Privacy Policy

What We Collect

We collect account information (name, email, auth identifiers), networking data you add (contacts, notes, flags), and operational metadata needed to run the product.

Email Content Handling

CoffeePing does not persist outbound email body content in its own database. Scheduled messages are stored as drafts in your Gmail account. Sent messages remain in your Gmail mailbox. CoffeePing stores message metadata (for example subject, status, timestamps, thread/message IDs) to power workflow automation.

Gmail Access

We request only the Gmail permissions required for product functionality (sending email, creating drafts for scheduled follow-ups, and reply-detection metadata). We do not fetch full inbox content for general reading.

CoffeePing uses Google API data only to provide the features you explicitly enable inside the product, such as sending outreach, storing follow-up drafts in Gmail, and stopping sequences when a reply is detected from message metadata.

Security

OAuth credentials are encrypted at rest. Production deployments can use Google Cloud KMS for managed key protection, while local development can fall back to AES-256-GCM with a local key. Access controls and audit logging are applied to sensitive operations.

Google API Data Use

CoffeePing's use of information received from Google APIs is limited to delivering and securing the features described in this policy. We do not use Gmail API data for advertising, data resale, or generalized model training.

Your Rights

You can export your account data and request account deletion from within the app. Deletion removes your CoffeePing data, subject to required legal retention obligations.