Aeralis

Privacy Policy

Last updated: November 2025

1. Introduction

Aeralis ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Google Workspace Add-on service.

By using Aeralis, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Google Account Information: Email address, name, and profile photo from your Google account
  • Custom Settings: System prompts, default tone preferences, context URLs, and other configuration settings
  • Knowledge Documents: Files you upload to Knowledge stores (Business tier only)
  • Location Data: Optional latitude and longitude coordinates for Google Maps grounding

2.2 Information Collected Automatically

  • Usage Metadata: Number of emails generated, token counts, generation timestamps, and feature usage
  • Performance Data: Response times, error rates, and system performance metrics
  • Authentication Tokens: OAuth tokens from Google for service authentication (not stored permanently)

2.3 Email Content

Important: Privacy-First Approach

We do NOT store your email content by default. Email content is only temporarily processed by Google Gemini AI to generate drafts and is not retained in our databases.

Exception: If you provide negative feedback on a generated email, we ask for your explicit consent to store the prompt and output data to help us improve the Service. This data is only stored if you actively consent.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: Generate AI-powered email drafts and replies based on your preferences
  • Personalization: Apply your custom system prompts, tone, and context settings
  • Authentication: Verify your identity and manage your account
  • Usage Tracking: Monitor your subscription limits and usage quotas
  • Service Improvement: Analyze usage patterns and feedback to enhance features
  • Support: Respond to your inquiries and provide customer support
  • Compliance: Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Third-Party Services

4.1 Third-Party Services We Use

Google Gemini AI

Email content and context are sent to Google Gemini AI for generation. Google's data usage policies apply. Email content is processed transiently and not stored by us.

Firebase (Google Cloud Platform)

We use Firebase for authentication, database storage (Firestore), and file storage. Your settings, preferences, and usage metadata are stored securely in Firebase.

Gmail API

We access Gmail to read email threads (for context) and create draft emails on your behalf. This requires explicit OAuth permission from you.

Google Search & Maps APIs

If enabled, we send queries to Google Search and Maps APIs for grounding. Your search queries and location data are processed by Google.

Paddle (Payment Processing)

Payments are processed by Paddle.com Market Limited, our Merchant of Record. Paddle collects and processes payment information (credit card details, billing address, transaction data) necessary to complete purchases. We do not directly access or store your payment card information. Paddle's Privacy Policy governs their collection and use of your payment data.

4.2 No Sale of Personal Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmission uses modern cryptography (TLS 1.2 or higher) with HTTPS. Email content, authentication credentials, and all sensitive data are transmitted via encrypted connections only.
  • Encryption at Rest: User preferences and metadata stored in Firebase are encrypted at rest using Google Cloud Platform's default encryption.
  • Authentication: OAuth 2.0 authentication via Google for secure, passwordless access. We never store or handle your Google password.
  • Access Controls: Firestore security rules enforce strict user-based data access. Users can only access their own data.
  • Minimal Storage: Email content is processed transiently and not stored; only non-sensitive metadata is retained.
  • Service Account Security: Firebase Admin SDK uses secure service account credentials with restricted permissions.
  • No Public Disclosure: Authentication credentials, financial information, and email content are never publicly disclosed or logged.

However, no method of transmission over the internet is 100% secure. While we strive to protect your information using industry best practices, we cannot guarantee absolute security.

6. Data Retention

  • User Account Data: Retained while your account is active and for up to 30 days after account deletion
  • Usage Metadata: Retained for analytics and billing purposes for up to 2 years
  • Feedback Data: Only stored with your explicit consent and retained for Service improvement purposes
  • Cached System Prompts: Automatically expire after 1 hour and are deleted when you update your settings
  • Knowledge Documents: Retained until you delete them or close your account

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: View your settings, system prompts, and usage data in the dashboard
  • Correction: Update your system prompts, tone preferences, and settings at any time
  • Deletion: Delete your account and associated data through the dashboard
  • Export: Request a copy of your data by contacting us
  • Revoke Permissions: Revoke Gmail and other permissions through your Google account settings
  • Opt-Out: Decline to provide feedback data or consent to data storage

8. Cookies and Tracking

We use minimal cookies for essential functionality:

  • Authentication Cookies: To maintain your login session via Firebase Authentication
  • Preference Cookies: To remember your settings and preferences

We do NOT use third-party advertising or analytics cookies.

9. Children's Privacy

Aeralis is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Google API Services User Data Policy Compliance

Aeralis's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we adhere to the following Limited Use requirements:

Limited Use Requirements Compliance:

  • Minimum Scopes: We only request the minimum necessary scopes to provide the Service. We use Gmail add-on specific scopes which are the most restrictive available.
  • Transient Processing: Gmail data (email content, subject, metadata) is processed transiently to generate drafts and is NOT stored in our databases.
  • Limited Transfer: We transfer Gmail data only to Google Gemini AI (Google's own service) for the sole purpose of generating email content. No other third parties receive Gmail data.
  • No Advertising: We do not use Gmail data for serving advertisements or any marketing purposes.
  • No Sale or Loan: We do not sell, rent, or loan Gmail data to any third party.
  • Human Review Restrictions: Human review of Gmail data only occurs with your explicit, affirmative consent provided through the feedback mechanism. Without consent, Gmail data is never reviewed by humans.
  • Use Limitation: Gmail data is used exclusively for the disclosed purpose: generating AI-powered email drafts and replies within Gmail.

Data Flow: When you use Aeralis, email metadata and content (if permission granted) flows from Gmail → Our Server (transient processing) → Google Gemini AI → Back to Gmail as a draft. At no point is this data stored permanently, except metadata (tokens used, generation timestamp) for billing and usage tracking purposes.

11. International Data Transfers

Your data may be processed and stored on servers located in various countries where our service providers (Google Cloud Platform, Firebase) operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last updated" date at the top of this policy
  • Sending an email notification to your registered email address
  • Displaying a notice in the Service

Your continued use of the Service after such modifications constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@aeralis.ai

Support Page: Contact Us

14. Your Consent

By using Aeralis, you consent to this Privacy Policy and agree to its terms.

Summary: Our Privacy Commitment

  • ✓ We do NOT store your email content by default
  • ✓ We do NOT sell your personal data
  • ✓ We only collect data necessary to provide the Service
  • ✓ We comply with Google API Services User Data Policy
  • ✓ You control your data and can delete it at any time