Security & Privacy

• Google OAuth access and refresh tokens are encrypted at the application layer before being written to the database. Production uses Google Cloud KMS for managed key protection; local development can fall back to AES-256-GCM with a local key.
• Other application data, including outbound email bodies, is stored in our managed Postgres database under the database provider's storage-level encryption at rest. Email bodies are not currently encrypted at the application layer beyond that.
• OAuth state parameters are signed with HMAC-SHA256 to prevent CSRF attacks during the Gmail connection flow.
• All connections use HTTPS with HSTS enforced at the infrastructure level.

• CoffeePing never reads or stores the content of emails you receive. We only access outbound messages you author inside CoffeePing.
• Reply detection uses Gmail thread metadata only — we read the From header to determine whether someone other than you has replied, and never the message body.
• Outbound email bodies you compose in CoffeePing (initial drafts and scheduled follow-ups) are stored in our managed Postgres database so we can schedule sends, thread follow-ups correctly, and show you your outreach history. Scheduled follow-ups are also mirrored as drafts into your Gmail account.
• Bodies remain stored until you delete the associated contact or your CoffeePing account, which cascades to remove all related sequences, emails, and message bodies. There is no fixed retention window beyond user deletion.
• Google API data is used only for user-facing outreach workflows, never for advertising, resale, or generalized model training.

We request the minimum Gmail scopes needed:

• gmail.send — Send emails on your behalf when you click Send.
• gmail.compose — Create Gmail drafts for scheduled follow-ups.
• gmail.metadata — Check thread headers to detect replies. No email content is accessed.
• userinfo.email — Verify your email address.

• Authentication is handled by Clerk, an industry-standard auth provider.
• All API routes are protected by authentication middleware.
• Database-level row security (RLS) ensures users can only access their own data.

• Export: Download all your data at any time via Settings.
• Delete: Permanently delete your account and all associated data. This also revokes our Google OAuth access.
• We do not sell your data or share it with third parties.

If you discover a security vulnerability, please report it responsibly by emailing security@coffeeping.io. We take all reports seriously and will respond promptly.