Privacy Policy

Last updated: March 2026

Who we are

EmailMemory is operated by ArionLabs (the "Service"). We built EmailMemory to help freelancers and consultants track client decisions from email threads. We take your privacy seriously and have written this policy to be honest and readable — not to hide anything.

What data we collect

Account data

When you sign up, we store your email address, name, and a hashed (non-reversible) version of your password if you use email/password login. If you sign in with Google, we store your Google account ID — never your Google password.

Gmail access token

If you connect Gmail, we store an OAuth access token that allows us to read your email threads on your request. This token is encrypted in our database. You can revoke it at any time from your Google Account settings. We never store your Gmail password.

Email thread content — important

When you import email threads, their content is temporarily processed to extract decisions and requirements. We do not store the raw content of your emails. Only the extracted information (e.g. "Client approved blue logo on March 3rd") is saved to our database. The original email text is discarded immediately after processing.

Extracted data

The AI-extracted decisions, requirements, commitments, and questions you choose to save are stored in our database and associated with your account. You can delete individual extractions or your entire account at any time.

Client information

Names, email addresses, and company names of clients you add are stored in our database to organise your extractions. This information is visible only to you.

Third parties who process your data

Anthropic (Claude AI)

When you import email threads, their text content is sent to Anthropic's API for AI extraction. Anthropic processes this data on our behalf. Per Anthropic's API policy, your data is not used to train their models. Anthropic may retain API request data for up to 30 days for safety monitoring. See Anthropic's Privacy Policy.

Google (Gmail API)

Gmail access uses Google's official OAuth2 system. We request read-only access. Google's handling of OAuth is governed by Google's Privacy Policy.

Railway (hosting)

Our servers and database run on Railway, a SOC 2 Type II certified infrastructure provider. Your account data and extractions are stored on Railway's servers. See Railway's Privacy Policy.

Stripe (payments)

Payment processing is handled entirely by Stripe. We never see or store your card details. See Stripe's Privacy Policy.

What we do NOT do

  • We do not sell your data to anyone
  • We do not read your emails beyond what you explicitly import
  • We do not store raw email content
  • We do not send email on your behalf
  • We do not share your data with advertisers
  • We do not use your data to train AI models

Your rights

  • Access: You can view all data stored about you in your account
  • Delete: You can delete your account and all associated data at any time from Settings
  • Revoke Gmail access: Disconnect Gmail at any time from your Google Account or from Settings
  • Export: Email us at [email protected] to request a copy of your data

Data retention

Your account data is retained until you delete your account. When you delete your account, all associated data — clients, extractions, threads — is permanently deleted within 7 days. Gmail OAuth tokens are revoked immediately on account deletion.

Security

We use industry-standard security practices: HTTPS for all connections, hashed passwords, encrypted OAuth tokens, and a reputable infrastructure provider. No system is 100% secure, but we take reasonable steps to protect your data.

Contact

Questions about this policy? Email us at [email protected]. We'll respond within 48 hours.