Privacy Policy

Last updated: April 13, 2026

Overview

Auto-Bisou ("we", "our", "the Service") is an automated email reply service that helps you stay in touch with family and friends. This policy explains what data we collect, how we use it, and how we protect it.

Data We Collect

When you use Auto-Bisou, we collect and store:

  • Account information— your name, email address, and preferences (language, tone, country).
  • Email credentials— OAuth tokens (Gmail, Outlook) or app-specific passwords required to read and send email on your behalf. These are encrypted at rest using AES 256-bit encryption.
  • Email content— incoming emails from your tracked contacts, your sent replies to those contacts, and the AI-generated reply drafts. We only access emails from contacts you explicitly add.
  • Email metadata— message identifiers (message IDs) of processed emails are stored to prevent duplicate processing. No email content is stored in this metadata.
  • Contact information— names, email addresses, and preferences for people you choose to track.
  • Photos— images you upload to share with contacts, stored in encrypted cloud storage.
  • Life updates— notes you write about your life that you want woven into replies.
  • Payment information— managed entirely by Stripe. We store your Stripe customer ID and subscription status but never see or store your card details.

How We Use Your Data

Your data is used solely to provide the Service:

  • Reading incoming emails from your tracked contacts to generate reply drafts.
  • Sending AI-generated replies on your behalf (after your approval, or automatically based on your settings).
  • Personalised style learning— we analyse your incoming and sent emails for each tracked contact to build a writing-style profile unique to you. This profile (stored as a text document on your account) is used exclusively to make your reply drafts sound more like you. The analysis is performed per user and per contact — your data is never combined with other users' data.
  • Draft edit learning— when you edit an AI-generated draft before sending, we compare the original draft with your edited version to refine your personal style profile.
  • Improving reply quality through your style preferences, writing style settings, and feedback.
  • Selecting relevant photos to attach to outgoing emails.

We do not use your data to develop, train, or improve generalised or non-personalised AI/ML models. Your email data is only used to build your own personal style profile and generate replies for your account. We do not use your data to serve advertising or for any purpose unrelated to providing the Service.

Third-Party Services

We use the following third-party services to operate:

  • Google Gmail API— to read and send emails for Gmail users. Governed by Google API Services User Data Policy, including the Limited Use requirements.
  • Microsoft Graph API— to read and send emails for Outlook/Hotmail users.
  • Google Gemini API— to generate reply drafts and analyse writing style. Email content is sent to Google's API for processing and is not retained by Google after processing when accessed via the paid API.
  • Google Cloud Pub/Sub— to receive real-time notifications when new emails arrive in your Gmail inbox. Only a notification is sent — email content is not included in the notification.
  • Supabase— for database hosting and file storage.
  • Stripe— for payment processing.
  • Resend— as a fallback email delivery service.

Google API Services — Limited Use Disclosure

Auto-Bisou's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access Gmail data necessary to provide the Service (reading emails from tracked contacts and sending replies).
  • We do not use Gmail data for advertising or to develop, train, or improve generalised or non-personalised AI/ML models. Style analysis is performed solely to build your personal style profile for your own account.
  • We do not transfer Gmail data to third parties except as needed to provide the Service (e.g., sending email content to the Gemini API for reply generation).
  • We do not allow humans to read your email content unless required for security purposes, to comply with applicable law, or with your explicit consent.

Data Security

  • Email credentials (OAuth tokens and app passwords) are encrypted at rest using AES 256-bit encryption via pgcrypto.
  • All data is transmitted over HTTPS/TLS.
  • Database access is protected by Row Level Security (RLS) policies.
  • Credentials are stored in a separate database table from user-facing data.

Data Retention

  • Email content and drafts are retained for as long as your account is active.
  • When you delete your account, all associated data (emails, contacts, credentials, photos, life updates) is permanently deleted via cascading foreign key constraints.
  • You can delete individual contacts, photos, or life updates at any time from the dashboard.

Your Rights

You can at any time:

  • View, edit, or delete your contacts, photos, and life updates from the dashboard.
  • Disconnect your email account from the settings page.
  • Delete your account entirely, which removes all your data.
  • Revoke Auto-Bisou's access from your Google or Microsoft account settings.

For data-related requests, contact us at privacy@autobisou.com.

International Users — GDPR & CCPA

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the legal basis for processing your data is your explicit consent (provided when you connect your email account) and our legitimate interest in providing the Service.

Under the GDPR, you have the right to:

  • Access and receive a copy of your personal data.
  • Rectify inaccurate personal data.
  • Request erasure of your personal data ("right to be forgotten").
  • Restrict or object to processing of your personal data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time by disconnecting your email account or deleting your account.

If you are a California resident, under the CCPA you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell your personal information.

To exercise any of these rights, contact us at privacy@autobisou.com.

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the Service. Your continued use of the Service after changes constitutes acceptance.

Contact

If you have questions about this privacy policy, email us at privacy@autobisou.com.