Privacy Policy

Last updated: June 22, 2026

1. Application and operator

This Privacy Policy applies to oauth-stefane9-mails, also referred to as the StefanE9 Email Dashboard, available at https://emails.stefane9.pro.

Operator: Vision Bridge GmbH
Contact: stefan@visionbridge.eu or dev@stefane9.pro.and dev@stefane9.pro

2. Purpose of the application

oauth-stefane9-mails allows an authorized user to connect their own Google account through Google OAuth and view fetched Gmail messages in a private email dashboard. The dashboard is used to display fetched emails and to allow the user to download summaries or extracted information from those fetched emails.

After successful OAuth authorization, temporary dashboard credentials may be generated and displayed to the user so the user can access the protected dashboard.

3. Google OAuth permissions shown by Google

Google may show the user that the application has Gmail permissions that can technically allow broad access, including reading emails, composing drafts, sending emails, reading Gmail settings, managing labels, and moving messages to folders such as inbox, labels, spam, or trash.

The application does not use all technically available permission capabilities. The actual use of Gmail data is limited to the functionality described in this Privacy Policy.

4. Actual Gmail actions performed by the application

The application performs the following Gmail-related actions:

5. Gmail actions not performed by the application

The application does not:

If the user clicks a delete button in the dashboard, only the copy stored on the application server is deleted. The original email in Gmail is not deleted.

6. Google user data accessed or processed

Depending on the user's mailbox and the dashboard features used, the application may access, process, or store the following Google user data:

7. How Google user data is used

Google user data is used only to provide and maintain user-facing dashboard functionality, including:

8. Storage and security

OAuth tokens and generated dashboard credentials are stored on the backend and are not exposed to the frontend. Tokens and credential files are stored in encrypted form using the Python cryptography library with Fernet encryption. The encryption key is provided through the backend environment as ENCRYPTION_KEY.

Fetched email data may be stored on the application's backend infrastructure for the purpose of displaying it in the dashboard and enabling summary downloads. Access to dashboard data and API endpoints is protected by authentication and backend access controls. Communication with the application is protected by HTTPS/TLS.

9. Access control

After logging into the dashboard with generated credentials, a user can view only the fetched emails associated with their own authorized Google account. Users cannot access the fetched email data of other users through the dashboard.

10. Sharing and transfer of Google user data

The application does not sell Google user data and does not transfer Google user data to third parties except where necessary to operate the service, comply with applicable law, protect security, or follow the user's explicit instruction.

Human access to user email content is not allowed except where required for security, abuse investigation, legal compliance, or support purposes with the user's consent or instruction.

11. Limited Use disclosure

The use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy , including the Limited Use requirements.

12. Data retention and deletion

Fetched email copies, generated summaries, OAuth tokens, generated dashboard credentials, and related metadata are retained only as long as needed to provide the dashboard functionality or as required for security, backup, operational, or legal purposes.

Users may request deletion of stored server-side email copies, generated summaries, OAuth tokens, generated dashboard credentials, and related metadata by contacting stefan@visionbridge.eu or dev@stefane9.pro.

Users may revoke the application's Google access at any time from their Google Account permissions page. After revocation, the application will no longer be able to access or fetch new data from that Google account.

13. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Material changes will be reflected by updating the "Last updated" date above. If the application changes the way it accesses, uses, stores, or shares Google user data, this Privacy Policy will be updated accordingly.

Back to dashboard