Privacy Policy

We collect the minimum data needed to operate the Service:

For the one item processed under Art. 6(1)(f) legitimate interest (aggregated domain trash counts), you have an absolute right to object under Art. 21 GDPR — see section 2c below for the balancing test and opt-out mechanism.

• We do not store the content of your emails (subject lines, bodies, attachments).
• We do not store sender email addresses (only the domain portion is retained — see section 2b below).
• We do not sell your data to any third party.
• We do not use your data for advertising.
• No Gmail user data is transferred to advertising platforms, data brokers, or sold to third parties.
• We do not use your Gmail data to develop, improve, or train generalized or non-personalized AI or ML models.

In plain English: When you tell the engine an email is trash (or you protect it from deletion), we note that pattern at the sender-domain level — never the content level — and use it to improve the scoring feature you see in your dashboard.

Specifically, we retain the following aggregated and de-identified data:

• Sender-domain trash/keep counts: e.g. "newsletter.example.com was trashed 1,237 times and protected 43 times this month (aggregated across all users)"
• Aggregate counts of which rules matched across all users, with no per-user or per-message linkage
• Engine-action outcomes (clean / protect / review), without any per-message identifiers

What we never collect even for engine improvement:

• Email subject lines
• Email bodies or attachments
• Full sender email addresses (only the domain portion, and only as an aggregate count)
• Any connection between a data point and a specific user account

This processing is limited to providing and improving user-facing features that are prominent in Gorganizer's user interface (the scoring dashboard and Clean action). All retained data is aggregated and de-identified for internal operations in accordance with applicable privacy laws. No Gmail user data is used to develop, improve, or train generalized or non-personalized AI or ML models. No Gmail user data is transferred to advertising platforms, data brokers, or sold to third parties.

Opt out at any time: email privacy@gorganizer.com and we will remove your account from the engine-improvement data set within 48 hours. The Service keeps working normally for you either way.

For the aggregated domain trash counts described in section 2b, we rely on legitimate interest (GDPR Art. 6(1)(f)). Per EDPB Guidelines 01/2024, we disclose the three-part balancing test:

• Purpose test: the processing serves a clearly legitimate interest — improving the accuracy of the user-facing scoring feature so users spend less time manually re-classifying emails and are better protected from phishing.
• Necessity test: the processing is necessary to achieve that interest. Domain-level aggregate counts cannot be derived from user content analysis (which we don't do) or from synthetic data (which wouldn't reflect real phishing-sender patterns).
• Balancing test: your interests in data minimization and privacy are protected by (a) aggregation — counts are never per-user or per-message; (b) de-identification — no account identifier is retained with the counts; (c) opt-out — you can withdraw participation at any time; (d) no content storage — we never retain email bodies, subjects, or full addresses. The remaining residual risk to you is negligible compared to the service-improvement benefit, which also flows back to you.

Your rights under Art. 21 GDPR: you have an absolute right to object to this processing at any time. If you object, we will stop using your actions for engine improvement unless we can demonstrate compelling legitimate grounds that override your interests — and we will not assert any such override. In practice, opting out always works.

Gorganizer's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Affirmative Limited-Use Disclosures

• We do not use Gmail data for serving advertising.
• We do not use Gmail data for any purpose other than providing or improving user-facing features prominent in the requesting app's user interface.
• We do not transfer Gmail data to others unless necessary to provide or improve user-facing features, comply with law, or as part of a merger or acquisition with user notice.
• Humans do not read Gmail data unless we have user consent for specific messages, it is necessary for security (e.g., investigating abuse), required by law, or the data has been aggregated and de-identified for internal operations in accordance with applicable privacy laws.
• Gmail user data is not used to develop, improve, or train generalized or non-personalized AI or ML models.

Gorganizer uses the Gmail API solely to:

• Read email metadata (headers, labels, snippets) to score emails.
• Move emails to Gmail Trash when you click Clean.
• Apply Gmail labels to organize your inbox.

Email content is never stored. It is processed in-memory during your scan/clean request and immediately discarded.

Your account data (name, email, payment status, settings) is stored in a PostgreSQL database hosted by Supabase (EU region). OAuth tokens are stored encrypted at rest. Email content is never written to disk (see section 4).

• User identity: retained until account deletion + 30-day grace period.
• OAuth refresh token: retained until you disconnect or after 180 days of non-use, whichever is sooner.
• Processing history: 12 months rolling, then automatically purged.
• AI usage records: 90 days.
• Stripe / payment records: 7 years (required by tax law).
• Server logs: 30 days.

You can request deletion at any time by emailing privacy@gorganizer.com. We will delete all your personal data within 30 days of a verified request (payment records are retained for the legally required 7-year period).

You can also disconnect Gorganizer from your Google account at any time at myaccount.google.com/permissions. Revoking OAuth access prevents further Gmail operations but does not automatically delete your account data — email us to complete full deletion.

We share data with the following subprocessors solely to operate the Service:

Each subprocessor is bound by a Data Processing Agreement (DPA) and may only process your data on our documented instructions.

See our subprocessors page for the authoritative, up-to-date list with regions, data shared, and direct DPA links.

Gorganizer uses AI classification (powered by Anthropic Claude) to help categorise emails that the rule-based scoring engine cannot confidently classify. When AI classification runs:

• Only anonymised metadata summaries are sent to Anthropic's API — never full email body text, recipient addresses, or attachment contents.
• Anthropic operates under a zero-retention addendum: API inputs are not stored beyond the duration of the request and are never used to train models.
• Your Gmail data is not used to develop, improve, or train any AI or machine learning model — whether personalised or generalised.
• You can review Anthropic's privacy policy at anthropic.com/privacy.

