Privacy Policy

Confluence.so | Last updated: January 20, 2026

Overview

Confluence.so is an email productivity application. This policy explains what data we collect, where it's stored, how it's processed, and how we protect it.

How We Use Google User Data

We access your Gmail account through Google's API to provide the following functionality:

• Reading emails: Display your messages, threads, and labels within the Confluence.so interface
• Sending emails: Compose and send new messages or replies on your behalf
• Managing drafts: Create, edit, and delete email drafts
• Deleting emails: Permanently delete emails from your inbox
• Organizing emails: Modify labels (archive, star, mark as read/unread, trash) to help you organize your inbox
• Syncing contacts: Display contact names and email addresses for a better email experience
• Assisting with writing and organization: Provide drafting and other email assistance features

Email content accessed via the Gmail API is processed locally in your browser for most features. For certain assistance features, limited portions of content may be processed on our servers to generate suggestions. We do not store full email content on our servers.

Data We Collect

Stored Locally (Your Device Only)

• Email content: Messages, attachments metadata, and contacts accessed via Gmail API

Stored on Our Servers

We use Better Auth for authentication. The following data is stored in our PostgreSQL database:

• Account information: Name, email address, Google ID, profile photo URL
• App settings: Your preferences and configuration
• Session data: Authentication tokens and session identifiers
• OAuth tokens: Encrypted tokens required to maintain your Gmail API connection
• Telemetry: Limited usage data is collected for debugging and performance monitoring
• Service processing data: Short-lived data required to provide assistance features

Sharing, Transfer, and Disclosure of Google User Data

We do not share, transfer, or disclose your Google user data to any third parties, except in the following limited circumstances:

• Google APIs: We communicate with Google's servers solely to fetch and sync your email data. No email content is transmitted to any other third party.
• Service providers: We use infrastructure providers (hosting, database) who may process encrypted authentication tokens or transient processing data, but they never have access to stored email content.
• Legal requirements: We may disclose data if required by law, court order, or governmental authority.

We do not sell, rent, or trade your Google user data to any third party for any purpose, including advertising or marketing.

Data We Do Not Collect

• We do not store full email content on our servers
• We do not sell or share personal data with third parties for advertising

Security & Data Protection

Local Data

• Browser Sandboxing: Locally stored data is isolated within your browser's origin-based security model, inaccessible to other websites
• Secure Transmission: All communications with Google's APIs use HTTPS/TLS 1.3
• User Control: Local data persists until you manually clear it via browser site settings or uninstall the extension

Server Data

• Encryption in Transit: All client-server communications use HTTPS/TLS
• Encryption at Rest: Database storage is encrypted using AES-256
• Access Control: Server access is restricted to essential personnel

Data Retention

• Local data: Retained indefinitely until you clear your browser's site data for Confluence.so
• Server data: Account data is retained while your account is active. Upon account deletion, all associated data is permanently removed within 30 days
• Processing data: Assistance feature data is retained only as long as needed to provide the feature

Third-Party Services

We use Google's Gmail API to access your email. Google's privacy policy applies to their services.

Google API Limited Use Disclosure

Confluence.so's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request scopes necessary for core functionality
• We do not use Google user data for advertising
• We do not transfer data to third parties except as necessary to provide the service
• Human access to data is limited to debugging with user consent, legal compliance, or aggregated anonymous analysis

Your Rights

• Access & Export: Request a copy of your server-stored data at any time
• Deletion: Delete your account and all associated server data
• Revoke Access: Disconnect Gmail access via Google Account Permissions
• Clear Local Data: Remove locally stored data via your browser settings

To exercise these rights, contact us at the address below.

Contact

support@confluence.so