← Back to home

Privacy Policy

Last updated: April 8, 2026

Voicemail AI ("we," "us," or "our") operates the website voicemail.audio and the Voicemail AI application (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. What Voicemail AI does

Voicemail AI is a hands-free email and calendar assistant. You connect your Google account, and our AI reads your emails aloud, lets you reply by voice, archive messages, create Gmail filters, unsubscribe from mailing lists, and manage your calendar — all without touching your phone.

2. Information we access

When you connect your Google account, we request access to the following Google API scopes:

Gmail

  • Read your emails (gmail.readonly) — to fetch and summarize your unread messages so the AI can read them to you.
  • Modify your emails (gmail.modify) — to mark messages as read, archive them, and apply labels when you ask.
  • Send emails on your behalf (gmail.send) — to send replies and new emails that you compose by voice.
  • Manage basic Gmail settings (gmail.settings.basic) — to create, update, and delete Gmail filters when you say things like "auto-archive emails like this."

Google Calendar

  • Read your calendar (calendar.readonly) — to check your upcoming events and answer schedule questions.
  • Create and edit events (calendar.events) — to create, update, or cancel calendar events by voice.

3. How we use your data

Your Google data is used exclusively to power the features described above. Specifically:

  • Real-time processing only. Emails and calendar data are fetched live from Google's servers during your active session. We process them in memory to generate voice summaries and carry out your instructions. We do not store your emails, calendar events, or their contents on our servers.
  • AI processing. Your email content is sent to OpenAI's Realtime API during your session so the AI can summarize messages and draft replies. This data is transmitted securely and used only to serve your immediate request. We do not use your data to train any AI or machine learning models.
  • Actions you explicitly request. We only send emails, modify messages, create filters, or change calendar events when you specifically ask us to. The AI confirms actions with you before executing them.

4. What we store

  • OAuth tokens. When you sign in with Google, we receive an access token and refresh token. These are encrypted with AES-256-GCM and stored in a secure, HTTP-only cookie on your device. They are never stored on our servers in plaintext.
  • No email content. We never write your emails, attachments, contacts, or calendar event details to our database or any persistent storage.
  • Basic account information. We may store your email address for account identification and support purposes.

5. What we do not do with your data

  • We do not sell, rent, or trade your personal data to any third party.
  • We do not use your Google data for advertising or ad targeting.
  • We do not use your Google data to train generalized or foundational AI models.
  • We do not allow humans to read your email content unless you explicitly request support assistance and provide consent.
  • We do not transfer your Google data to third parties except as needed to provide the Service (i.e., OpenAI for AI processing), and those transfers comply with Google's policies.

6. Google API Services User Data Policy

Voicemail AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. Third-party services

We use the following third-party services to operate Voicemail AI:

  • Google APIs (Gmail API, Google Calendar API) — to access your email and calendar data with your authorization.
  • OpenAI (Realtime API) — to power voice interaction, email summarization, and reply drafting. Email content is sent to OpenAI only during active sessions and only to serve your requests.
  • Railway — cloud hosting for the application. No user email content is persisted on Railway's infrastructure.

8. Data security

We take the following measures to protect your data:

  • OAuth tokens are encrypted with AES-256-GCM before storage.
  • All data in transit is encrypted via HTTPS/TLS.
  • Tokens are stored in secure, HTTP-only cookies inaccessible to client-side JavaScript.
  • The application is open source so anyone can audit the code.

9. Data retention and deletion

  • Session data is ephemeral and discarded when your session ends.
  • OAuth tokens are stored in your browser cookie and expire or are deleted when you clear your cookies or revoke access.
  • You can revoke Voicemail AI's access at any time from your Google Account permissions page. Once revoked, we can no longer access any of your Google data.
  • To request deletion of any data associated with your account, contact us at the email address below.

10. Children's privacy

Voicemail AI is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact us

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

privacy@voicemail.audio