Brevity Logo

Privacy Policy

Brevity ("we", "our", "us") is a desktop email client that lets you securely access your Gmail account. Brevity is built with a local-first architecture: your email data stays on your device. This policy explains what data we collect, what we do not collect, and how our opt-in AI features work.

Data We Collect

  • Google OAuth Information. When you sign in with Gmail, Google provides tokens so the app can access Gmail on your behalf. We request the minimum OAuth scopes needed (mail.google.com) and never see or store your Google password.
  • Local Application Data. Your email content is stored and cached locally on your computer only. We do not copy your inbox, email bodies, or attachments to Brevity servers.
  • Opt-In AI Feature Data. Brevity chat and AI workflows are optional. We only send content to Anthropic when you choose to use chat or configure/enable an AI workflow. If you do not opt in, your data is not sent to Anthropic.
  • Basic Product Telemetry (PostHog). We use PostHog for basic product analytics and reliability (for example, app diagnostics and user-submitted bug report events). We do not log or store the contents of your emails in PostHog.
  • Website Analytics. Our website (withbrevity.email) uses Vercel analytics to measure aggregate traffic such as page views and downloads.

How We Use Your Data

We use collected data to:

  • Authenticate you with Google and maintain your session.
  • Display your inbox, send email, and provide core functionality processed locally on your device.
  • Provide optional AI chat and AI workflow automation only when you opt in and use those features.
  • Measure high-level product reliability and website performance.

What We Cannot Access

  • We cannot see the contents of your emails on our servers.
  • We cannot take over your Google account, including for support.
  • We do not have a server-side inbox copy we can browse.

Data Sharing

We do not sell, rent, or monetize your personal data or email content. We share data only:

  • With Google to authenticate your account via OAuth 2.0.
  • With Anthropic only when you opt into chat or AI workflows and invoke those features.
  • With PostHog for basic product telemetry and diagnostics. Email content is not logged there.
  • With service providers who host our website (Vercel), only as needed to provide that service.
  • When required by law (e.g., valid subpoena) after we exhaust options to contest the request and, if legally permitted, notify you.

Security

We follow industry standards to protect data:

  • All network traffic between your device and Google’s servers is encrypted with TLS 1.3.
  • Access to any cloud services we use is restricted and audited.

Data Retention

OAuth tokens and local email caches reside on your device and are removed when you sign out or uninstall the application. Product telemetry is retained for a limited period consistent with our operational needs.

Your Privacy Rights

Depending on where you live, you may have rights under laws such as the GDPR (EU/UK), CCPA (California), or similar regulations. These may include the right to access, correct, delete, or restrict processing of your personal data. To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Google API Services Compliance

Brevity’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not have the ability to access your inbox content on our servers.

Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices or for legal reasons. If we make material changes, we will provide notice through the app or our website at least 14  days before the update becomes effective.

Contact Us

For questions or concerns about this policy, contact our Data Protection Officer at [email protected].

Last updated: February 16, 2026