Privacy Policy

1. What DUGGAI Does

DUGGAI is an AI-powered email assistant. It reads your emails, classifies them into categories, generates draft replies, and connects to apps like Notion, Slack, Google Drive, and Google Calendar to provide context-aware responses.

By default, all drafts require your review before sending. If you enable auto-send in your settings, DUGGAI will automatically send AI-generated replies to emails it classifies as needing a response.

2. What Data We Collect

Account Data

Your name, email address, and authentication tokens when you sign up via OAuth (Google, Microsoft). We never see or store your password.

Email Data

We access and store your email content, metadata (sender, recipient, subject, timestamps), and attachment metadata (filename, type, size) through Gmail or Outlook APIs via Composio. Actual attachment files are not stored; they are fetched on-demand from your email provider when you request them.

Connected App Data

If you connect Notion, Slack, Google Drive, Google Calendar, or other services, we access and permanently store text chunks from those services in our database for semantic search (RAG). This data powers context-aware draft generation. Disconnecting an app stops new data collection but does not automatically delete previously indexed data. To delete all indexed data, you must delete your DUGGAI account.

AI-Generated Data

We store AI-generated content associated with your account, including email classifications, labels, draft replies, chat messages, embeddings, and usage logs.

AI Judgment Profile (Opt-In)

If you enable the AI Judgment feature, DUGGAI analyzes your sent emails, connected app data (Slack messages, Notion pages, Calendar events), and your responses to email scenarios to build a personalized judgment profile. This profile captures your writing tone, reply patterns, relationship dynamics, and decision-making preferences. The profile is stored in our database and injected into AI prompts to help the AI act more like you. This feature is entirely opt-in and can be disabled at any time in Settings. When disabled, no judgment data is used in AI prompts. You can delete your judgment profile at any time by disabling the feature.

AI Memories

When AI Judgment is enabled, DUGGAI automatically learns from your actions (sending emails, changing labels, editing drafts) to build persistent memories about your preferences. These memories are stored with embeddings for semantic retrieval and are used to improve future AI behavior. Memories can be viewed, edited, and deleted in Settings. Disabling AI Judgment stops new memory creation but does not delete existing memories. Deleting your account deletes all memories.

Usage Data

We collect data on how you interact with DUGGAI, including features used, emails classified, drafts generated, auto-sent emails, and rate limit usage. This helps us improve the product and enforce usage limits.

3. How We Use Your Data

We use your data to:

• Classify and organize your inbox into categories (To Respond, FYI, Marketing, etc.)
• Generate draft email replies using AI with context from your connected apps
• Send emails on your behalf if you have enabled auto-send in your settings
• Learn your writing style and tone to improve draft quality within your account
• Provide semantic search across your connected apps (RAG)
• Enforce usage limits based on your plan (Free, Trial, Pro)
• Improve DUGGAI's features, classification accuracy, and draft quality
• Provide customer support
• Detect and prevent abuse, fraud, and violations of our Terms of Service

Internal Product Improvement

DUGGAI team members may access email data, classification results, and draft quality metrics to improve classification algorithms, draft accuracy, tone matching, and product features. This access is restricted to authorized personnel, granted on a need-to-know basis, and conducted solely for the purpose of improving DUGGAI. We will never publish, share externally, or sell any data accessed for product improvement purposes.

4. How We Do NOT Use Your Data

• We do not sell your data to anyone, ever
• We do not use your data for advertising or targeted marketing
• We do not use your emails to train public or third-party AI models
• We do not share your email content with other DUGGAI users
• We do not store your email password (we use OAuth exclusively)
• We do not store email attachment files (only metadata)

5. Privacy Controls

You are in control of your data:

• Exclude specific contacts: You can restrict DUGGAI from processing emails from specific email addresses (e.g., HR, legal, or confidential conversations)
• Auto-send controls: Auto-send is off by default. You can enable or disable it at any time. You can configure auto-send to apply only to specific contacts, all contacts, or all contacts except those you exclude. You can set custom AI rules for auto-send behavior.
• Auto-send visibility: All auto-sent emails are logged and visible in your Sent tab with an “Auto-sent” badge. You can review what DUGGAI sent on your behalf at any time.
• Disconnect apps: You can disconnect any connected app at any time, which immediately stops new data collection from that service
• Delete your account: You can delete your account at any time from Settings. This permanently deletes all your data across all 14 data tables, your profile, and your authentication record within our system. Deletion is confirmed via a two-step process.