If you are in the EU/EEA, you have the right to:

• Access (Art. 15): request a copy of all personal data we hold about you.
• Rectification (Art. 16): correct inaccurate or incomplete data.
• Erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Portability (Art. 20): receive your data in a structured, machine-readable format.
• Restriction (Art. 18): request that we limit how we process your data.
• Objection (Art. 21): object to processing based on legitimate interests.
• Withdraw consent: change your mind and stop us processing your data at any time — this doesn't affect anything we did before you withdrew.
• Lodge a complaint: lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten — www.imy.se).

To exercise any of these rights, email privacy@gorganizer.com. We will respond within 30 days. To delete your account, email us at support@gorganizer.com and we will process your request within 30 days per GDPR Article 17.

Most of our infrastructure runs in the EU (see Subprocessors above). Two providers are US-based: Resend (transactional email) and Anthropic (AI classification). For both, we have Standard Contractual Clauses (SCCs) in place — a legal mechanism approved by the EU that requires US companies to protect your data to the same standard as if it were stored in Europe.

We only transfer data to countries or services with adequate privacy protections.

If a data breach ever occurs, we will:

• Report it to the relevant privacy regulator within 72 hours of discovering it.
• Email affected users promptly if the breach could put them at risk.
• Document what happened, what data was affected, and what we did to fix it.

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have the following rights under applicable state privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, NJDPA, DPDPA, and others):

• Right to Know / Access what personal information we hold about you.
• Right to Correct inaccurate personal information.
• Right to Delete your personal information, subject to legal retention obligations.
• Right to Portability — receive your data in a machine-readable format.
• Right to Opt-Out of sale / sharing / targeted advertising (we do not do any of these; the right is disclosed for completeness).
• Right to Limit Use of Sensitive Personal Information (see Sensitive PI note below).
• Right to Opt-Out of Profiling with legal or similarly significant effects.
• Right to Non-Discrimination — exercising any of these rights will never affect your service or pricing.
• Right to Appeal a denied request (where your state law provides it — VA, CO, CT, NJ, DE, MN, TN, TX, NE, NH, RI).

How to exercise your rights: email privacy@gorganizer.com. We will verify your identity (we may ask you to sign in via the same Google account you registered with) and respond within 45 days. We may extend the window once by an additional 45 days for complex requests, with written notice. If we deny a request, you may appeal by replying within 60 days; unresolved appeals may be escalated to your state Attorney General.

Global Privacy Control (GPC): if your browser sends a GPC signal, we honor it as a valid opt-out of sale / sharing / targeted advertising — even though we do not engage in any of those activities. Your opt-out preference will be recorded.

Sensitive personal information processing: the scoring engine transiently processes email metadata and body snippets to detect phishing, which may incidentally include patterns that look like SSNs, credential strings, or government IDs (inside phishing emails the engine is detecting, not collecting). This transient processing is used solely for security and spam detection per CCPA §7027(m) and equivalent state-law exceptions, and is never retained, sold, or used for advertising or AI/ML training. No sensitive personal information of yours is stored on our servers.

Texas (TDPSA) required notice: We do NOT sell your sensitive personal data. We do NOT sell your biometric personal data. We do NOT sell genetic data. (We do not sell any personal data.)

California (CCPA/CPRA) specific disclosures: We have not sold or shared personal information in the preceding 12 months. We do not use or disclose sensitive personal information for any purpose other than providing the Service, security, and legally required disclosures. The categories of personal information we collect (mapped to Cal. Civ. Code §1798.140(v)): identifiers (name, email, Google sub), commercial information (payment status), internet activity (in-app usage stats), and inferences (engine-derived aggregates). We collect no biometric, geolocation, racial/ethnic origin, religious, union-membership, health, sex-life, or sexual-orientation data.

A “Your Privacy Choices” link is available in the website footer for California, Colorado, Connecticut, and similar states' opt-out preferences.

Gorganizer is not directed at children. You must be at least 16 years old to use the Service (or 13 if you are outside the EU/EEA where the lower COPPA threshold applies, but we apply the stricter 16-year threshold globally). We do not knowingly collect personal data from anyone under 16. If you believe a minor has registered, email us and we will delete the account promptly.

Strictly-necessary cookies (always on). We set a single first-party session cookie (next-auth.session-token) to keep you signed in. This cookie is required for the app to function — you cannot use Gorganizer without it — and under the EU ePrivacy Directive (Art. 5(3)) it does not require consent.

Optional analytics cookies + localStorage (consent required). Once you clickAccept all in the cookie banner shown on your first visit, we load PostHog for product analytics. PostHog sets a small number of first-party cookies plus localStorage entries to identify a returning browser and deduplicate page-view events. We never send Gmail content, message bodies, OAuth tokens, or other email headers to PostHog — only page paths, event names, and (once signed in) your Gorganizer account email + paid/free tier. Autocapture is disabled.

Your choice. If you click Reject optional in the banner, PostHog is not loaded and no analytics cookies or localStorage entries are set. Your choice is stored in your browser's localStorage (not a cookie) so we can respect it on return visits. If we ever update this policy in a way that changes how analytics work, we bump the consent version and the banner re-appears so you can make a fresh choice.

No advertising cookies, ever. We do not run advertising, retargeting, or cross-site tracking cookies. No Facebook Pixel, no Google Ads, no ad networks.

We may update this Privacy Policy from time to time. The effective date at the top will always reflect the latest version. For significant changes we will notify you by email or with an in-app banner before the change takes effect. Continuing to use Gorganizer after that date means you accept the updated policy.

Privacy questions, data requests, or complaints: privacy@gorganizer.com