Legal
Privacy Policy
This Privacy Policy describes how MailToStory("we", "us", or "our") collects, uses, stores, and shares information when you use our web application at https://mailtostory.com(the "Service").
By signing in with Google and using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Who we are
MailToStory is operated by the developer identified on the Google OAuth consent screen. For privacy questions or requests, contact us at nedix2018@gmail.com.
MailToStory is not affiliated with, endorsed by, or sponsored by Google LLC.
2. What the Service does
MailToStory connects to your Gmail account (read-only) so you can browse email threads and generate structured summaries—story narratives, timelines, and action lists—from conversations you choose to open. You can export summaries as Markdown, PDF, or Word.
3. Google user data we access
When you sign in with Google, we request the following OAuth scopes:
- openid, email, and profile — to identify your account, display your name and profile image, and maintain your session.
- https://www.googleapis.com/auth/gmail.readonly — to list threads in your Gmail inbox and read message content for threads you open, solely so we can generate summaries and show previews. We do not send email, modify labels, or delete messages.
We access Gmail data only after you sign in and only when you use features that require it (for example, loading your inbox or opening a thread).
4. How we use Google user data
We use Google user data only to provide and improve the Service:
- Authenticate you and keep you signed in.
- Fetch Gmail threads and messages you choose to view or summarize.
- Generate AI-assisted story summaries, timelines, and action lists from thread content.
- Let you export summaries and link back to original Gmail messages.
- Diagnose errors and protect the security of the Service.
We do not use Google user data to:
- Serve advertisements or sell your data.
- Build profiles for unrelated products.
- Train general-purpose machine-learning models on your emails.
- Allow humans to read your email content except as described below.
5. Google API Services User Data Policy (Limited Use)
MailToStory's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:
- We use Google user data only to provide user-facing features that are prominent in the Service and not for any other purpose.
- We do not transfer Google user data to third parties except as necessary to operate the Service (see Section 6), for legal compliance, or with your explicit consent.
- We do not use Google user data for serving ads, including retargeting or personalized advertising.
- We do not allow humans to read your Gmail content except: (a) with your affirmative agreement for a specific message or support request, (b) when necessary for security purposes (such as investigating abuse), or (c) when required to comply with applicable law.
6. Third-party services and data sharing
To operate the Service, limited data may be processed by infrastructure and API providers under our control:
- Google Gmail API — source of thread and message data you request.
- Google Gemini API— when you generate a story for a thread, relevant thread text is sent to Google's generative AI service to produce the summary. We do not send your data to Gemini except for this on-demand summarization you initiate.
- Hosting and database — account, session, and cached summary data are stored on servers we operate.
We do not sell, rent, or trade your personal information or Google user data. We may disclose information if required by law or to protect the rights, safety, and security of users and the Service.
7. What we store
We store only what is needed to run the Service:
- Account and session data — your Google account identifier, name, email address, profile image URL, OAuth tokens (including refresh tokens for Gmail read access), and session records managed by NextAuth.
- Cached story summaries — for threads you have summarized, we may store the generated story JSON (title, narrative, timeline, and actions) and Gmail message IDs so we can show results faster on repeat visits. We do not store raw Gmail message bodies in our database; message content is fetched from Gmail when needed.
- Server logs — standard technical logs (timestamps, error messages, request metadata) for reliability and security. These logs are not used to read your email content.
8. Data retention and deletion
- OAuth tokens and account records remain while your account is active.
- Cached story summaries remain until you delete your account, we delete them, or they are no longer needed to provide the Service.
- You can revoke MailToStory's access anytime in your Google Account permissions. After revocation, we can no longer access your Gmail data.
- You can sign out of MailToStory at any time. To request deletion of stored account data, email nedix2018@gmail.com.
9. Security
We use HTTPS for all production traffic, restrict database and server access, and store secrets in environment configuration. No method of transmission or storage is 100% secure; we work to protect your data using reasonable industry practices.
10. Your choices and rights
Depending on where you live, you may have rights to access, correct, or delete personal data we hold. Contact nedix2018@gmail.com to make a request. We will respond within a reasonable time.
11. Children
The Service is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version at this URL and update the effective date above. Continued use of the Service after changes means you accept the updated policy.
13. Related documents
See also our Terms of Service.