Privacy Policy
Effective date: May 11, 2026 Last updated: May 11, 2026
This is the privacy policy for Shomery ("Shomery", "we", "us", or "our"), a service operated from California, USA. It explains what information we access, how we use it, where it goes, and the choices you have.
We've written this in plain English on purpose. If anything below is unclear, email us at hello@shomery.com and we'll explain it.
1. What Shomery does
Shomery watches your Gmail inbox for emails from senders or domains you specify. When a matching email arrives, Shomery produces a short markdown summary — sender, subject, a brief gist, and a few extracted fields — and saves that summary into a folder inside your own Google Drive. You then read the feed in our web app, or ask grounded questions across one subject, a group of subjects, or your whole inbox. The assistant answers only from your own emails and refuses honestly when the answer isn't there.
This privacy policy describes how we handle the data needed to do that.
2. Information we access
From Google (with your explicit consent through OAuth)
When you connect Shomery to your Google account, we request access to:
- Your basic Google profile — name, email address, profile picture, and Google account ID. Used to identify your Shomery account.
- Your Gmail content — message bodies, subjects, sender, recipient, and headers, but only for emails matching the senders or domains you've added to your watch list. We don't read your entire inbox.
- Your Google Drive — limited to creating and writing files in a Shomery-specific folder. We do not read other files in your Drive.
You can revoke this access at any time through your Google Account settings at https://myaccount.google.com/permissions.
Information you give us directly
- Watch list configuration (senders, domains, subjects, group names) that you create inside Shomery.
- Questions you ask the Shomery assistant.
- Account preferences and feature-flag opt-ins.
Technical information
- Device type, browser, operating system, and approximate location (derived from IP address — not precise GPS).
- Service logs: request timestamps, error reports, and performance metrics needed to operate and debug the service.
3. How we use this information
Shomery uses your information only to:
- Produce the markdown summaries of emails on your watch list and save them to your Google Drive.
- Answer the questions you ask, grounded in your own email content.
- Operate, secure, and improve the service (debugging errors, monitoring performance, preventing abuse).
- Communicate with you about your account, service issues, or significant changes to this policy.
We do not:
- Use your Gmail content for advertising of any kind.
- Sell, rent, or share your Gmail content with third parties for their own purposes.
- Train any artificial intelligence or machine learning model on your Gmail content.
- Read your Gmail content manually, except where strictly necessary for security investigations, to comply with applicable law, or with your explicit consent.
4. Google API Services User Data Policy — Limited Use
Shomery's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use your Google user data to provide or improve user-facing features that are prominent in Shomery's user interface.
- We do not transfer your Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets where you would be given prior notice.
- We do not use your Google user data for serving advertisements.
- We do not allow humans to read your Google user data, except: (a) with your affirmative agreement for specific messages, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized.
The full Google policy is available at https://developers.google.com/terms/api-services-user-data-policy.
5. Third-party service providers
To run Shomery, we send certain data to the following service providers under contractual obligations that restrict their use of that data:
| Provider | What they receive | Why | Their data-use rules |
|---|---|---|---|
| OpenAI (gpt-4o-mini API) | The content of emails on your watch list at the moment of summarization or question answering | To generate the markdown summary and answer your questions | OpenAI's API terms prohibit training their models on data submitted through the API |
| Voyage AI (voyage-3-lite API) | Excerpts of email content, converted to numerical embeddings (vectors) | To enable semantic search across your inbox so the assistant can find relevant emails | Voyage's API terms prohibit training on API data |
| Google Cloud (Firebase) | Account metadata, encrypted credentials, service logs, your Shomery configuration | To host the service (authentication, database, function execution) | Google Cloud's data processing terms apply; data stays in your designated region |
| Google Drive (yours) | The final markdown summary artifacts | This is your own Google Drive — Shomery just writes there with your permission. The artifacts live in your account, not ours. | Governed by your Google account's own privacy settings |
We do not share your information with advertising networks, data brokers, or analytics platforms beyond the operational logs needed to keep the service running.
6. Where your data lives
- The markdown summary artifacts themselves live in your own Google Drive, in a Shomery-managed folder inside your account. If you delete that folder, the artifacts are gone — we don't keep a separate copy.
- Your account metadata, watch list configuration, and short-term operational data (such as in-flight processing state and cached embeddings) live in our Firebase / Google Cloud project, hosted in the United States.
- OpenAI and Voyage AI process email content transiently to generate the summary or answer your question. They do not retain the content beyond the short retention windows defined in their respective API terms.
7. How long we keep your information
- Markdown summaries: as long as they exist in your Google Drive (you control deletion).
- Account metadata and configuration: as long as your Shomery account is active. When you delete your account, we delete this data within 30 days, subject to limited exceptions for legal compliance.
- Service logs: retained for up to 90 days for debugging, abuse prevention, and security, then automatically deleted.
- Backups: Google Cloud automated backups follow a 7-day rolling window (point-in-time recovery), after which they expire.
8. Security
We use the security controls provided by Google Cloud and Firebase, including encryption in transit (HTTPS/TLS) and encryption at rest, restricted IAM permissions, and audit logging. OAuth tokens are stored encrypted and only used to access the specific Gmail and Drive scopes you've authorized.
No security system is perfect. If we discover a breach involving your personal information, we will notify you and the relevant authorities as required by California law.
9. Your choices and rights
You can, at any time:
- Disconnect Shomery from your Google account through https://myaccount.google.com/permissions. This immediately stops Shomery from accessing your Gmail or Drive.
- Delete the Shomery folder in your Google Drive to remove the markdown summary artifacts.
- Request deletion of your Shomery account by emailing hello@shomery.com. We'll process the deletion within 30 days.
- Request a copy of the data we hold about you by emailing hello@shomery.com.
- Correct inaccurate information by editing it in the Shomery app or by emailing us.
10. California privacy rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you specific rights regarding your personal information:
- Right to know what personal information we collect about you, the sources, the purposes, and the categories of third parties we share it with.
- Right to delete the personal information we hold about you, subject to limited legal exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of your personal information. We do not sell or share your personal information in the way these terms are defined under California law, so there is nothing to opt out of — but you have the right to confirm this.
- Right to limit use of sensitive personal information to what is necessary to provide the service.
- Right to non-discrimination for exercising any of the above rights. We will not deny service, charge different prices, or provide a different quality of service because you exercised a right.
To exercise any of these rights, email hello@shomery.com. We may need to verify your identity before responding.
11. Children's privacy
Shomery is not intended for use by anyone under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has provided us information, email us and we will delete it.
12. International users
Shomery is operated from the United States. If you access the service from outside the U.S., your information will be transferred to, processed, and stored in the U.S. and other countries where our service providers operate. By using Shomery, you consent to this transfer.
13. Changes to this policy
We may update this policy from time to time. When we do, we'll post the new version at the same URL and update the "Last updated" date at the top. For significant changes that affect how we use your data, we'll email you in advance.
14. Contact
Privacy questions, requests, and complaints:
Email: hello@shomery.com Business location: California, USA
If you are unsatisfied with our response, California residents may contact the California Attorney General's office at https://oag.ca.gov/privacy.
This document is the source of truth. The HTML page at https://shomery.com/privacy is rendered from this Markdown.