Privacy Policy

1. What Spotlight Does

Spotlight is an AI-powered Chrome extension that connects to your Gmail account to help you search, summarize, and manage your emails through a conversational chat interface. You grant Spotlight access to your Gmail when you sign in with Google.

2. What Data We Access

When you use Spotlight, we access the following through the Gmail API:

• Email metadata: sender, recipient, subject line, date, and message ID
• Email snippets: short previews of email content (not full email bodies)
• Send/Draft permissions: only used when you explicitly ask Spotlight to send an email or save a draft on your behalf

We also collect:

• Your Google profile: name, email address, and profile picture (for authentication)
• Chat messages: your conversations with Spotlight's AI assistant
• User settings: preferences like dark mode, notification rules, and AI personality
• Usage data: daily message counts for rate limiting

3. How We Use Your Data

• AI Processing: Your email metadata and chat messages are sent to OpenAI's API to generate responses. OpenAI processes this data according to their API data usage policy and does not use API data to train their models.
• Email Actions: When you ask Spotlight to send or draft an email, we use the Gmail API to perform that action on your behalf.
• Notifications: If you enable notification rules, we periodically check your recent emails against your rules to send you Chrome desktop notifications.

4. Where We Store Your Data

Your data is stored in Supabase, a cloud database platform. This includes your conversations, settings, notification rules, and encrypted Gmail tokens. All data is transmitted over HTTPS.

5. What We Do NOT Do

• We do not sell your data to third parties
• We do not store full email bodies — only metadata and snippets
• We do not use your data for advertising
• We do not share your data with anyone other than OpenAI for AI processing
• We do not send emails without your explicit action (clicking "Send")

6. Data Retention

Your conversation history and settings are stored as long as your account exists. Daily usage data is retained for rate-limiting purposes. You can delete individual conversations at any time from the History view.

7. Your Rights

• Delete conversations: Use the trash icon in the History view to delete any conversation
• Revoke access: You can revoke Spotlight's access to your Gmail at any time through your Google Account permissions
• Delete account: Contact us to request full deletion of all your data

8. Third-Party Services

• Google Gmail API: for reading and sending emails
• OpenAI API: for AI-powered responses
• Supabase: for authentication and data storage
• Vercel: for hosting the web application

9. Contact

If you have questions about this privacy policy or want to request data deletion, reach out at spotlight.assistant.app@gmail.com