6. Third-Party Services

Your data is processed by the following services to deliver DUGGAI's features:

Supabase (Database and Authentication)

Stores your account data, emails, classifications, embeddings, connected app data, and usage logs. Data is encrypted at rest (AES-256) and in transit (TLS). Row Level Security ensures each user can only access their own data. supabase.com/privacy

OpenRouter (AI Model Routing)

Routes your email content and connected app data to AI language models for classification and draft generation. OpenRouter does not log prompts or completions by default. We have disabled all training options and do not opt in to prompt logging. OpenRouter stores only request metadata (timestamps, token counts). openrouter.ai/privacy

Composio (OAuth and API Integrations)

Manages connections to Gmail, Outlook, Notion, Slack, Google Drive, and Google Calendar. Handles OAuth authentication and API calls to your connected services. composio.dev/privacy

Vercel (Hosting)

Hosts the DUGGAI web application. vercel.com/legal/privacy-policy

Resend (Transactional Email)

Sends account-related emails (confirmation, password reset, notifications). Does not process your inbox data. resend.com/legal/privacy-policy

Each third-party service operates under its own privacy policy and terms. We configure these services to minimize data exposure and do not enable optional data sharing, training, or logging features offered by these providers. However, we cannot guarantee that third-party services will not change their policies. We recommend reviewing their policies directly.

7. Data Storage and Security

• All data is encrypted in transit using TLS 1.2+
• Data at rest is encrypted via Supabase (AES-256)
• We use OAuth for authentication and never store your email password
• Row Level Security (RLS) is enabled on all user data tables, ensuring each user can only query their own data
• All backend API access requires authentication; admin routes require a separate token with 8-hour expiration
• API requests are rate-limited (60 requests per minute globally; additional plan-based limits on AI features)
• AI-generated drafts, classifications, and chat messages are visible only to you

8. Data Retention and Deletion

We store your data for as long as your account is active. When you delete your account:

• All data is permanently deleted across all database tables, including emails, classifications, drafts, chat history, connected app data, embeddings, usage logs, and your profile
• Your Supabase authentication record is deleted
• All active access to your email and connected apps is immediately revoked
• DUGGAI can no longer read, process, or generate drafts from your data
• Deletion is irreversible

You may still see labels or folders previously created in your email provider (e.g., Gmail labels). These are native to your email provider and can be removed manually. Their presence does not indicate ongoing access by DUGGAI.

9. Data Export

We do not currently offer a self-service data export feature. If you wish to obtain a copy of your data, contact us at privacy@duggai.com and we will provide it within 30 days.

10. Your Rights

You have the right to:

• Access your data by contacting privacy@duggai.com
• Delete your account and all associated data at any time from Settings
• Disconnect any connected app at any time
• Exclude specific email addresses from AI processing
• Disable auto-send at any time
• Review all auto-sent emails in your Sent tab
• Request data export by contacting privacy@duggai.com

11. California Residents (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how we use it; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights.

To exercise these rights, contact privacy@duggai.com.

12. International Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under applicable data protection laws, including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing your data is your consent (provided when you create an account and connect services) and our legitimate interest in providing and improving DUGGAI. Contact privacy@duggai.com to exercise these rights.

13. Children

DUGGAI is not intended for users under the age of 13. We do not knowingly collect data from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

14. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the app at least 14 days before they take effect. Your continued use of DUGGAI after the effective date of a revised policy constitutes your acceptance of the changes.

15. Contact

Questions about privacy? Contact us at: privacy@duggai.com