Privacy Policy

Email Hub is a pass-through connector that lets AI assistants interact with your email accounts via the Model Context Protocol (MCP). It relays requests between your AI client and your mail provider — Gmail or Outlook — without reading, analyzing, or storing your email content.

• Account identity — your name and email address from your Auth0 sign-in, used to identify your account.
• OAuth tokens — access and refresh tokens issued by Google or Microsoft when you connect an email account. These are stored encrypted and used solely to relay API requests on your behalf.
• MCP API key — a key generated for your account so MCP clients can authenticate with Email Hub.

• We never read, index, cache, or store the content of your emails.
• We never store email attachments.
• We never store your email account passwords — authentication is handled entirely through OAuth.
• We do not use cookies for tracking or advertising.

Your OAuth tokens are used exclusively to forward requests from your MCP client to Google or Microsoft APIs and return the responses. Email content passes through Email Hub in transit but is never persisted, logged, or inspected. We do not use your data for advertising, analytics, AI model training, or any purpose beyond operating the service.

Email Hub's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve Email Hub's connector functionality.
• We do not transfer Google user data to third parties except as necessary to operate the service.
• We do not use Google user data for advertising or to build user profiles.
• Humans do not read your Google user data unless you give explicit consent, it is required for security purposes, or we are required to by law.

All connections between your browser, AI client, Email Hub, and mail providers are encrypted with TLS. OAuth tokens are stored encrypted at rest in our database. We follow the principle of least privilege — Email Hub only requests the OAuth scopes necessary to perform the actions you initiate through your MCP client.

OAuth tokens are retained as long as your account is active. You can disconnect any email account at any time from the dashboard, which immediately deletes the associated tokens. Deleting your Email Hub account removes all stored data.

• Auth0 — handles sign-in authentication. See Auth0's Privacy Policy.
• Google APIs — used to access Gmail on your behalf.
• Microsoft Graph APIs — used to access Outlook on your behalf.

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of Email Hub after changes constitutes acceptance of the revised policy.

If you have questions about this privacy policy or your data, please reach out at support@tobyc.org.