Privacy Policy

What We Collect

We collect account information (name, email, auth identifiers), networking data you add (contacts, notes, flags), and operational metadata needed to run the product.

Email Content Handling

When you compose an email or schedule a follow-up in CoffeePing, the full message body is stored in our database. Scheduled follow-ups are also saved as drafts in your Gmail account so they are visible to you there before they send.

We retain outbound content after send so you can review your outreach history, so we can thread follow-ups correctly against prior messages, and so we can maintain an audit trail of what was sent from your account. Bodies remain stored until you delete the associated contact or your CoffeePing account, which cascades to remove all related sequences, emails, and message bodies. We do not have a fixed retention window beyond user deletion.

Outbound bodies are stored in our managed Postgres database under the database provider's storage-level encryption. Google OAuth access and refresh tokens are additionally encrypted at the application layer using Google Cloud KMS or AES-256-GCM before being written. Email bodies are not currently encrypted at the application layer.

CoffeePing does not read or store the contents of emails you receive. The only Gmail data we access is the outbound email you author inside CoffeePing and the From header of messages in threads you have sent to (used to detect replies so follow-up sequences stop).

Gmail Access

We request only the Gmail permissions required for product functionality: sending email you have authored in CoffeePing, creating Gmail drafts for scheduled follow-ups, and reading thread metadata (sender headers only) for reply detection. We do not fetch full inbox content.

CoffeePing uses Google API data only to provide the features you explicitly enable inside the product, such as sending outreach, mirroring follow-up drafts into Gmail, and stopping sequences when a reply is detected from message metadata. Google API data is never used for advertising, resale, or generalized model training.

Security

OAuth credentials are encrypted at rest at the application layer. Production deployments use Google Cloud KMS for managed key protection; local development falls back to AES-256-GCM with a local key. Access controls, row-level security, and audit logging are applied to sensitive operations.

Google API Data Use

CoffeePing's use of information received from Google APIs is limited to delivering and securing the features described in this policy. We do not use Gmail API data for advertising, data resale, or generalized model training.

Third-Party Data Sharing

CoffeePing relies on a small set of third-party service providers to operate the product. Each one acts as a processor on our behalf and receives only the data necessary for its specific role. We do not sell user data, we do not share user data with advertisers or data brokers, and we do not use Google user data — or any email content — to train AI models, ours or anyone else's.

• Supabase— managed Postgres database hosting. Stores user accounts, contacts, sequences, outbound email subjects and bodies that you authored in CoffeePing, send metadata, and Google OAuth access and refresh tokens (encrypted at the application layer with Google Cloud KMS before being written).
• Vercel— application and serverless function hosting. All requests to CoffeePing are served from Vercel's infrastructure. Vercel functions make the outbound calls to the Gmail API, the Supabase database, and the other providers below. Vercel may retain operational logs (request paths, timings, error traces) for service reliability. We do not log email body content or OAuth credentials. Logs are retained per Vercel's standard retention policy and are not used for marketing or sold to third parties.
• Anthropic— AI provider for email drafting. Receives the contact's name, role, firm, public profile context you added, and (for follow-up generation) the subjects and bodies of prior outbound drafts in the current compose flow, so the model can write a personalized message. Anthropic does not receive Gmail inbox contents, sent-message contents from your mailbox, OAuth tokens, or your password. Per Anthropic's commercial API terms, inputs and outputs from CoffeePing's API calls are not used to train Anthropic's models by default.
• Inngest— background job orchestration. Schedules and executes follow-up sends, reply-detection checks, and cleanup jobs. Inngest receives job names, schedules, and identifiers (user IDs, email IDs); it does not receive email body content.
• Clerk— authentication provider. Manages sign-in, sign-up, and sessions. CoffeePing is passwordless: you sign up with Google SSO and sign in with Google SSO or a one-time code emailed to you — no password exists for your account. Clerk receives your name and login email; it does not receive your Gmail content, your contact list, or any email bodies.
• PostHog— product analytics. Receives page-view and product usage events. If you are signed in, your account is identified to PostHog by your user ID, name, and login email so we can understand how the product is used; identification happens only inside the authenticated application. PostHog never receives your Gmail content, contacts, email subjects or bodies, or OAuth tokens.
• Sentry— error monitoring. Receives error reports (stack traces and request metadata) when something goes wrong, so we can fix it. Events are scrubbed before transmission: values that look like credentials, tokens, secrets, or passwords are redacted. Sentry never intentionally receives email bodies or OAuth tokens.
• Google Cloud KMS— managed encryption key service. Performs envelope encryption and decryption of OAuth access and refresh tokens. KMS receives only ciphertext and key references; it never receives Gmail content or email bodies.

We do not voluntarily disclose Google user data to government authorities, law enforcement, or third parties beyond what is described above and what is legally required. We may disclose user data if we are legally required to do so — for example, in response to a valid subpoena, court order, or other lawful demand. Where we are legally permitted to do so, we will notify the affected user before complying so they have an opportunity to seek protective relief.

Your Rights

You can export your account data and request account deletion from within the app. Deletion removes your CoffeePing data, subject to required legal retention obligations.