Privacy Policy

Velnox (“Velnox,” “we,” “us,” or “our”) provides an AI-powered email assistant that connects to your Google Gmail account, syncs your conversations, analyzes them to assign priority and risk, generates summaries and suggested replies, and surfaces productivity insights. This Privacy Policy describes how we collect, use, store, share, and protect information when you use our website and application (the “Service”).

By creating an account or connecting your Gmail to Velnox, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

We collect the following categories of information:

• Account information. When you sign up, we collect your name, email address, and authentication credentials managed through our authentication provider (Supabase). If you sign in with Google, we receive your basic Google profile (name, email address, and profile picture).
• Gmail content and metadata. When you connect Gmail through Google OAuth, we access the messages and threads in your inbox so the Service can function. This includes message senders and recipients, subject lines, message bodies, timestamps, thread identifiers, and Gmail history identifiers used for incremental syncing. We sync up to your recent inbox conversations and store them in our database to power your prioritized inbox.
• OAuth tokens. We store the access and refresh tokens that authorize Velnox to reach the Gmail API on your behalf. These tokens are encrypted at rest.
• AI-generated data. Analysis we derive from your conversations — priority scores, risk levels, sentiment, summaries, and suggested replies — is stored alongside the relevant conversation.
• Usage and device data. Like most web applications, we automatically receive standard log data such as IP address, browser type, pages visited, and timestamps when you interact with the Service.

We do notask for or store your Google account password. Access is granted exclusively through Google’s secure OAuth consent flow, which you can revoke at any time.

We use the information we collect to:

• Authenticate you and maintain your account.
• Sync, display, and organize your client conversations within your prioritized inbox.
• Run AI analysis that assigns priority and risk, detects conversations going cold, and drafts suggested replies.
• Send replies in your Gmail threads when you explicitly choose to do so.
• Generate productivity insights, analytics, and relationship-health metrics for your own workspace.
• Maintain the security, reliability, and performance of the Service, and diagnose technical issues.
• Communicate with you about your account, important changes, and support requests.

We do not sell your personal information or your email content, and we do not use the content of your emails for advertising or to train generally available AI models.

To analyze your conversations, the relevant message content is sent to our AI provider, Google’s Gemini API, which returns the analysis (priority, risk, sentiment, summaries, and suggested replies). This processing happens only to provide features within your own workspace.

Email content processed through the Gemini API is handled under Google’s applicable API terms and is not used to train Google’s generally available models when accessed via the paid API tier. We send only the data needed to perform the requested analysis.

We use strictly necessary cookies to keep you signed in and to maintain your session securely. These include the authentication and session cookies set by our authentication provider, as well as a short-lived state cookie used to protect the Gmail connection flow against cross-site request forgery.

We may use privacy-respecting, aggregate analytics to understand how the Service is used and to improve it. Where analytics are used, they are limited to product usage signals and do not include the content of your emails. You can control non-essential cookies through your browser settings; disabling strictly necessary cookies may prevent the Service from functioning.

We rely on a small set of trusted infrastructure providers (sub-processors) to operate the Service. Each receives only the data needed to perform its function:

• Google (Gmail API & OAuth).Provides email sync, message sending, and sign-in. Governed by Google’s Privacy Policy.
• Google Gemini API. Performs the AI analysis of conversation content.
• Supabase. Provides authentication and our managed PostgreSQL database where your data is stored.
• Vercel. Hosts and serves the application.

We do not share your personal information with third parties for their own marketing. We may disclose information if required by law, to enforce our agreements, or to protect the rights, safety, and security of our users and the Service.

We retain your account information and synced conversation data for as long as your account is active and you keep Gmail connected, so the Service can continue to function. When you disconnect Gmail, delete a conversation, or close your account, we delete the associated synced messages, analysis, and stored OAuth tokens within a reasonable period, except where we are required to retain certain records to comply with legal obligations or resolve disputes.

You can request deletion of your data at any time by disconnecting your integration or contacting us at the address below.

We apply technical and organizational safeguards designed to protect your information, including:

• Encryption of your Google OAuth tokens at rest using AES-256-GCM.
• Encryption in transit (HTTPS/TLS) for all data moving between your browser, our servers, and our providers.
• Scoped, owner-checked access so users can only reach their own conversations and integrations.
• Use of reputable, security-conscious infrastructure providers.

No method of transmission or storage is completely secure, so while we work hard to protect your information we cannot guarantee absolute security.

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information (the “right to be forgotten”).
• Withdraw consent and disconnect Gmail at any time, which stops further syncing.
• Object to or restrict certain processing, and request a copy of your data in a portable format.

You can disconnect Gmail from the Integrations area of the app, and you can revoke Velnox’s access directly from your Google Account permissions. To exercise any of these rights, contact us at sagindiktar@gmail.com.

Velnox’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, we only use Google user data to provide and improve user-facing features of Velnox; we do not transfer or sell this data for advertising, and we do not use it for any purpose unrelated to the Service. Humans do not read your Gmail data except where you explicitly request support, where required for security or to comply with the law, or in aggregated, anonymized form.

Velnox is operated with infrastructure that may process and store data in countries other than your own, including the United States. Where data is transferred internationally, we rely on appropriate safeguards and our providers’ compliance frameworks to protect it consistent with this policy.

Velnox is a business productivity tool intended for users aged 18 and over. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you within the Service. Your continued use of Velnox after an update means you accept the revised policy.

If you have questions about this Privacy Policy or how we handle your data, contact us at sagindiktar@gmail.com.