Privacy Policy

1. Overview

Sergei's Agent is a personal email search tool designed for individual use. This privacy policy explains how your data is handled when you use Sergei's Agent to access your Gmail account.

Key principle: All your email data stays on your infrastructure. Sergei's Agent does not send your emails to any external servers or third parties.

2. What Data We Access

When you authorize Sergei's Agent, it requests access to:

• Email content: Subject, body, sender, recipient, date, and labels
• Email metadata: Thread IDs, message IDs, and attachment presence
• Labels: Gmail labels and categories

OAuth Scopes: Sergei's Agent uses the following Google OAuth scopes:

• gmail.readonly - Read email data
• gmail.modify - Mark emails as read/unread (optional, for monitoring features)

3. How We Use Your Data

Your email data is used exclusively for the following purposes:

• Local indexing: Creating a searchable index on your machine
• Search: Enabling you to search your emails using keywords and semantic search
• Monitoring: Notifying you of new emails matching your criteria

Your data is NOT used for:

• Training machine learning models
• Advertising or marketing
• Sharing with third parties
• Any purpose other than providing search functionality to you

4. Where Your Data is Stored

Local Storage: All email content is stored on your infrastructure:

• Your personal computer, server, or cloud instance
• LanceDB vector database (locally on your machine)
• SQLite database for sync tracking (locally on your machine)

Cloud Storage (Optional): OAuth credentials only:

• AWS Systems Manager Parameter Store (encrypted with KMS)
• Contains only OAuth access/refresh tokens, not email content
• Used solely for authentication, not data storage

5. Data Security

Sergei's Agent implements the following security measures:

• OAuth 2.0: Industry-standard authorization protocol
• Encryption at rest: OAuth tokens encrypted with AWS KMS
• Encryption in transit: All connections use TLS 1.2 or higher
• Minimal permissions: Requests only necessary Gmail scopes
• No external access: Email data never leaves your infrastructure

6. Data Retention

• Email data: Stored locally on your machine until you delete it
• OAuth tokens: Stored until you revoke access or re-authorize
• Sync metadata: Stored locally for incremental sync functionality

You have full control over data retention. You can delete all data at any time by:

• Deleting the local data directory
• Revoking OAuth access in your Google Account settings

7. Third-Party Services

Sergei's Agent interacts with the following third-party services:

• Google Gmail API: To sync your emails. Google's privacy policy applies: https://policies.google.com/privacy
• AWS (Optional): For OAuth credential storage only. AWS privacy policy applies: https://aws.amazon.com/privacy/

No email content is sent to any third-party service.

8. Your Rights

You have the following rights regarding your data:

• Access: All data is stored locally - you have full access
• Deletion: Delete local data at any time
• Revocation: Revoke OAuth access anytime via Google Account settings
• Export: Your data is in standard formats (Maildir, LanceDB) and can be exported
• Portability: You can move your data to another system at any time

9. Google API Services User Data Policy Compliance

Sergei's Agent's use of information received from Gmail APIs adheres to Google API Services User Data Policy , including the Limited Use requirements.

Specifically:

• Sergei's Agent only uses Gmail data to provide search functionality
• Sergei's Agent does not transfer Gmail data to third parties
• Sergei's Agent does not use Gmail data for serving ads
• Sergei's Agent does not use Gmail data for purposes unrelated to search

10. Children's Privacy

Sergei's Agent is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this page.

12. Data Breach Notification

Since all email data is stored on your infrastructure, you are responsible for:

• Securing your server/computer
• Backing up your data
• Monitoring for unauthorized access

OAuth tokens stored in AWS are protected by AWS security measures. In the event of a breach affecting OAuth tokens, AWS would notify you per their security policies.

13. Open Source

Sergei's Agent is open source. You can review the code to verify how your data is handled:

• All source code is available for inspection
• You can audit data flows and security measures
• You can modify the code to meet your privacy requirements

14. Privacy Questions

This is a personal tool for individual use. For privacy-related questions:

• Review the open-source code to verify data handling
• Check your Google Account's connected apps to manage or revoke access
• Delete the application data from your local storage at any time
• Review the Terms of Service for additional details

All email data remains on your infrastructure. You have full control over your data and can remove the application at any time.

15. Jurisdiction

Sergei's Agent is a personal tool and is not operated as a commercial service. This policy is provided for transparency and to comply with Google's OAuth publishing requirements.