AI.Reply is built on a foundation of strict data minimization and user privacy. This document explains exactly what data is accessed, how it flows, and what is never stored — in plain language.
AI.Reply only accesses email text on the active browser tab when the user explicitly interacts with the generation toolbar buttons. The extension is entirely dormant and performs zero background scanning, indexing, or passive data collection at any other time. Nothing is read unless you click a button.
When you click a generation button, AI.Reply reads the text content of the currently open Gmail email thread — specifically the latest incoming message and prior thread context visible in your browser tab. It also reads your Gmail display name solely to personalize the reply signature (e.g., "Best regards, AI.Reply"). No other browser data, cookies, history, or account credentials are ever accessed.
All processed data is transmitted securely via encrypted HTTPS/TLS 1.2+ protocols to our privacy-compliant proxy endpoint hosted on Vercel. The proxy appends the LLM API key server-side (stored as an environment variable, never in the extension) and forwards only the prompt payload to OpenAI. No data travels over unencrypted channels at any stage.
AI.Reply operates on a fully stateless, zero-retention architecture. Email content, thread history, sender names, your display name, and any generated reply text are processed entirely in real-time and permanently discarded the moment a response is returned. Nothing is logged, cached, stored in a database, or retained on any server. Each generation request is independent and leaves no trace.
Email text context is passed exclusively to OpenAI's API for real-time inference. This data is strictly governed by OpenAI's Privacy Policy and their data processing agreements. AI.Reply does not share user data with advertisers, analytics platforms, data brokers, or any other third parties. Email content is never used to train AI models.
activeTab — Allows reading the text content of the currently active Gmail tab when you click a button. Cannot access any other tabs, windows, or browser history.
host_permissions: mail.google.com — Required to inject the AI.Reply toolbar UI into the Gmail interface. No other websites are accessed or modified.
host_permissions: aireply-backend.vercel.app — Required for the background service worker to securely transmit prompts to our proxy endpoint. No other external URLs are contacted.
AI.Reply does not require account creation, email registration, sign-in, or any personal information. There is no user database. The extension works entirely within your local browser session.
AI.Reply is not directed at children under the age of 13. We do not knowingly process data from children. If you believe a child has used this extension, please contact us immediately.
We may update this Privacy Policy periodically. The "Effective" date at the top reflects the most recent version. Continued use of AI.Reply after changes are published constitutes acceptance of the updated terms.
For privacy questions, data deletion requests, or concerns, contact us at: support.ai.reply@gmail.com