Privacy Policy
Last updated: 2026-04-28
Wailoo is a Gmail co-pilot Chrome extension. This page explains what we collect, how it is used, who we share it with, how long it is kept, and what rights you have.
Single Purpose
Wailoo provides an AI assistant inside the Gmail Side Panel to draft, translate, summarize, and sharpen emails. We do not use data obtained through this extension for any other purpose.
Limited Use
For user data obtained via Google OAuth we pledge:
- It is used only for the Single Purpose stated above.
- It is not used for advertising or marketing.
- It is not sold or transferred to third parties, except (a) AI inference providers strictly to fulfill your request, (b) processors required to operate the service (e.g., Stripe for billing), and (c) where required by law. Human review is permitted only with your explicit consent or for security/abuse investigation.
OAuth Scopes
This extension only requests the openid email profile Google OAuth scopes. We do not request any Gmail API restricted scopes (such as gmail.readonly, gmail.modify, or gmail.send). Email content is read in your browser via the InboxSDK library from the Gmail web DOM; we do not call the Gmail API.
What we collect
| Category | Contents | Sent to | Retention |
|---|---|---|---|
| Identity | Google sub, email, display name | Wailoo servers only | Until account deletion |
| Email content | Body (≤ 50 KB per message), subject, sender, recipients, attachment metadata | Anthropic (for AI inference) | Until account deletion |
| Uploaded files | Files you explicitly upload (≤ 20 MB each) | Anthropic (when referenced) | Until account deletion |
| Conversations | Your prompts and the AI's responses | Anthropic (to continue the dialogue) | Until account deletion |
| Usage & billing | Token counts, cost, model, timestamps | Stripe (paid tiers only) | At minimum the legal billing-dispute window |
Honest disclosure: we do not currently run an automatic time-based cleanup. Data is retained until you request deletion. Once deletion is performed, the data is permanently destroyed.
Third Parties
- Anthropic — provides the Claude API used for AI inference. We forward email bodies, uploaded file contents, and conversation history to Anthropic to fulfill your requests. Anthropic Privacy Policy.
- Google — provides OAuth identity (scopes limited to
openid email profile). Google Privacy Policy. - Stripe — processes payments, only when you subscribe to a paid plan. Stripe Privacy Policy.
Your Rights
You may exercise the following rights by emailing hi@wailoo.app
- Right of access — request a copy of your personal data.
- Right to deletion — request that your account and all data be erased. Once executed, the data is permanently destroyed and cannot be recovered.
- Right to rectification — request correction of inaccurate data.
- Right to object / withdraw consent — exercised by deleting your account.
We commit to respond within 14 days of receipt; the legal maximum is 30 days (GDPR Art. 12). To prevent impersonation, please send the request from the Google account email used at sign-up; we will reply with a one-time verification code to that mailbox to confirm your identity.
Children's Privacy
Wailoo does not knowingly collect data from users under 13 (under 16 in the EU, UK, and Switzerland). If we discover such an account, we will delete it promptly. If you believe we hold data about a minor, please notify us via the contact channel above.
Data in Transit and Security
All data is transmitted over HTTPS / TLS. Server-side data is held in access-controlled environments. We do not proactively review your email content; the only exceptions are security or abuse investigations, and we will notify you where the law permits.
Changes to this Policy
For material policy changes we will:
- Update the "Last updated" date at the top of this page.
- Display an in-extension banner at least 14 days before the change takes effect.
Contact
For any privacy question, contact hi@wailoo.app.