Privacy Policy

1. Roles Under Data Protection Law

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR):

• You, as the Google account holder, are the Data Controller of your email content.
• AutoLabler acts as a Data Processor, processing email data solely on your instructions to provide labeling functionality.

2. Legal Basis for Processing

AutoLabler processes data only where permitted by law, based on:

• Your explicit consent when installing the add-on and approving requested Google permissions (Article 6(1)(a) GDPR);
• The performance of a contract, namely providing the Service you request (Article 6(1)(b) GDPR).

3. Data Processed

• Email content: Limited portions of email text necessary to determine topic relevance.
• Label metadata: Existing Gmail label names and structures.

The Service does not process contacts, calendar data, or files stored outside Gmail.

4. Permissions Transparency (Why we need "Modify")

Google identifies the "gmail.modify" scope as having broad access. However, AutoLabler uses this permission only for the following specific actions:

• Label Management: Creating, applying, or removing labels from specific email threads based on your matching rules.
• Organization: Moving threads to the Archive or Trash folders when you specifically trigger those actions.

What we NEVER do: AutoLabler will never compose emails, send emails on your behalf, or delete your entire inbox. Our code is designed to interact only with the specific threads you are currently viewing or processing.

5. Data Storage and Retention

• No external databases or user profiles are maintained.
• Email content is processed transiently within the Google Apps Script execution environment.
• Temporary caching may occur using Google’s internal CacheService and is automatically deleted by Google.
• Technical execution logs may be generated by Google Workspace but do not include full email content.

6. Data Transfers and International Processing

The Service operates on Google infrastructure. Data may therefore be processed on servers located outside the European Economic Area. Google applies appropriate safeguards, including Standard Contractual Clauses, to such transfers.

7. Security Measures

AutoLabler relies on Google Workspace security controls, including encryption at rest and in transit, OAuth-based access controls, and least-privilege permission design. AutoLabler relies on Google Workspace security controls. Because the service is built on Google Apps Script, the "Modify" permissions are transient and tied to your active session. No "permanent" access token is stored on external servers, and your email modification rights are never shared with any third party.

8. Data Subject Rights

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction or objection
• Right to lodge a complaint with a supervisory authority

You may exercise these rights by revoking the add-on’s permissions in your Google Account or by contacting us directly.

9. Breach Notification

In the event of a personal data breach affecting user data, we will notify affected users and relevant authorities as required by applicable law.

10. Third-Party Access

AutoLabler does not share, sell, or disclose Gmail data to third parties. No data is used for advertising, analytics profiling, or marketing purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the effective date above.