Privacy Policy for AI Gmail Attachment Grabber (GrabMail)
Last Updated: June 9, 2026
Introduction
AI Gmail Attachment Grabber ("GrabMail," "we," "our," or "the extension") is a Chrome browser extension that helps users search their Gmail inbox and download email attachments using AI-powered natural language processing.
This Privacy Policy explains how we handle your information when you use our extension.
Information We Access
Gmail Data
When you grant permission, our extension accesses:
- Email Metadata: Subject lines, sender information, recipient information, dates, and message IDs
- Email Snippets: Brief previews of email content provided by Gmail API
- Attachment Metadata: Filenames, file sizes, MIME types, and attachment IDs
- Attachment Content: Actual file data when you explicitly request to download files
What We Do NOT Access
- Full email body content (beyond snippets provided by Gmail)
- Email drafts or sent messages
- Gmail settings or configurations
- Contacts or address book
- Calendar data
- Any other Google services
How We Use Your Data
Local Processing Only
All data processing happens locally in your browser:
- Email metadata is fetched and displayed in the extension popup
- Search queries are processed client-side
- AI analysis (if enabled) uses YOUR OWN API key with your chosen provider
- No data is transmitted to our servers (we don't have servers!)
AI Processing
If you choose to use AI search features:
- Email metadata may be sent to your chosen AI provider (Claude, Gemini, or OpenRouter)
- You provide your own API key
- Communication happens directly between your browser and the AI provider
- We do not intercept, store, or process this communication
- Refer to your AI provider's privacy policy for how they handle data
Manual Search Mode
Users can opt for Manual Search mode which:
- Uses Gmail's native search without AI
- Processes everything locally
- Does not send any data to AI providers
Data Storage
What We Store Locally
Using Chrome's Storage API, we store:
- Your OAuth access token (encrypted by Chrome)
- Your AI provider API key (if provided)
- Your preferred settings (AI provider choice, search mode, etc.)
What We Do NOT Store
- Email content or metadata
- Search history
- Downloaded attachments
- User behavioral data
- Analytics or tracking data
Data Sharing
We Do Not Share Your Data
- We do not sell user data
- We do not share user data with third parties
- We do not use user data for advertising
- We do not collect aggregate statistics
Third-Party Services
The only third-party communication occurs when:
- Gmail API: Required to access your emails (Google's privacy policy applies)
- AI Providers (Optional): If you enable AI search with your API key (their privacy policies apply)
Permissions Explained
gmail.readonly
We request the gmail.readonly scope which allows us to:
- Read your email messages
- Access attachment metadata and content
- Search your mailbox
This scope does NOT allow us to:
- Modify or delete your emails
- Send emails on your behalf
- Change your Gmail settings
Other Permissions
- identity: Required for Google OAuth authentication to access Gmail API
- downloads: Required to save attachments to your computer when you request downloads
- storage: Required to save your settings and authentication token locally in your browser
User Control
You Have Full Control
- Sign Out: Remove access token and clear settings anytime
- Revoke Access: Revoke extension permissions via Google Account settings
- Uninstall: Remove all stored data by uninstalling the extension
- Choose AI Provider: Select which AI service to use (or none with Manual mode)
- API Keys: Manage your own API keys; delete them anytime
How to Revoke Access
- Go to your Google Account: https://myaccount.google.com/permissions
- Find "AI Gmail Attachment Grabber"
- Click "Remove Access"
Security
How We Protect Your Data
- All data processing happens locally in your browser
- OAuth tokens are encrypted by Chrome
- We use HTTPS for all API communications
- We follow Chrome extension security best practices
- Open-source code available for audit
Compliance
Google API Services User Data Policy
We comply with Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Gmail API to provide the functionality described
- We do not use Gmail data for serving ads
- We do not sell Gmail user data
- We do not allow humans to read Gmail data unless necessary for security purposes, legal compliance, or with user consent
GDPR Compliance
For users in the European Union:
- Legal Basis: Consent (you grant permission during OAuth)
- Data Minimization: We only access necessary data
- Right to Access: You can view all data in the extension
- Right to Erasure: Uninstall to remove all data
- Right to Portability: Export features available in Gmail directly
- Data Controller: You are the controller of your own data
Contact Us
If you have questions about this Privacy Policy:
Summary
In Plain English:
- ✅ We help you search your own emails and download your own attachments
- ✅ Everything happens locally in your browser
- ✅ We never see, store, or transmit your email data
- ✅ You control your own API keys if using AI features
- ✅ You can revoke access and delete everything anytime
- ❌ We don't sell data
- ❌ We don't use data for ads
- ❌ We don't store email content
- ❌ We don't have access to your data
Your privacy and security are our top priorities.
By using AI Gmail Attachment Grabber, you agree to this Privacy Policy.