Sumi

Add to Chrome

Privacy Policy for Sumi

Effective Date: 2025-08-13

Introduction & Data Controller

This Privacy Policy explains how Sumi ('we', 'us', 'our') collects, uses, and protects your personal information. Sumi is the data controller responsible for your personal information.

1. Information We Collect

We collect only the minimum information necessary to provide and improve our services:

  • Email Content: When you use our AI features, the relevant portions of your email content, along with any prompts you provide, are sent securely to our API for processing.
  • Authentication Data: We collect only the data required to authenticate you via Google OAuth2 through Supabase (e.g., your email address). We never request or store your Google password.
  • Technical Data: We may collect non-identifying technical details such as browser type, operating system, and session information to ensure functionality and troubleshoot issues.

2. Legal Basis for Processing Your Information

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Performance of a Contract: We process your Email Content, Authentication Data, and Technical Data to provide the Sumi services you have subscribed to, including summarizing emails and drafting replies. This processing is necessary to fulfill our contractual obligations to you as outlined in our Terms of Service.
  • Legitimate Interests: We may use anonymized and aggregated usage data to improve our services. This is based on our legitimate interest in developing and enhancing our product, provided it does not override your rights and freedoms.

3. How We Use Your Information

  • AI Processing: Your email content is temporarily processed by our secure API, which forwards it to Google's large language model (LLM) Gemini for generating responses.
  • Authentication: Authentication is built on Google OAuth2 security, ensuring that you authorize access without sharing your password. Supabase is used to manage and verify your login session.
  • Service Improvement: We may use anonymized and aggregated usage data to improve our features and performance.

4. Data Security

  • Transmission: All data is encrypted in transit via HTTPS.
  • Storage: We do not store your email content on our servers. It exists only in temporary memory during processing and is deleted immediately afterward.
  • Logging: We do not log sensitive email content. Any system logs contain only non-identifying technical information.
  • OAuth2 Security: By using Google OAuth2, your authentication is handled directly by Google's secure infrastructure. We never see or store your Google password.

5. Data Retention

We do not store your email content. It is processed in-memory and deleted immediately after the AI action is complete. We retain your authentication data (such as your email address) for as long as your account is active. If you delete your account, this data will be permanently deleted within 30 days, subject to any legal obligations to retain the data for a longer period. Anonymized and aggregated usage data may be retained indefinitely for service improvement purposes as it cannot be linked back to you.

6. International Data Transfers

Our services and third-party providers may process and store data in various locations, including the United States. When we transfer personal data from the European Economic Area (EEA), the UK, or Switzerland to other countries, we do so in accordance with applicable law, relying on approved data transfer mechanisms such as the European Commission's Standard Contractual Clauses.

7. Third-Party Services

  • Google Gemini LLM: We use Google Gemini LLM to process your email content. Please note that your content is sent to Google for processing, and you should review Google's AI Data Policy for details on data handling.
  • Supabase: Supabase is used for user authentication. Only the minimal authentication data is handled by Supabase.
  • Vercel: Our API infrastructure is hosted on Vercel, which helps secure and accelerate traffic to our service.

8. Cookies and Tracking

We do not use cookies or tracking for the AI functionality. Standard session cookies may be used for authentication by Supabase.

9. Your Rights and Choices

Depending on your location (such as the European Economic Area or California), you may have the following rights regarding your personal data:

  • The right to access: You can request a copy of the personal data we hold about you.
  • The right to rectification: You can request that we correct any inaccurate or incomplete data.
  • The right to erasure ('right to be forgotten'): You can request the deletion of your account and associated personal data.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  • The right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • The right to object to processing: You have the right to object to our processing of your personal data where we are relying on a legitimate interest.
  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing. Our service assists users and does not make automated decisions about them.
  • The right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority (a data protection regulator) in your jurisdiction.
  • For California residents, you have the right to know what personal information is collected, disclosed, or sold, and the right to opt-out of the sale or sharing of your personal information. We do not sell or share your personal information.

To exercise these rights, please contact us at feedback@sumi-app.com.

10. Children's Privacy

Our service is not intended for or directed at individuals under the age of 16. We do not knowingly collect personal information from children.

11. Changes to this Privacy Policy

We may update this Privacy Policy periodically. We encourage you to review it regularly. Changes will be effective immediately upon posting.

Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact us at: feedback@sumi-app.com