Privacy Policy

Sift ("the Service") is operated by LuminArch LLC ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Sift. We are committed to transparency and to keeping your data private.

When you connect your email account, we collect:

• Email metadata — sender, recipient, subject line, timestamps, labels, and read status.
• Email content — the body text of your emails, used for priority scoring and optional AI summarization. You may disable body storage via Zero Retention Mode.
• Attachment metadata — file names, sizes, and MIME types. We do not download or store attachment file content.
• OAuth tokens — securely stored tokens that allow Sift to access your email on your behalf. We never see or store your email password.
• Account information — your name, email address, and profile image as provided by your OAuth provider.

Your data is used exclusively to provide the Sift service:

• Priority scoring — analyzing email metadata and content to rank messages by importance.
• Auto-categorization — classifying emails into categories such as Direct, Financial, Calendar, and Action.
• AI features — only when you explicitly opt in. By default, AI runs locally via Ollama (data stays on-device). If configured with an Anthropic API key, email content (up to 2,000 characters) may be sent to the Claude API for summaries, reply drafts, and action extraction. Anthropic does not retain this data. AI is off by default.
• Sender insights — aggregating statistics about email volume and engagement by sender.
• Email management — marking messages as read, starred, archived, or trashed on your behalf when you take those actions in Sift.

Sift's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the Gmail API scopes necessary to provide the Service:
  • gmail.readonly — to read and sync your email messages, threads, and labels into Sift.
  • gmail.modify — to reflect actions you take in Sift (marking as read, starring, archiving, trashing) back to your Gmail account.
• We do not use Gmail data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read your Gmail data unless: (a) you give us explicit affirmative consent, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.
• We do not use or transfer Gmail data to train machine learning or artificial intelligence models, whether for general or personalized purposes.
• When you enable optional AI features, email content may be processed locally via Ollama (default) or sent to the Anthropic Claude API if configured. This processing is initiated by you and serves only to provide email intelligence features (summaries, reply drafts, action extraction). Anthropic does not retain your data for model training per their API terms.

When you connect a Gmail account, the following data is accessed:

• Messages — subject, sender, recipients, body text, snippet, and labels are synced to display your inbox and compute priority scores.
• Threads — thread identifiers are used to group related messages into conversations.
• Labels and flags — read/unread status, starred status, and Gmail labels are synced bidirectionally so actions in Sift are reflected in Gmail.
• History — the Gmail History API is used for efficient incremental syncs (only fetching changes since the last sync, rather than re-downloading all messages).

We do not access Gmail settings, contacts, calendar, or any Google services beyond Gmail messaging.

We retain your data as follows:

• Email metadata (sender, subject, timestamps, priority scores, categories) — retained for as long as your account is active.
• Email body content — retained for as long as your account is active, unless you enable Zero Retention Mode, in which case body content is never stored.
• AI-generated summaries — retained alongside email metadata for as long as your account is active, cleared if you enable Zero Retention Mode.
• OAuth tokens — encrypted and retained for as long as the associated email account is connected. Tokens are deleted when you disconnect an account or delete your account.
• Cached data (Redis) — automatically expires after 60 seconds.
• Backups — purged within 30 days of account deletion.

• All email data is stored in PostgreSQL with encryption at rest.
• Each user's data is fully isolated — no data is shared or accessible between accounts.
• OAuth tokens are encrypted using AES-256-GCM before storage and are never exposed to other users or services.
• Redis is used for caching to improve performance. Cached data is ephemeral and automatically expires.
• All data in transit is encrypted via TLS.
• API endpoints are rate-limited to prevent abuse.
• We do not have access to your email password — authentication is handled entirely through OAuth 2.0 with your email provider.

Sift integrates with the following third-party services:

• Google API (Gmail) — used to sync email from Gmail accounts via OAuth 2.0. Subject to the Google API Services User Data Policy, including the Limited Use requirements.
• Microsoft Graph API (Outlook) — used to sync email from Outlook/Microsoft 365 accounts via OAuth 2.0.
• Anthropic Claude API — used only when you explicitly enable AI features. Email subject lines and body text (up to 2,000 characters) are sent to Claude for summarization and classification. Anthropic does not retain your data for model training per their API terms. AI features are off by default and require your explicit opt-in.

We do not use any analytics, advertising, or tracking services.

Sift offers a zero retention mode. When enabled, email content is processed in memory for priority scoring and categorization but is not persisted to the database. Only metadata (sender, subject, timestamp, priority score, and category) is stored. Enabling this mode also permanently deletes any previously stored email body content and AI summaries. You can enable this at any time from your account settings.

You can revoke Sift's access to your email at any time through two methods:

• In Sift — disconnect your email account from your account settings, or delete your account entirely.
• In Google — visit myaccount.google.com/permissions and remove Sift from your authorized apps. This immediately invalidates all tokens.
• In Microsoft — visit your Microsoft account's app permissions page and remove Sift.

When access is revoked, Sift can no longer sync new emails. Previously synced data remains in your Sift account until you delete it or delete your account.

You can export all of your data at any time from your account settings. Exports include your profile information, email metadata, stored email content (if not using Zero Retention Mode), categories, labels, topics, and priority scores in a standard machine-readable format (JSON).

If you are in the European Economic Area, you have the right to access, correct, delete, or port your personal data. Contact us at support@luminarch.com for any GDPR-related requests.

You can delete your account at any time from your account settings. Deletion permanently removes all of your data from our systems, including email content, metadata, labels, topics, filters, OAuth tokens, sessions, and profile information. This action is irreversible. Data is purged from backups within 30 days of deletion.

We do not sell, rent, lease, or share your personal data or email content with any third party for advertising, marketing, or any other purpose. Your data is used solely to provide the Sift service to you.

We do not use your email content, metadata, or any personal data to train machine learning models. When AI features are enabled, data is sent to the Anthropic Claude API for real-time processing only — it is not retained or used for training by Anthropic or by us.

Sift uses only essential cookies required for authentication and session management (via NextAuth.js). We do not use advertising cookies, tracking cookies, or any third-party cookie services. No cookie consent banner is needed because we only use strictly necessary cookies.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at: support@luminarch.com