Daybriefer: Settings → Connected accounts → Disconnect.
  • From Google directly: myaccount.google.com/permissions.
  • Full account & data deletion: email ask@daybriefer.com with the subject line "Delete my account". Permanent deletion completes within 30 days; backups expire within 7 days after that.

6. Contact

Studio Pi & Pi BV
Kartuizerlaan 32, 9000 Gent, Belgium
KBO/VAT BE0439165619

General: ask@daybriefer.com
Privacy / data subject requests: privacy@daybriefer.com
Security disclosures: security@daybriefer.com