Privacy Policy

Last updated: April 2026

PeterPigeon is operated by Fris B.V., registered with the Dutch Chamber of Commerce (KvK) under number 64486710, based in the Netherlands.

1. What PeterPigeon does

PeterPigeon is an AI triage layer on top of your email. You connect your Gmail account via OAuth. We sync your emails, classify them using AI (Claude by Anthropic), and present them in four views: Act, Watch, Feed, and All. The AI also drafts replies in your writing style.

2. What data we collect

Account information

• Your email address and name (from Google OAuth)
• Google OAuth refresh token (stored encrypted, AES-256-GCM)

Email data

• Email content: subject, sender, recipients, plain text body, and HTML body
• Email metadata: labels, dates, read/unread status, star status
• Attachments: stored in encrypted object storage. Text is extracted from PDFs, DOCX files, and images (OCR) for searchability
• Raw .eml files: archived in object storage

AI-generated data

• Classification: bucket (act/watch/feed/archive), priority score, context line, summaries
• Draft replies written in your style
• Vector embeddings of email content (for semantic search)
• Writing style profile derived from your sent emails

Optional

• Anthropic API key if you use Bring Your Own Key (BYOK) — stored encrypted, never logged, never sent to the frontend

Analytics

We use OpenPanel for website analytics. OpenPanel collects anonymised usage data such as page views and session duration. No personal data is shared with third parties for advertising purposes.

3. How and why we use your data

We process your data under the following legal bases (Article 6 GDPR):

• Performance of contract — syncing, classifying, drafting, searching, and sending emails. This is the core functionality you use PeterPigeon for.
• Legitimate interest — analytics (OpenPanel) to improve the service, and security measures to protect your data.
• Consent — you grant access to your Gmail account via OAuth. You can withdraw consent at any time by deleting your account or revoking app access in your Google account settings.

Specifically, we use your data to:

• Sync emails — fetch and keep your emails synchronised via the Gmail API
• AI classification — send your email content to Claude (Anthropic) for classification and draft generation
• Search — generate vector embeddings for semantic search
• Send emails — send replies and new emails through Gmail on your behalf when you explicitly click send
• Writing style — analyse your writing style from sent emails so AI drafts sound like you

4. AI processing

Your email content is processed by Claude (Anthropic) for classification and drafting. Anthropic does not retain API inputs or outputs. If you use your own API key (BYOK), processing is governed by your own Anthropic agreement.

Embeddings for search are generated via a configurable provider (OpenAI text-embedding-3-small by default). Only email content is sent — no account credentials or tokens.

Both Anthropic and the embedding provider are based in the US. Data transfers to the US are governed by EU Standard Contractual Clauses (SCCs) and the data processing agreements (DPAs) of these providers. No data is retained after processing.

5. Where your data is stored

• Database: PostgreSQL hosted on UpCloud, Helsinki, Finland (EU)
• Object storage: UpCloud Object Storage, EU, AES-256 encrypted
• Compute: UpCloud Cloud Server, Helsinki, Finland (EU)

All data remains within the EU. No transfers to non-EU countries occur, except API calls to Anthropic (US) and the embedding provider for processing email content — no data is retained there.

6. Security

• OAuth tokens and API keys encrypted with AES-256-GCM at the application level
• TLS 1.3 for all connections
• Private network between server and database
• Row-level security: every database query is scoped to the authenticated user
• JWT authentication (15-minute expiry) with httpOnly refresh tokens
• Object storage is not directly accessible — the API enforces user scoping

7. Who we share data with

We do not sell your data. We do not share it for advertising. Your data is only processed by:

• Anthropic — email content for AI classification (zero-retention API)
• Embedding provider — email content for vector embeddings
• Google — via the Gmail API for sync and sending (under your own Google account)
• UpCloud — infrastructure provider (EU)
• OpenPanel — anonymised website analytics

8. Gmail API — Limited Use

PeterPigeon's use and transfer of information received from Gmail APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Gmail data to provide the features you see in the app — email triage, classification, drafting, and search
• We do not transfer Gmail data to third parties except for AI processing as described above, or when required by law
• We do not use Gmail data for advertising
• We do not allow humans to read Gmail data except when necessary for security, compliance, or legal purposes

9. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access — request a copy of all data we hold about you
• Rectification — have inaccurate data corrected
• Erasure — have your account and all associated data deleted
• Portability — receive your data in a structured format
• Object — object to processing
• Restriction — request restriction of processing

Contact privacy@pigeon.rocks to exercise any of these rights.

10. Deleting your account

You can delete your account at any time from Settings in the app. This permanently removes:

• Your account and OAuth tokens
• All synced emails and classifications
• All attachments and extracted files
• Vector embeddings and writing style data
• Your API key if one was stored

Deletion is fully propagated within 72 hours.

11. Data retention

Your data is retained as long as your account is active. On deletion, all data is erased within 72 hours. Database backups are overwritten after 7 days (PostgreSQL PITR).

12. Cookies

We only use strictly necessary cookies:

• Session cookie — httpOnly refresh token for authentication
• Language preference — stored in localStorage (not a cookie)

No tracking cookies. No third-party advertising cookies.

13. Changes

If we make material changes to this policy, we will notify you via email or an in-app notification before the changes take effect.

14. Contact

Fris B.V.
KvK: 64486710
Email: privacy@pigeon.rocks