Security & Privacy

• Production deployments can encrypt Google OAuth tokens with Google Cloud KMS before storing them in the database. Local development can fall back to AES-256-GCM with a local key.
• OAuth state parameters are signed with HMAC-SHA256 to prevent CSRF attacks during the Gmail connection flow.
• All connections use HTTPS with HSTS enforced at the infrastructure level.

• CoffeePing never reads or stores the content of your existing emails.
• Reply detection uses Gmail metadata only (headers) — we check who replied, not what they said.
• Google API data is used only for user-facing outreach workflows, never for advertising, resale, or generalized model training.
• Outbound email body content is not persisted in CoffeePing databases; scheduled messages are stored as drafts in your Gmail.

We request the minimum Gmail scopes needed:

• gmail.send — Send emails on your behalf when you click Send.
• gmail.compose — Create Gmail drafts for scheduled follow-ups.
• gmail.metadata — Check thread headers to detect replies. No email content is accessed.
• userinfo.email — Verify your email address.

• Authentication is handled by Clerk, an industry-standard auth provider.
• All API routes are protected by authentication middleware.
• Database-level row security (RLS) ensures users can only access their own data.

• Export: Download all your data at any time via Settings.
• Delete: Permanently delete your account and all associated data. This also revokes our Google OAuth access.
• We do not sell your data or share it with third parties.

If you discover a security vulnerability, please report it responsibly by emailing security@coffeeping.io. We take all reports seriously and will respond promptly.