Privacy Policy

Last Updated: November 23, 2025

1. Introduction

Vesper ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email automation service (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you sign up, we collect your name, email address, and profile information from your Google account.
  • Knowledge Base Content: Documents and files you upload to your knowledge base for AI context (PDFs, text files, Word documents, etc.).
  • User Preferences: Settings you configure, including email categories to monitor, auto-reply preferences, and notification settings.

2.2 Information We Collect Automatically

  • Email Content: We access and process the content of your unread emails, including sender information, subject lines, message bodies, and conversation history.
  • OAuth Tokens: Access and refresh tokens from Google OAuth to authenticate with Gmail on your behalf. These are encrypted and securely stored.
  • Processing Logs: Records of email processing activities, including timestamps, processing status, and AI-generated responses.
  • Usage Data: Information about how you interact with the Service, including pages visited, features used, and time spent on the platform.

2.3 Third-Party Data

  • Google Services: We receive data from Google through their OAuth and Gmail API services.
  • AI Processing: Email and knowledge base content is sent to Google's Gemini AI for processing and response generation.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the email automation service
  • Process your emails and generate contextually relevant responses using AI
  • Create email drafts or send automated replies based on your preferences
  • Manage your account and provide customer support
  • Detect, prevent, and address technical issues or security threats
  • Send you technical notices, updates, and administrative messages
  • Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do not sell or rent your personal information. We may share your information in the following circumstances:

4.1 Service Providers

  • Google (Gmail & Gemini AI): We use Google services to access your emails and process them with AI. Google's use of your data is subject to their privacy policy.
  • Supabase: Our database provider that stores your account information, preferences, and processing logs.
  • Vercel: Our hosting and infrastructure provider.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: OAuth tokens are encrypted in our database using pgcrypto. Data in transit is encrypted using TLS/SSL.
  • Access Controls: We use Row Level Security (RLS) in our database to ensure users can only access their own data.
  • Secure Authentication: We use NextAuth.js with Google OAuth 2.0 for secure authentication.
  • Regular Security Reviews: We conduct periodic security assessments and updates.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained until you delete your account.
  • Email Processing Logs: Retained for operational purposes and may be automatically deleted after a certain period.
  • Knowledge Base Content: Retained until you delete it or close your account.
  • OAuth Tokens: Retained while your account is active and deleted upon account closure.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your account and associated data.
  • Revoke Access: Disconnect your Google account at any time through your dashboard or Google account settings.
  • Opt-Out: Disable email polling and automated responses in your preferences.
  • Export: Request an export of your data in a portable format.

To exercise these rights, please contact us at burakaliunlu@gmail.com or use the settings in your dashboard.

8. Google API Services User Data Policy

Vesper's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to Gmail data necessary to provide our email automation service.
  • We do not use Gmail data for advertising purposes.
  • We do not allow humans to read your emails unless you explicitly request support assistance.
  • We do not transfer Gmail data to third parties except as necessary to provide the Service (e.g., AI processing) or as required by law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: burakaliunlu@gmail.com

← Back to Home