ReplyCadet
Log inStart Free Trial
Back to home

Privacy Policy

Effective date: April 7, 2026 · Last updated: April 7, 2026

ReplyCadet is operated by Dude Ventures Services LLC. This privacy policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. We believe in plain English over legal jargon.

For privacy questions, contact us at brandon@replycadet.com.

Data We Access from Google

When you connect your Gmail account, ReplyCadet requests access to specific Google API scopes. Here is exactly what we access and why:

Email bodies and content (gmail.readonly)

We read incoming email bodies so our AI can understand what the email is about, classify it (e.g., routine question vs. something that needs your personal attention), and generate a contextually accurate draft reply in your voice.

Email headers and metadata (gmail.readonly)

We read sender addresses, subject lines, timestamps, and thread IDs to identify who emailed you, group conversations together, and avoid replying to the same thread twice.

Thread history (gmail.readonly)

We read prior messages in a thread so the AI can understand the full conversation context before drafting a reply. This prevents the AI from repeating information or contradicting something you already said.

Google profile information

We access your name and email address to create your ReplyCadet account, display your identity in the dashboard, and ensure replies are sent from the correct address.

Send capability (gmail.send)

When you approve a draft or enable auto-send, we send the reply from your Gmail account on your behalf. Emails are only sent with your explicit approval or when you have opted in to automatic sending with a confidence threshold you control.

Draft creation (gmail.compose)

We create drafts directly in your Gmail drafts folder so you can review, edit, and send AI-generated replies from within Gmail itself — no separate app required.

Label and read status modification (gmail.modify)

After a reply is sent (either manually approved or auto-sent), we mark the original email as read and archive it to keep your inbox clean. We may also apply labels to help you track which emails ReplyCadet has handled.

Google API Services User Data Policy

ReplyCadet's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, ReplyCadet:

  • Does not allow humans to read your Google user data unless (a) you provide affirmative consent for a specific message (e.g., requesting support with a particular email), (b) it is necessary for security purposes (such as investigating abuse), or (c) it is required to comply with applicable law.
  • Does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • Does nottransfer Google user data to third parties except (a) as necessary to provide or improve the app's user-facing features that are prominent in the app's user interface, (b) to comply with applicable law, or (c) as part of a merger, acquisition, or asset sale with notice to users.
  • Does not allow humans to read Google user data. Automated processing by our AI systems is the only way your email content is accessed, and only for the purpose of providing the service to you.

Third-Party AI Processing

Email content is processed by AI language models accessed via OpenRouter.ai for the purpose of classification (determining the type and urgency of each email) and draft generation (composing a reply in your voice). These AI services process data in real time and do not retain, store, or train on your email content. Email content is sent to AI models only as needed to provide the core features of the service.

We also generate vector embeddings of email content via OpenRouter to enable similarity search within your own knowledge base. These embeddings are stored in our database and are only used to improve reply quality for your account.

Data Retention

Email bodies

Full email body content is retained for up to 30 days to allow reprocessing and quality checks. After 30 days, email bodies are permanently stripped. Only metadata (sender, subject, timestamp, classification result) is retained.

Training data (RAG knowledge base)

When ReplyCadet learns from your email history, it stores pairs of original emails and your responses as training data for retrieval-augmented generation (RAG). This data is used exclusively to improve reply quality for your account and is retained for as long as your account is active.

Metadata

Email metadata (sender, subject, timestamp, classification result, confidence score) is retained for the lifetime of your account to power analytics and audit trails.

Account deletion

You can delete your account and all associated data at any time by sending a DELETE request to /api/account or by contacting us at brandon@replycadet.com. When you delete your account, all stored data — email bodies, metadata, training data, embeddings, and credentials — is permanently deleted within 30 days.

Security

  • Encrypted credentials: All email credentials and OAuth tokens are encrypted at rest using AES-256-GCM with per-record initialization vectors.
  • TLS everywhere: All connections between your browser, our servers, Gmail APIs, and AI services are encrypted in transit using TLS 1.2 or higher.
  • OAuth token security: Google OAuth refresh tokens are encrypted before storage. Access tokens are short-lived and never persisted to disk.
  • Infrastructure: ReplyCadet is hosted on a dedicated virtual private server in Ashburn, Virginia (Hetzner). Access is restricted by SSH key authentication only.

Your Rights

Data export

You can export all data associated with your account by sending a GET request to /api/account. This returns your profile, settings, email metadata, training data, and analytics in JSON format.

Account deletion

You can permanently delete your account and all associated data by sending a DELETE request to /api/account or by emailing brandon@replycadet.com.

Disconnect email

You can disconnect your email account from ReplyCadet at any time through your dashboard settings. This immediately revokes our access to your Gmail account. You can also revoke access directly from your Google account permissions.

Children's Privacy

ReplyCadet is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at brandon@replycadet.com and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by email (sent to the address associated with your account) and by placing a prominent notice on our website at least 7 days before the changes take effect. Your continued use of ReplyCadet after the effective date of the revised policy constitutes acceptance of the changes.

Contact

If you have questions about this privacy policy or how your data is handled, contact us at:

Dude Ventures Services LLC

Email: brandon@replycadet.com