Privacy Policy

Last Updated: November 21, 2025

Introduction

The Coral Block ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services.

Google API Services User Data Policy Compliance

SaveMyAttachments's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

We use Google API services to:

• Gmail API: Read email messages and metadata, apply organizational labels
• Google Drive API: Save email files and attachments to your Drive
• Google Sheets API: Create searchable indexes of processed emails

All data access is performed solely to provide the functionality you've requested. We do not use Google API data for any other purpose.

Information We Collect

SaveMyAttachments

When you use SaveMyAttachments, we request the following Google permissions:

• gmail.readonly: Read email messages and attachments to back them up
• gmail.modify: Apply labels to mark processed emails (prevents duplicate processing)
• drive: Save email files and attachments to your Google Drive
• spreadsheets: Write email metadata to Google Sheets for searchable indexing
• external_request: Connect to OpenRouter.ai (only if you opt-in to AI features)

Data we access:

• Email Content: Your Gmail emails are processed locally within your Google account. We do not store or access your email content on our servers.
• Email Metadata: Information such as sender, date, subject lines, and attachment names may be processed to organize your data in Google Sheets.
• Google Drive Files: Attachment files are saved directly to your Google Drive. We do not have access to these files.
• API Keys: Your OpenRouter API key is stored securely in Google's PropertiesService within your Google Workspace environment. We never have access to your API keys.

Website Analytics

We may collect basic analytics data such as:

• Pages visited
• Time spent on site
• Referral sources
• Device and browser information

This information is anonymized and used solely to improve our services.

How We Use Your Information

We use the information we collect to:

• Provide Services: Process emails, save attachments, and generate AI summaries as configured by you
• Improve Products: Analyze usage patterns to enhance functionality and user experience
• Customer Support: Respond to your inquiries and provide technical support
• Communications: Send service-related announcements and updates (you may opt out of marketing communications)

Data Storage and Security

Your Data Stays With You

• Email Content: Processed within your Gmail account; never sent to or stored on our servers
• Attachments: Saved directly to your Google Drive
• Spreadsheet Data: Stored in your Google Sheets
• AI Processing: Email content is sent directly from your browser/environment to your OpenRouter account (your API key, your account)

Security Measures

We implement industry-standard security practices:

• Secure authentication via Google OAuth 2.0
• Encrypted data transmission (HTTPS/TLS)
• No long-term storage of email content
• API keys stored in encrypted Google PropertiesService

Third-Party Services

OpenRouter.ai (Optional AI Features)

When you opt-in to AI summarization features:

• Email content is sent directly from your browser session to OpenRouter.ai using your personal API key
• We act only as a conduit - the data flows directly from your environment to OpenRouter
• You control: Which emails are processed, which AI model is used, when AI is enabled/disabled
• OpenRouter's data usage is governed by their privacy policy: https://openrouter.ai/privacy
• Costs: Borne by you through your OpenRouter account (transparent pricing)
• No AI processing occurs unless you explicitly enable it and provide your own API key

Google Workspace

Our products integrate with Google Workspace services:

• Gmail API (read emails, apply labels)
• Google Drive API (save files)
• Google Sheets API (log data)

Google's Privacy Policy applies to these services: https://policies.google.com/privacy

Data Retention

• Email Message IDs: Stored locally in your Google account (PropertiesService) for 7 days to prevent duplicate processing. Automatically cleaned up when storage limit is reached.
• Email Content: Never stored by us. Processed in real-time and discarded immediately after processing.
• Processing Logs: Minimal execution logs retained for 30 days for debugging purposes only.
• Configuration Settings: Retained while you actively use the service.
• Upon Uninstallation: All configuration data is automatically deleted from your Google account. Email and attachment files remain in your Drive/Gmail (your data, your control).

Your Rights

You have the right to:

• Access: Request information about data we hold about you
• Deletion: Request deletion of your account and associated data
• Correction: Update or correct your information
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Export your data in commonly used formats (all data already exists in your Google account in standard formats)
• Revoke Access: You can revoke SaveMyAttachments' access to your Google account at any time through your Google Account permissions settings

To exercise these rights, contact us at: support@thecoralblock.com

How We Do NOT Use Your Data

To be completely transparent, SaveMyAttachments does NOT:

• Store your email content on our servers
• Read your emails for any purpose other than the backup you request
• Share your email content with third parties (except OpenRouter if you opt-in)
• Use your data for advertising or marketing purposes
• Sell your data to anyone
• Train AI models on your email content
• Access your data after processing is complete

International Data Transfers

Your email data remains within your Google Workspace environment and is subject to Google's data residency policies.

If you use optional AI features:

• Email text may be transmitted to OpenRouter.ai servers (location varies by model provider)
• This transfer occurs only when you enable AI and provide your API key
• You can disable AI features at any time to prevent any external data transmission

Data Breach Notification

In the unlikely event of a security breach affecting your data:

• We will notify you via email at your registered support email within 72 hours
• We will provide details about what data was affected
• We will outline steps we're taking to address the breach

Note: Since your email content and files remain in your Google account, they are protected by Google's security infrastructure.

Children's Privacy

Our services are not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making

CCPA Compliance (California Users)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Opt-out of the sale of personal information
• Access their personal information
• Request deletion of personal information
• Not be discriminated against for exercising these rights

We do not sell personal information.

Contact Us

For privacy-related questions or concerns:

Email: support@thecoralblock.com

This privacy policy is effective as of the date listed above and applies to all The Coral Block products and services.