Privacy, in plain language
Updated July 2026 · Beta. Short version: we never see your inbox, original emails are kept only until you triage them, and you can delete everything with one confirmation.
What we can — and can't — see
SchedYOUall has no connection to your email account. We receive only the messages you (or a Gmail filter you set up and control) forward to your private @in.schedyouall.com address. The only Google permissions we request are calendar ones: reading your calendar list and free/busy times, and creating events. No Gmail scopes, ever.
How long forwarded emails live
- Once you've decided every event from an email (added or dismissed), the original — body and attachments — is deleted by the next daily cleanup run.
- If an event's date passes while it's still waiting, it archives itself and its original email is deleted the same way.
- Events we couldn't date are kept at most 30 days, then archived and their originals deleted.
- Emails that contained no events — or that we couldn't read at all — are deleted after 7 days (you see a notice on the dashboard first — nothing disappears silently).
- Gmail's forwarding-verification emails are confirmed and never stored at all. (If automatic confirmation fails, we keep that one message so you can read the code — it's visible in the setup wizard.)
What stays long-term: the structured events themselves (title, time, place — the things on your triage list) and a one-way fingerprint used to spot duplicates. Not the emails.
The one exception: emails you flag
When you click "This didn't parse right," we ask before keeping anything: "We'll keep this email so we can review the mistake." Only with that click is the original retained past triage, and only so a human can study the parsing error and fix it.
Who processes your data
- Google Gemini (paid tier) reads each forwarded email to extract events. We use the paid API tier specifically because Google does not train models on paid-tier data.
- Supabase (database and file storage), Vercel (app hosting), and Cloudflare (email receiving) run the infrastructure.
- Sentry collects crash reports — with email content, addresses, and tokens scrubbed out before anything is sent.
- PostHog collects product analytics and, during beta, session replay of the app itself — clicks and screens with all typed input masked. Your forwarded emails are never part of a recording.
- Resend delivers the emails we send you (sign-in links and optional reminders) — it sees your email address, how many events are waiting, and the one-time sign-in link inside the message, nothing else.
Your Google tokens are encrypted at rest (AES-256-GCM) and never shown to your browser after sign-in. We don't sell data, run ads, or share anything beyond the processors above.
Deleting everything
Settings → "Disconnect & delete account" removes your events, any stored originals, and your profile, and asks Google to revoke our calendar access — immediately, with one typed confirmation. There's no retention afterward.
Beta honesty
SchedYOUall is in beta. Everything is free right now; features we expect to be paid later are labeled in the app today. If this policy ever changes, the change lands here first, in the same plain language.