Scope of This Policy
This privacy policy applies to the Gmail Tool — a personal MCP server that provides read-only access to a single Gmail account. It is used exclusively by Yves La Rose for personal productivity purposes. It is not a commercial product or service available to the public.
What Data Is Accessed
With the user's explicit consent via Google OAuth 2.0, the Gmail Tool accesses the following from the authenticated Gmail account:
- Email thread metadata — subject lines, sender/recipient information, timestamps, and message snippets returned by Gmail search queries.
- Email body content — the full plaintext body of messages retrieved via thread fetch operations.
- Gmail labels — a list of user-defined labels on the account.
All access is read-only. The tool cannot compose, send, modify, delete, or transfer any email, attachment, or label.
How Data Is Used
Accessed data is used solely to fulfill the developer's personal assistant queries. Specifically:
- To search for and retrieve relevant email threads in response to the developer's requests.
- To read the content of specific messages when requested.
- To provide summaries of inbox state or email activity.
No email data is shared with third parties. No email data is used for training machine learning models, analytics, advertising, or any purpose outside the developer's personal assistant workflow.
Data Storage & Retention
OAuth tokens: Access and refresh tokens are stored securely in an encrypted credentials store on the developer's personal infrastructure. These tokens are never shared with third parties.
Email content: Email data is accessed in-session only. It is not persisted to disk, database, or any long-term storage beyond the duration of the active session in which it was retrieved. When the session ends, any email data held in memory is discarded.
No caching or logging: The tool does not cache email content or log message bodies. Standard server logs may record connection metadata (timestamps, request types) for operational purposes but do not include email content.
Data Sharing
We do not sell, rent, trade, or otherwise transfer any accessed Gmail data to third parties. The OAuth token is used exclusively by this tool to authenticate with Google's Gmail API.
Third-Party Services
This tool communicates with Google's Gmail API via the standard OAuth 2.0 flow. Google's privacy policy governs the underlying Gmail service. The tool itself is hosted on the developer's own infrastructure and does not rely on any additional third-party data processors.
Data Protection
OAuth tokens are stored using age encryption (age-encryption.org). The tool runs on the developer's own infrastructure with standard operating system security controls (full-disk encryption, firewall, regular updates). Access to the underlying system is limited to the developer and authorized administrators.
User Rights
Since this tool is used by the developer for their own account, rights of access, correction, and deletion can be exercised directly by revoking the OAuth grant through the Google Account permissions page at myaccount.google.com/permissions. Revocation immediately terminates all data access.
Contact
Questions about this privacy policy or data practices:
Yves La Rose
Email: hello@netherlabs.ai