Initial privacy policy

Privacy information for the service-owned Gmail model.

This page describes the current documented data flow for Quick & Dirty Fixes.ai. It is intentionally limited to repository-grounded facts and does not invent retention periods, deletion policies, legal commitments, or compliance claims that have not been finalized.

Policy items requiring future definition

The repository documentation identifies that exact retention, deletion, and broader data-handling commitments still require future policy definition. This page does not fabricate those commitments.

Service-owned mailbox model

Quick & Dirty Fixes.ai uses a service-owned Gmail mailbox as the email boundary for the application. Customers send ordinary email to that mailbox. The application uses OAuth authorized by the service/operator mailbox owner to process messages in that service mailbox and to send responses from that same service mailbox.

Customers do not authorize Google OAuth access for this service, do not connect Gmail accounts, and do not provide customer Gmail refresh tokens.

Inbound email processing

The inbound web service processes Gmail activity for the service-owned mailbox. Documented behavior includes Gmail webhook/watch handling, mailbox history resolution, reading messages received by the service mailbox, attachment handling when present, and forwarding normalized request data to the internal router.

The purpose of this processing is to convert service-mailbox email requests into internal application requests.

Outbound email processing

The delivery service sends response emails from the service-owned Gmail mailbox. Internal task services prepare responses and hand them to delivery for Gmail-based outbound email.

The current documented flow is email in, internal processing, and response email out.

Attachment handling

The application documentation and code paths describe attachment handling for inbound service-mailbox messages and request-scoped internal processing. Attachments may be downloaded or forwarded internally when present and when needed for request processing.

Specific public retention, deletion, and lifecycle commitments for attachments have not yet been finalized and require future policy definition.

OAuth boundary and Google user data

OAuth access is limited to the service/operator Gmail mailbox used by the application. The current Gmail scopes are used for service-mailbox inbound processing and service-mailbox outbound delivery.

gmail.modify supports inbound processing for the service-owned mailbox.
gmail.send supports outbound responses from the service-owned mailbox.

Customer Gmail accounts are not part of the OAuth authorization model.

Retention, deletion, and sharing

The repository source material does not define final public retention periods, deletion procedures, or broader data-sharing commitments. These policy decisions require future definition before they are represented as final legal commitments.

Until those policies are finalized, support questions about data handling should be sent to the contact addresses below.

Support contact

For privacy or OAuth questions, contact: