Privacy Policy

Last updated: January 31, 2026

Sangs ("we", "our", "us") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights.

1. Data We Collect

• Account info — name, email, and profile picture from Google OAuth.
• OAuth tokens — encrypted at rest (AES-256-GCM) to access Gmail on your behalf.
• Email metadata — subject lines, sender addresses, and thread IDs for emails matching your configured filters only.
• User context — profile information you provide (skills, portfolio, pricing) to personalize AI-generated responses.
• Usage data — aggregate statistics (emails sent, reply rates) stored per-account.

2. Gmail Scopes

We request the following Google OAuth scopes:

• gmail.readonly — to scan your inbox for emails matching your filters.
• gmail.send — to send replies and follow-ups on your behalf.
• gmail.modify — to mark processed emails as read.
• userinfo.email and userinfo.profile — to identify your account.

We do not access your contacts, Google Drive, calendar, or any other Google service.

3. Token Encryption

All OAuth access tokens, refresh tokens, and user-provided API keys are encrypted at rest using AES-256-GCM before being stored in our PostgreSQL database. The encryption key is stored as an environment variable on our server infrastructure and is never committed to source code.

4. Third-Party Services

• Anthropic (Claude) — email content is sent to Claude for AI-powered response generation and sentiment analysis. See Anthropic's Privacy Policy.
• Railway — our hosting provider. Data is stored on Railway's infrastructure.
• Google — Gmail API for email access. See Google's Privacy Policy.

5. Data Retention

Sent response records and statistics are retained for the lifetime of your account. Email body content used for AI processing is not stored beyond the response record. You can request full data deletion at any time.

6. Your Rights

• Access — request a copy of all data we store about you.
• Export — download your sent responses, stats, and profile data.
• Delete — request complete deletion of your account and all associated data.
• Revoke — disconnect Gmail at any time from your Google Account permissions.

For GDPR and CCPA requests, contact us at kishanpicturesnyc@gmail.com.

7. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with the updated date. Continued use of Sangs after changes constitutes acceptance.