Who we are
ThinkMail is a Chrome extension and backend service that helps you write better email replies by reading the context of your email thread and suggesting situationally-aware responses.
This Privacy Policy applies to the ThinkMail Chrome extension, the ThinkMail backend API hosted at thinkmail-backend.vercel.app, and any related services.
What we collect
We collect the minimum possible. Here is everything we store:
- Your name and email address — collected when you sign in with Google, used to identify your account.
- Usage count — we track how many "fixes" you've used today to enforce the daily free tier limit. This resets at midnight UTC.
- Last seen timestamp — the last time you used ThinkMail, used for account management.
That is the complete list. We store nothing else.
What we never collect
We want to be explicit about what we do not store:
- The content of your emails or email threads
- Your draft replies or anything you type in the compose box
- The AI-generated responses ThinkMail produces
- Your contacts, calendar, or any other Gmail data
- Your browsing history or activity outside Gmail
- Any attachments or files in your emails
Email content is sent to our backend API solely to generate a response. It passes through our server transiently and is never written to disk or any database.
How your data flows
When you click "Think about this email", here is exactly what happens:
- Step 1 — The ThinkMail extension reads your Gmail thread and any draft you've typed directly in your browser. Nothing leaves your browser yet.
- Step 2 — This content is sent over HTTPS to our backend API (thinkmail-backend.vercel.app), authenticated with your JWT token.
- Step 3 — Our backend forwards the content to Groq's API (groq.com) to generate a response using their LLM. Groq processes the request and returns the result.
- Step 4 — The response is returned to your browser. The email content is not stored at any point in this process.
- Step 5 — We increment your usage counter in our database. Only the count changes — no email content is written.
Third-party services
ThinkMail uses the following third-party services to operate:
- Google OAuth — used for sign-in only. We receive your name and email address. We do not request access to read, modify, or manage your Gmail messages. See Google's Privacy Policy.
- Groq API — your email thread content is sent to Groq to generate AI responses. Groq's data handling is governed by their Privacy Policy. We recommend reviewing it.
- Supabase — our database provider, used to store your account and usage data only. Email content is never stored here. See Supabase's Privacy Policy.
- Vercel — our backend is hosted on Vercel. Vercel may retain server logs for a limited period for operational purposes. See Vercel's Privacy Policy.
Google API scopes
ThinkMail uses Google Sign-In with the following OAuth scopes only:
- openid — to verify your identity
- email — to get your email address for your account
- profile — to get your display name
We do not request the https://www.googleapis.com/auth/gmail scope
or any scope that would allow us to read, send, delete, or modify your Gmail messages.
ThinkMail reads your email thread directly from the Gmail web page in your browser
using the Chrome extension — no Gmail API access is required or requested.
Data retention and deletion
Your account data (name, email, usage count) is retained for as long as you have an active account.
To delete your account and all associated data, email us at the address below. We will permanently delete your record within 7 days and confirm when done.
Because we do not store email content, there is no email data to delete.
Security
All data in transit is encrypted via HTTPS/TLS. Authentication uses short-lived JWT tokens (30-day expiry) stored in Chrome's local extension storage, not accessible to websites. We do not store passwords — authentication is handled entirely by Google OAuth.
Our database credentials and API keys are stored as environment variables and never exposed in client-side code or public repositories.
Children's privacy
ThinkMail is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users via the extension.
Continued use of ThinkMail after changes constitutes acceptance of the updated policy.
Contact
Questions, concerns, or data deletion requests — reach us here: